Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Trojans


  • Please log in to reply
4 replies to this topic

#1 Kat91119

Kat91119

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 26 April 2010 - 03:53 PM

For the last 5-6 days I've been having problems with some games on www.pogo.com I'll be playing a game and the window will randomly close. It doesn't happen on all games. Therefore I thought something was wrong on my end. Then my husband said he was having the same issue on his computer (his is Windows 7, mine is XP) so then I thought it was the game site. I've tried to get help from them repeatedly but they have not been helpful.

A day or so after that I noticed I had no volume. I kept getting an error that no audio device was installed. So I went into the driver area and uninstalled it then reinstalled it.

Now fast foward to this morning. I booted up my PC, got to the user/password screen, entered my info, and it took forever to get to my wallpaper - the desktop was blank, there was no icons or taskbar. It took about 5+ minutes to get anything to show up.

I had no idea what could be wrong with it other then a virus. I have no idea how I got a virus, I haven't been on the computer in a couple days really. Before that I did download some games from a legit professional website I have downloaded games from before. I've never had problems with this site. Since downloading them I have rebooted my PC a few times, and not had any issues.

I ran an updated Malwarebytes scan, it found nothing. I ran SpyBot, it found nothing. I then ran ESET Online Scanner where it found 71 infected files. As it was ending AVG popped up with a virus notice for the first time. I moved it to the vault.

Here are the results of the ESET scanner:

C:\Documents and Settings\Kat\Desktop\Camp Blood\chat\spacer.php PHP/PhpSpy.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Kat\Desktop\Camp Blood\chat\NEW Chat Backup With Camp Blood THEME\chat3\spacer.php PHP/PhpSpy.A trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125817.exe.6DECD52F Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125819.exe.5F44A9A6 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125820.exe.465239C6 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125821.exe.C2B8681 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125822.exe.5352B710 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125823.exe.5F1A3818 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125824.exe.374DAD1 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125825.exe.7B438D0 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125826.exe.17A1FA6D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125827.exe.4E722E7F Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125828.exe.1F039561 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125829.exe.D4B7D81 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125831.exe.7B4C8A4F Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125832.exe.17157BBA Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125833.exe.53F883E6 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125834.exe.4D08E33D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125840.exe.5ACA9ABD Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125880.exe.5A2A04B5 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125881.exe.1BF91E23 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125882.exe.4B070CAE Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125888.exe.4CF0E595 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125890.exe.62389C1D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125891.exe.4B2DE56F Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125899.exe.77B9F051 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125900.exe.767E8684 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125901.exe.2B8EFBDB Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125902.exe.7E7F0A0A Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125903.exe.31420700 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125904.exe.2B796B37 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125906.exe.53E39E47 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125919.exe.102FBDD6 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125920.exe.6366832B Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125922.exe.52A2065B Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125923.exe.67AFA8A Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125924.exe.5AECC849 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125925.exe.335A7A0D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125927.exe.462D66B Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125928.exe.66417CCD Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125929.exe.3973DD20 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125930.exe.670053BD Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125931.exe.79DFD3EB Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125932.exe.7BD8CE81 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125933.exe.60E51EC2 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125934.exe.2889505D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125935.exe.7FF461F7 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\A0125937.exe.5D242187 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\AdobeARM.exe.695E243B Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\aimwdi~1 .exe.52DABE9D Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\ALCMTR.EXE.3DB8DD44 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\avgtray.exe.3AB95FD5 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\dsca.exe.320A1743 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\hkcmd.exe.6BC5C62 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\igfxtray.exe.24711F57 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\ISUSPM.exe.531A2E27 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\jusched.exe.2B3BE507 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\mbam.exe.delme1582 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\nmindexstoresvr .exe.delme4025 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\nmindexstoresvr.exe.delme125 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\QTTask.exe.6DD7379 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\Reader_sl.exe.68C8AA52 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\RTHDCPL.EXE.32EAC016 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\sprtcmd.exe.500CEBDB Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\superantispyware.exe.delme4024 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\SUPERAntiSpyware.exe.F9C55B1 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\TeaTimer.exe.43F38B26 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\teatimer.exe.delme127 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\txxp.exe.74B49FF8 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\WMPNSCFG.exe.526F3CE0 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined
C:\Program Files\DrWeb\Infected.!!!\wmpnscfg.exe.delme128 Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined


I can honestly say that the spacer.gif it found shouldn't be a virus. I've had it for years and nothing has picked up on it before. It makes NO sense to me. And none of the files found were any of the games I downloaded.

After running the ESET, I updated Malwarebytes again, and did another quick scan it found nothing...and rebooted. This time the desktop did not get stuck, but after I entered my password it did linger longer then usual.

Any help would be much appreciated, now I'm paranoid lol

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:05 AM

Posted 26 April 2010 - 04:16 PM

Hello you are in good shape.
This Unruy will steal all passwords, I recommend you change them.

Have you scanned both PC's?
This is also known as a trojan downloader so it would be a good idea to check for rootkits too.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kat91119

Kat91119
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 26 April 2010 - 07:15 PM

Steal all passwords? Weren't those files in just sort of a virus vault sort of thing? That's what I assumed. It was viruses from a few months back when I had to use DrWeb...or so I thought. I'd hate to have to change all passwords...that would be hard to do, I have 100+ lol.

I tried to run GMER but I keep getting the blue screen of death. I tried to run it the last time I had a virus too and got the same thing. This time around the error I get on there is PFN_LIST_CORRUPT.

I have not scanned my husbands PC yet. But I will. We haven't shared any files. He says his is going a little slow, and he was having the game crashing on pogo.com as well. I will scan tonight.

Edited by Kat91119, 26 April 2010 - 07:16 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:05 AM

Posted 26 April 2010 - 11:16 PM

That malware steals info when it was active not while in the vault/quarantine.
Ok so let us know how his machine comes out.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Kat91119

Kat91119
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 27 April 2010 - 02:49 PM

His machine is clean as well. He's still having issues with pogo.com and some of their games crashing...the same games crashing on my system. I've tried to get help from them on this, but they claim its not on their end...so far...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users