Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

annoying worm.spambot detected by malwarebytes


  • Please log in to reply
22 replies to this topic

#1 josh_kicks

josh_kicks

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 March 2010 - 03:25 AM

Hi can someone help me with this thing its been slowing down my computer all the time and doesn't allow me to go to anti-virus sites the spambots are kept on being added in my temp folder coming back with different names starting with win
and sometimes with different names its been deleted by malwarebytes but keeps coming back with different names.Please somebody help! This is my malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/4/2010 12:38:01 AM
mbam-log-2010-03-04 (00-38-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 213486
Time elapsed: 3 hour(s), 50 minute(s), 54 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\mmybgv.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winrtclhp.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winhublqr.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winsmyjkh.exe (Worm.Spambot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\mmybgv.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winrtclhp.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winhublqr.exe (Worm.Spambot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winsmyjkh.exe (Worm.Spambot) -> Quarantined and deleted successfully.

Even though there deleted they keep coming back...with different names...

BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 04 March 2010 - 02:55 PM

Hello :thumbsup:

Your Malwarebytes' is OUTDATED.
Your scan shows database version 3510.
This morning, the latest database version was 3824.
By the time you read this and update, there may be an even newer version.
Sometimes there are Malwarebytes' updates TWICE in one day.

Update your Malwarebytes' and scan again.

You can also run ATF Cleaner:
http://www.atribune.org/index.php?option=c...5&Itemid=25
Instructions included at website.

Then post your new scan results for an official staff member to help you with.
Copy/paste the entire contents of the scan results log into your next reply,
and advise what, if any, symptoms you are still experiencing.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 March 2010 - 07:43 PM

Help!!! the atf-cleaner is closing itself what should I do!? I think this is done by the virus!!! it closes by itself everytime I open it it closes after 1 second

Edited by josh_kicks, 04 March 2010 - 07:44 PM.


#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 04 March 2010 - 08:39 PM

Try running Rkill immediately before ATF.
http://www.technibble.com/rkill-repair-tool-of-the-week/
"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem."


Just in case you have difficulty updating Malwarebytes',
there is a Troubleshoot section in this topic:
How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial
If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 March 2010 - 05:33 AM

help help my database version won't update!

Malwarebytes' anti-malware

An error occurred. Please report the following error code to the Malwarebytes' Anti-malware support team.

Error Code:732 (12007,0)

Help!? I cant report it cause it blocks anti virus sites!! :thumbsup:

even though I runned rkiller the atf cleaner still won't open!!!

and atf cleaner keeps getting deleted!! so I kept downloading it augh...

Edited by josh_kicks, 05 March 2010 - 08:04 AM.


#6 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 06 March 2010 - 05:01 AM

After I used rkill I used atf-cleaner immediately but atf-cleaner still closes.... somebody help!?

Edited by josh_kicks, 06 March 2010 - 07:26 PM.


#7 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 08 March 2010 - 02:53 AM

bump

#8 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 March 2010 - 08:29 AM

Hello :thumbsup:
Did you see the Troubleshoot section here:

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial

It deals with the error 732.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#9 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 March 2010 - 08:34 AM

ATF Cleaner is a temp file cleaner.
It's not the MOST IMPORTANT part of the process.
The most important part of the process is ending the process of any "bad things" that prevent you from being able to use the automated malware removal tools like SUPERAntiSpyware and Malwarebytes' Anti-Malware, so you can begin using Malwarebytes' and/or SUPERAntiSpyware to get rid of the "bad things".

See this topic:
How to use SUPERAntiSpyware to scan and remove malware from your computer
Posted by Grinler on November 2, 2009

http://www.bleepingcomputer.com/virus-remo...pyware-tutorial
It includes detailed step by step instructions for use, and a link to download.

Make sure you update SUPERAntiSpyware before you scan.

After scan completes, post your scan results (copy/paste the ENTIRE CONTENTS of the scan results log) into your next reply for an official staff member to help you with.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#10 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 08 March 2010 - 09:10 AM

I did what the guide told me on how to update malwarebytes but I am still having the problem 732...And I am sure my internet is connected...
I can't download the SuperAntiSpyware since I can't go to the download site help!? I can't post a log now since I can't have SAS...
Is there another way!?

Edited by josh_kicks, 08 March 2010 - 09:11 AM.


#11 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 March 2010 - 09:38 AM

Hello :thumbsup:

You can use a different computer (a friend or family member's computer, or a computer from the public library)
that is not infected to get to the internet to download SUPERAntiSpyware, and then get it to the infected computer by way of a USB jump drive or a CD.

If you are not able to use a different computer, one of the official staff members could properly advise you.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#12 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 09 March 2010 - 01:17 AM

Please help I do not know anyone with a computer that can send me SAS and I cant go to the public library!!!, please I need help and oh yeah...If you find this info useful please help me, The last time I tried to install a purchased Mcafee antivirus its in a usb from my friend when I tried to install it it fails and shows me an error code "1920" verify that you have sufficient priveleges *blah blah blah* and it says I need to have administrative rights but I am sure I only have one user and it is the Computer Administrator I believe this is done by the malware and the last time I scanned with malwarebytes It detected a CONFICKER!! its located in system32 folder I think this is very deadly since its found in system32!! I deleted it but keeps coming back after a while please help!!

How do I contact official staff members!??



IS THERE ANOTHER WAY!?!?!!! PLEASE SAVE ME FROM THIS CHAOS SASHACAT!!!!!!!!!

#13 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 10 March 2010 - 06:47 AM

Hello :thumbsup:

I think you have Windows XP SP2 (Service Pack 2).

Did you check your Proxy settings?
Is there a checkmark in Use a proxy server for your LAN
See:
Error 732 when trying to update Malwarebytes' Anti-Malware
http://www.bleepingcomputer.com/virus-remo...al#troubleshoot

Check to see if your Hosts file is corrupt.

At the bottom of the Microsoft article, please confirm that it applies to YOUR operating system:
Here's the Microsoft article on the Hosts file:
How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

The post by quietman7 (Global Moderator) (Post # 2)
provides detailed information on Proxy settings, Hosts file, and scanning with Malwarebytes':
http://www.bleepingcomputer.com/forums/t/299920/high-probability-of-a-rootkit-infection/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#14 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 10 March 2010 - 06:50 AM

This is another topic with good info:
How to remove a Trojan, Virus, Worm, or other Malware
http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#15 josh_kicks

josh_kicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 16 March 2010 - 04:01 AM

I can't read the article in support.microsoft.com since it is being blocked,
Could you just copy and post it in your next reply thanks...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users