Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still at risk


  • Please log in to reply
7 replies to this topic

#1 YosemiteSam

YosemiteSam

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 October 2010 - 09:28 AM

Hello there

Running Windows 7 Home Premium

I managed to get a nasty that related to the bit torrent application. All my programs associated themselves with bit torrent and would not open at all. Panic. Still have old laptop so did some research. Found a download called 'exe_fix_Win7'. Ran that and was able to open programs again so immediately ran MBam. This found and killed a trojan. here's the log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.1.7600

11/10/2010 14:32:48
mbam-log-2010-10-11 (14-32-48).txt

Scan type: Quick Scan
Objects scanned: 84695
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
*********************************************************************

Ran my Avast! AV and Super-Antispyware. both clean.

How can I be sure it has gone for good?

Any help truly welcome, thanks in advance....

Sam

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:54 AM

Posted 11 October 2010 - 12:47 PM

There are no guarantees or shortcuts when it comes to malware removal depending on the infection you are dealing with, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous.

Try doing an online scan to see if it finds anything else (i.e. remnants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Important Note: Using any Torrents, peer-to-peer (P2P) or file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications.Using such programs is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 12 October 2010 - 04:37 AM

Hi Quietman7

Thank you for getting to my problem so quickly and so comprehensively. And for the advice on P2P; it seems a little knowledge truly is a dangerous thing.....



Ok, I ran the on-line virus scan and it came back clean.

What's next...?

Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:54 AM

Posted 12 October 2010 - 07:07 AM

Since all your scans are coming up clean and you're not experiencing any obvious signs of infection, then I'd say your ok at this point.

Your Malwarebytes scan only found a bad registry key which it identified as Trojan.BHO, then deleted. That detection was probably just a remnant of a piece of malware which was removed in the past and so I would not be overly concerned with the scan results.

After a security vendor updates their program version or definition databases, it is not uncommon for subsequent scans to find traces of malware files or remnants of registry entries which had previously gone undetected by prior scans long after the initial infection was removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 12 October 2010 - 12:17 PM

Hi again

That's sounds like great news, thank you.

I am a little confused as yesterday morning my laptop was completely scrambled and unable to do anything. What concerns me is that I felt I'd only fixed the symptom [all .exe files were misled] and not the cause. I've had only minor run-ins with malware and this one was by far the most scary, so it felt like something big should be behind it. But the scan results and your analysis seem to suggest there wasn't a virus/malware/nasty. Perhaps I got lucky...?

Well I've learnt my lesson meddling with torrents and the like...

If you're happy; I'm more than happy.

So, are we able to end this thread?

If so thanks so much. Great help and good advice...

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:54 AM

Posted 12 October 2010 - 12:41 PM

It sounds like whatever Torrent application you used, changed file associations during its installation and you were fortunate to be able to fix that and not have encountered a major infection in the process. I don't recommend using an such programs.

Why? Using any Torrents, peer-to-peer (P2P) or file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications.Using such programs is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 YosemiteSam

YosemiteSam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 12 October 2010 - 12:56 PM

I will count myself lucky and learn from this!

Thanks again.

:thumbsup:

Over and out.... x

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:54 AM

Posted 12 October 2010 - 01:07 PM

You're welcome. Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users