Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Mail got hacked


  • Please log in to reply
2 replies to this topic

#1 bltwmayo

bltwmayo

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 31 March 2010 - 12:16 PM

I recently began receiving emails from my friends asking me to stop spamming them with advertisements. I immediately suspected I had been infected with a virus. I was confused because I don't use a local mail client at all, just yahoo mail through a web browser. I can even see the spam messages in my sent folder. I searched around on Google and realized my first step should be to change my password - done.

I also downloaded Malwarebytes and ran it. I post the log in a minute.

I also downloaded Microsoft Security Essentials and ran it (since my Norton had long ago expired - I know my bad)

I also downloaded and ran ATF Clenaer

I also downloaded and ran SuperAntiSpyware Free

I also downloaded and ran Dr. Web CureIt.

I basically followed this post's instructions http://www.bleepingcomputer.com/forums/t/261589/yahoo-mail-virus/ since my problem was so similar to that guy. I post all the logs in a minute.

Am I safe now? or do I have additional actions I should take. Thanks in advance for assisting me.

Running Windows XP Home Edition SP3 with 512MB RAM (this is a slow Inspiron 1300)

BC AdBot (Login to Remove)

 


#2 bltwmayo

bltwmayo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 31 March 2010 - 12:21 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2010 at 06:12 PM

Application Version : 4.34.1000

Core Rules Database Version : 4739
Trace Rules Database Version: 2551

Scan type : Complete Scan
Total Scan Time : 04:31:55

Memory items scanned : 224
Memory threats detected : 0
Registry items scanned : 5811
Registry threats detected : 67
File items scanned : 59074
File threats detected : 3

Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
C:\WINDOWS\TBU1B\COUPONSBAR.DLL
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
HKCR\ToolBand.TTB000000.1
HKCR\ToolBand.TTB000000.1\CLSID
HKCR\ToolBand.TTB000000
HKCR\ToolBand.TTB000000\CLSID
HKCR\ToolBand.TTB000000\CurVer
C:\WINDOWS\TBU1B\COUPON~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKU\S-1-5-21-1335721687-2730855479-1585985203-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-1335721687-2730855479-1585985203-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKU\S-1-5-21-1335721687-2730855479-1585985203-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
C:\WINDOWS\COUPONBARIE.DLL
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version

Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\AppInfo
HKLM\Software\Gator.com\CMEII
HKLM\Software\Gator.com\CMEII#AppHist
HKLM\Software\Gator.com\CMEII#numInst
HKLM\Software\Gator.com\GInternet
HKLM\Software\Gator.com\GInternet\Proxy
HKLM\Software\Gator.com\GInternet\Proxy#Enabled
HKLM\Software\Gator.com\trickles
HKLM\Software\Gator.com\trickles\TRICKLER_6106
HKLM\Software\Gator.com\trickles\TRICKLER_6106\Trickler
HKLM\Software\Gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg
HKLM\Software\Gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg#AccumFile
HKLM\Software\Gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg#UrlSize
HKLM\Software\Gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg#UrlTime

#3 bltwmayo

bltwmayo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 31 March 2010 - 01:28 PM

Any ideas on how to post Dr Web logs, it is large and won't let me post. I tried breaking it in half with no luck

Edited by bltwmayo, 31 March 2010 - 01:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users