Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected?!?!


  • Please log in to reply
1 reply to this topic

#1 wootywoot909

wootywoot909

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:53 PM

Posted 15 April 2010 - 05:39 PM

Hello all!!!

Here is exactly what took place. My girlfriend was using myspace a while back, and some popup window showed up and started what I'm guessing was a fake antivirus. I wasn't home at the time, but she clicked on the scan button. So since then my computer started running like crap, my time changed from normal time to military time on it's own, my tool bar moves on it's own every so often from top,bottom, and right hand side on it's own. I ran nod 32 and it found some threats are removed them, but yesterday I was on myspace and was uploading a picture, and this is what happened....while uploading on myspace using firefox the tab I was on switched on it's own from the myspace uploading page to this fake antivirus that started it's fake scan I believe it said avg7. I ran malwarebytes, hijack this (trend micro, house call) and CAL antivirus (free with time warner), and they all found nothing! So I was told about emisisoft and ran it and this is what was found below. I have them all quarantined at the moment . I am not computer smart at all, lol, but I have heard of false positives and read up on them, but not sure if any of these are. I checked on them online and got some useful information, but still scared to delete. Any help would be greatly appreciated. I also ran ccleaner just want you to know everything I used.

I'm using windows xp, home edition, version 2002, service pack 3.
440@ 2.00ghz
2.oo ghz, 0.99 gb of ram
I know my computer is a piece of crap lol, and not sure if you needed that info but there it is just incase.

a-squared free v. 4.5.0.27
2003-2010 Emsi Software GmbH - www.emsisoft.com

ID Object
0 C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt Trace.TrackingCookie.fastclick!A2
1 D:\I386\Apps\App500786\oobeconfig.exe Trojan.Win32.Vilsel!IK
2 D:\I386\Apps\App524081\oobeconfig.exe Trojan.Win32.Vilsel!IK
3 D:\I386\Apps\App002342\oobeconfig.exe Trojan.Win32.Vilsel!IK
4 D:\I386\Apps\App500583\oobeconfig.exe Trojan.Win32.Vilsel!IK
5 D:\I386\Apps\App023093\oobeconfig.exe Trojan.Win32.Vilsel!IK
6 D:\I386\Apps\App500964\oobeconfig.exe Trojan.Win32.Vilsel!IK
7 C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP360\A0161136.exe AdWare.GameVance!IK
8 C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP360\A0161135.exe AdWare.GameVance!IK
9 D:\I386\Apps\App001919\oeminfo\oobeconfig.exe Trojan.Win32.Vilsel!IK
10 D:\I386\Apps\App501011\oobeconfig.exe Trojan.Win32.Vilsel!IK
11 C:\Program Files\Bejeweled 2\WinBej2.exe Backdoor.Rbot!IK
12 c:\program files\enigma software group\spyhunter\scan.log Trace.File.SpyHunter!A2
13 c:\program files\enigma software group\spyhunter\spyhunter.log Trace.File.SpyHunter!A2
14 C:\WINDOWS\system32\wbem\unsecapp.exe Trojan.Win32.Genome.hfcz!A2
15 D:\I386\Apps\App517014\oobeconfig.exe Trojan.Win32.Vilsel!IK
16 C:\Program Files\123WebMessenger2.3\client\123webmessenger_friendlist.exe Trojan-Downloader.Win32.Agent.dkar!A2
17 C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Riskware.AdWare.Win32.SearchIt!IK
18 C:\Program Files\123WebMessenger2.3\client\123webmessenger_chat.exe Trojan-Downloader.Win32.Agent.dkar!A2
19 D:\I386\Apps\App520164\oobeconfig.exe Trojan.Win32.Vilsel!IK
20 C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP329\A0151762.sys Trojan.Win32.CheatEngine!A2
21 D:\I386\Apps\App512949\CDCreatorFix.exe Riskware.Patch.CDCreator!IK
22 D:\I386\Apps\App018467\oobeconfig.exe Trojan.Win32.Vilsel!IK
23 D:\I386\Apps\App500661\oobeconfig.exe Trojan.Win32.Vilsel!IK
24 C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP360\A0161134.exe AdWare.GameVance!IK
25 C:\WINDOWS\system32\dllcache\unsecapp.exe Trojan.Win32.Genome.hfcz!A2
26 D:\I386\Apps\App012072\oobeconfig.exe Trojan.Win32.Vilsel!IK
27 D:\I386\Apps\App501156\oobeconfig.exe Trojan.Win32.Vilsel!IK
28 D:\I386\Apps\App001919\emver\oobeconfig.exe Trojan.Win32.Vilsel!IK
29 C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt Trace.TrackingCookie.2o7!A2
30 D:\I386\Apps\App521287\oobeconfig.exe Trojan.Win32.Vilsel!IK
31 c:\program files\enigma software group\spyhunter\support.log Trace.File.SpyHunter!A2
32 C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP363\A0163409.dll Packed.Win32.Katusha.j!A2
33 D:\I386\Apps\App502370\oobeconfig.exe Trojan.Win32.Vilsel!IK

Edited by wootywoot909, 15 April 2010 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 AM

Posted 22 April 2010 - 10:35 AM

When you did the scans with MBAM did you perform a quick scan or a full scan, and can you scan with http://www.superantispyware.com and post the logs here. Also run http://www.gmer.net.

Is D your CD-ROM?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users