Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i canceled out avg


  • Please log in to reply
18 replies to this topic

#1 river58

river58

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 23 February 2011 - 11:42 AM

i canceled out avg removing some virus and i want to know if im still infected.

BC AdBot (Login to Remove)

 


#2 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 23 February 2011 - 11:51 AM

i canceled out avg while removing a virus and id like someone to check and see if i still have it heres a malawarebytes anti malaware log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/23/2011 11:49:33 AM
mbam-log-2011-02-23 (11-49-33).txt

Scan type: Quick scan
Objects scanned: 139191
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 23 February 2011 - 02:36 PM

Hello I merged this together so others don't reply and we have 2 topics going.
Are you having redirects,pop ups etc,,?

I cancelled AVG ,meaning you uninstalled it after running it and now do not have an AV applicatin?

Also your MBAM is old.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 10:12 AM

i closed it out instead of letting it remove it and no pop ups firefox blocks them no redirects.

Edited by river58, 28 February 2011 - 10:14 AM.


#5 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 10:31 AM

heres the log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5905

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/28/2011 10:29:25 AM
mbam-log-2011-02-28 (10-29-10).txt

Scan type: Quick scan
Objects scanned: 181155
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
c:\Users\tony\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> No action taken.

Files Infected:
c:\Users\tony\downloads\xvidsetup.exe (Adware.Hotbar) -> No action taken.
c:\Windows\System32\guyik45hbh.txt (Trojan.Agent) -> No action taken.
c:\Users\tony\AppData\Roaming\local.exe (Trojan.Agent) -> No action taken.
c:\Users\tony\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> No action taken.

#6 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 10:47 AM

after i removed them
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5905

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/28/2011 10:45:16 AM
mbam-log-2011-02-28 (10-45-16).txt

Scan type: Quick scan
Objects scanned: 181155
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\tony\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\tony\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Windows\System32\guyik45hbh.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tony\AppData\Roaming\local.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\tony\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 28 February 2011 - 11:13 AM

Hello, we still need to run an Online scan and see if there are any left behind.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 01:54 PM

here is the eset scan log
C:\Install\Raxco PerfectDisk Pro v10.0.0\Raxco PerfectDisk Pro v10.0.0\PD10_WS.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan deleted - quarantined
C:\Install\Raxco PerfectDisk Pro v10.0.0\Raxco PerfectDisk Pro v10.0.0\Raxco PerfectDisk Pro v10.0.0.rar multiple threats deleted - quarantined
C:\Install\Tony\Windows.7.Loader 32 bit\Windows 7 Loader.exe probably a variant of Win32/TrojanDownloader.VB.OIY trojan deleted - quarantined
C:\Users\tony\AppData\Local\LiveIcons2Obj\LiveIcons2Obj.dll a variant of Win32/Sefnit.AD trojan cleaned by deleting - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d43e080-561f51f7 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1df68edb-386c9ba3 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-48283936 multiple threats deleted - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-5cfd7f1b probably a variant of Win32/Agent.FPEXZHL trojan deleted - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3cb543ea-547d2da9 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-16b6d11c probably a variant of Win32/Agent.HRYTTOE trojan deleted - quarantined
D:\ANTHONY\Backup Set 2010-01-03 190007\Backup Files 2010-01-03 190007\Backup files 15.zip multiple threats deleted - quarantined
D:\ANTHONY\Backup Set 2010-01-03 190007\Backup Files 2010-01-03 190007\Backup files 17.zip a variant of Win32/Injector.DU trojan deleted - quarantined
D:\ANTHONY\Backup Set 2010-01-03 190007\Backup Files 2010-01-03 190007\Backup files 20.zip Win32/TrojanDownloader.VB.OFT trojan deleted - quarantined
D:\ANTHONY\Backup Set 2010-01-03 190007\Backup Files 2010-01-03 190007\Backup files 21.zip a variant of MSIL/TrojanDropper.Agent.EH trojan deleted - quarantined

the .txt file slowed down my computer deleted it permanantly now my computer is faster again

now what?

Edited by river58, 28 February 2011 - 02:15 PM.


#9 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 02:35 PM

now what? :huh:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 28 February 2011 - 03:06 PM

You Main and back up drive are infected.. you will need to Update and run a FULL scan with MBAm so that it scans all drives..
You have Injector virii that may require you to move to another section after we see the MBAM log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 28 February 2011 - 04:19 PM

heres the mbam log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5907

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/28/2011 4:11:14 PM
mbam-log-2011-02-28 (16-11-14).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|Z:\|)
Objects scanned: 352433
Time elapsed: 45 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Install\raxco perfectdisk pro v10.0.0\raxco perfectdisk pro v10.0.0\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 28 February 2011 - 08:40 PM

Hi river
TheftMarker.Crude,is a "marker" from a Torrent/P2P programs type of program.
Or from AyPC Speeduper 2.4.0.0 Incl Crack vokeon torrent , This is a crack program.. this and the above must be removed or we can NOT het this clean.


AS it stands now you have backdoors,injectors,your back up files were infected and your System Restore has infections in it.
Let me ask you this ... Are you opposed to doing a reinstall.??

Here's why... IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

===================
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 March 2011 - 04:47 PM

what are the infected files (if you know)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 01 March 2011 - 05:05 PM

Hello, this one is quarantined.
c:\Install\raxco perfectdisk pro v10.0.0\raxco perfectdisk pro v10.0.0\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.

I am not vertain whay it downloaded.. Perhaps we can find it with this.


Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 river58

river58
  • Topic Starter

  • Banned Spammer
  • 75 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 01 March 2011 - 05:08 PM

after it is done can ckscanner be removed?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users