Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Whitesmoke

Started by ship4 , Dec 06 2010 08:10 PM

  • Please log in to reply
1 reply to this topic

#1 ship4

ship4

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:10:53 PM

Posted 06 December 2010 - 08:10 PM

Hey, I just happened upon this site after searching for help with the same issue mentioned above. I did an esset scan as suggested above, and was able to clear out all of the infected files on my computer except for these:

Win32/Bamital.EV

My full list was something like this...yeah, cleaning hasn't been a top priority of mine:

C:\hotfix.exe probably a variant of Win32/Adware.FakeAntiSpy.Q application cleaned by deleting - quarantined
C:\Program Files\Fast Browser Search\IE\BHO.dll probably a variant of Win32/BHO.IYPVUOA trojan cleaned by deleting - quarantined
C:\Program Files\SGPSA\BHO.dll probably a variant of Win32/BHO.IYPVUOA trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Temp\9d7c0e0b.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Temp\c3a791c0.exe Win32/Olmarik.ZK trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache1363183185258494201.tmp Java/TrojanDownloader.Agent.AF trojan deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache1754685223755464255.tmp multiple threats deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache3131291335458504297.tmp multiple threats deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache4519926869703536854.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache4807246148361124450.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache668294289092398910.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\jar_cache884867085702430780.tmp multiple threats deleted - quarantined
C:\Users\Ben\AppData\Local\Temp\Low\JBKJ.exe Win32/Kryptik.BAK.gen trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35249897-13c759d6 a variant of Java/TrojanDownloader.Agent.NAC trojan deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35249897-69c7b0e3 multiple threats deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\436a0444-7d65c652 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\16cbe8ee-65456cc2 multiple threats deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\44e4ef72-2fde9919 probably a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\184340f3-14dabac7 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1968e4f5-56f40078 probably a variant of Win32/Agent.FQRCZBA trojan deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\444a7a76-25422998 probably a variant of Win32/Agent.FQRCZBA trojan deleted - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\781f7948-72ca2023 multiple threats deleted - quarantined
C:\Users\norman\AppData\Local\Temp\Low\JBKJ.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\norman\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4422213c-45f7b37e multiple threats deleted - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\explorer.exe Win32/Bamital.EV trojan unable to clean
C:\Windows\svc2.exe Win32/TrojanClicker.Delf.NID trojan cleaned by deleting - quarantined
C:\Windows\System32\cryptnet32.dll a variant of Win32/Lukicsel.O trojan cleaned by deleting - quarantined
C:\Windows\System32\dll.dll Win32/Lukicsel.O trojan cleaned by deleting - quarantined
C:\Windows\System32\guyik45hbh.exe probably a variant of Win32/Refpron.G trojan cleaned by deleting - quarantined
C:\Windows\System32\guyik45hbhx.exe a variant of Win32/TrojanDropper.VB.NPV trojan cleaned by deleting - quarantined
C:\Windows\System32\updata.exe a variant of Win32/TrojanClicker.VB.NFM trojan cleaned by deleting - quarantined
C:\Windows\System32\wininit.exe Win32/Bamital.EV trojan unable to clean
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\1eyp1iw8.exe a variant of Win32/Kryptik.IAG trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\jar_cache5724451053603706264.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\_C2AF.tmp Win32/Lukicsel.O trojan cleaned by deleting - quarantined
C:\Windows\winad\winads.exe a variant of Win32/TrojanClicker.Delf.NLZ trojan cleaned by deleting - quarantined
C:\Windows\winad\winadsin.exe a variant of Win32/TrojanClicker.Delf.NLZ trojan cleaned by deleting - quarantined
Operating memory Win32/Bamital.EV trojan

Its a bit messy, I apologize. If anyone can help me with getting rid of this (Win32/Bamital.EV), I would appreciate it!

Thanks guys!

BC AdBot (Login to Remove)

 

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 06 December 2010 - 08:27 PM

Hello,I split you to ypour own topic here. Even though the infections ook the same there can be differences. You already have different malware found.

So is this XP or another?

Let's run TDDSKiller on yours now.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·