Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Require some assistance please.


  • Please log in to reply
1 reply to this topic

#1 mearmortal

mearmortal

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 18 July 2010 - 08:47 AM

Symptoms: -

When getting results from google searching, irrelevent pages were being displayed, like out of the users control.


I used Spybot and found some 15 trojans of some sorts: -
Fraud.Sysguard
using Registry entries for \software\avsuite
\lowriskfiletypes\FraudSysguard.zip

Win32.ZBot
c:\windows\syste32\locsec\local.ds and user.ds

Virtumonde.prx
using various entries in the registry pointing to Ghiwop and virtumondeprx.zip, ..prx1.zip, ..2.zip, ..3.zip and ..4.zip
using c:\windows\ezicimay.dll

Win32.Agent.ieu

Win32.Agent.svc

Win32.FraudLoad
using registry \software\m5t8ql3yw3

win32.FraudPack
using various \software\v71ql7hi7\Kkot, KkoFC, KkoF, KkoJ, Kk09 and so many more.


I used Malwarebytes and found these: -
adware.advotator
adware.EZlife
adware.EZLife
Password.Stealer
Backdoor.Bot
Malware.Trace
Stolen.Data
Trojan.TDSS
Malware.Packer.Gen
Trogan.Ransom
Trogan.DNSChanger


The upshot of it is None of these programs now report a problem, good news, but the PC according to malwarebytes is still trying to access the same pages before I did the cleanup so I know there are still reminents of the issue still within windows.

Websites are being reported as blocked, IP's are : -
213.163.89.104, 91.212.226.7, 61.61.20.132 & 135
On visiting one of these pages, all that appears in IE is the work TEST on the page, so I know this is not right.

I have little else I can try myself so if you could render some assistance I would apreciate it.
I have the log files from the DDS program, GMER is still running but will be completed shortly.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:39 PM

Posted 19 July 2010 - 12:58 PM

I have the log files from the DDS program, GMER is still running but will be completed shortly.

DDS/HijackThis logs are not permitted in this forum. Instead they need to be posted in the Virus, Trojan, Spyware, and Malware Removal Logs forum.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users