Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that refuses to be detected!


  • This topic is locked This topic is locked
7 replies to this topic

#1 suprattalljdm

suprattalljdm

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 19 February 2010 - 11:20 PM

Hello BC Forums!

This is my first post and yes, it is a desperate cry for help. While attempting to fix this stubborn infection I resorted to ComboFix. I have heard about this program for some time now, however, with the basic programs always got me by so this is my first time using it.

Let me give you a description of my problem. I noticed this first when I was going to log into my bank (Chase), and I got redirected to a phishing site asking me for routing #, bank account #, pin #, etc! I knew that I had been compromised. I was confused because although I am only using freeware, I have AVG 9.0 which I assumed was protecting me? Well well well, it was time to fix my problem. I ran a complete scan and removed a bunch of garbage files like tracking cookies etc., but no trojan, worm, or rootkit. I knew that my problem was not being caused by any tracking cookies so I ran scans with all kinds of different programs. So far I have scanned with the following programs:

AVG 9.0
Avira Antivirus
MalwareBytes Antimalware
SuperAntiSpyware
ComboFix

All have been updated to the latest definitions first, and all failed to find the smoking gun. Now my system runs fine, but the 3 banks that I tried to log into (with fake credentials) all redirected me to phishing sites. I have also tried to scan in safe mode, which brings me to an interesting point: The bank sites to not redirect me in safe mode! After learning this, I edited msconfig to block all non MS programs from starting. When I rebooted to normal, same problem.

I have ran DDS and GMER and Combofix and have attached my logs. Hopefully someone will be able to save me here smile.gif

Mod Edit ~ OP reply edited in here and extra reply removed. ~Pandy

QUOTE

Attached Files

  • Attached File  ark.txt   2.86KB   17 downloads
  • Attached File  DDS.txt   16.76KB   13 downloads
  • Attached File  Attach.txt   16.76KB   13 downloads

Edited by Pandy, 20 February 2010 - 02:28 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:37 PM

Posted 21 February 2010 - 05:31 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

You have run ComboFix unattended!

Please note: ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Since you already ran the tool, I need to see the log it created. Please locate this file C:\Combofix.txt and include its contents in your next reply.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 suprattalljdm

suprattalljdm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 23 February 2010 - 11:36 AM

Oh alright wonderful! I was beginning to think that this thread got overlooked. I will upload the combofix log shortly.

#4 suprattalljdm

suprattalljdm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 23 February 2010 - 11:46 AM

Here is the combofix.txt file as well as the combofix-quarantined-files.txt file.

Attached Files



#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:37 PM

Posted 24 February 2010 - 03:17 PM

Hello suprattalljdm

Please download HelpAsst_mebroot_fix.exe and save it to your Desktop.

Double click the tool to run it. Make sure to save the log that is generated somewhere that you'll be able to find it later.

Once it is complete, please click on Start>Run. In the dialogue that appears please type C:\WINDOWS\MBR.EXE -f Make sure to save the log that is generated somewhere that you'll be able to find it later.

Afterwards, please reboot your computer immediately

Once the reboot is complete, please click on Start>Run. In the dialogue that appears please type C:\WINDOWS\MBR.EXE -t

Also, please run DDS again and generate a new log.

Please copy and paste the content of all logs generated during this process in your next reply

~Blade


In your next reply, please include the following:
log from HelpAsst_mebroot_fix.exe
mbr.exe -f log
mbr.exe -t log
DDS.txt Note that I do not require Attach.txt this time

Edited by Blade Zephon, 24 February 2010 - 03:37 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:37 PM

Posted 02 March 2010 - 12:59 PM

are you still there?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 suprattalljdm

suprattalljdm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 02 March 2010 - 02:07 PM

No you took too long to respond so I just reinstalled windows. Thanks for nothing.

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:37 PM

Posted 02 March 2010 - 02:33 PM

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users