Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I safe?


  • Please log in to reply
12 replies to this topic

#1 mrsb

mrsb

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 24 February 2011 - 08:22 AM

Hi, I foolishly clicked in an email yesterday that turned out to be spam. It was from someone I was expecting a reply from, so was caught unaware. It immediately sent emails to all my contacts in hotmail. I have changed my password, but I'm afraid I may still be at risk. I ran my Malwarebytes and Spybot, which both showed nothing, but as I'm not very savvy, I'm afraid to sign in to my Lastpass in case I give away my passwords to sensitive sites. How can I be sure I'm safe please?

Edited by mrsb, 24 February 2011 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 24 February 2011 - 02:20 PM

There are no guarantees or shortcuts when it comes to malware removal, especially when dealing with rootkits. Infections and severity of damage will vary. The longer malware remains on your system, the more time it has to download additional malicious files. Depending on the infection, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.

Please post the results of your last MBAM scan for review (even if nothing was found).

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.

-- Alternatively, you can try downloading and using the SUPERAntiSpyware Portable Scanner or performing the SUPERAntiSpyware Online Safe Scan (both listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2011 - 08:29 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5852

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/25/2011 8:20:51 AM
mbam-log-2011-02-25 (08-20-51).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 254460
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 25 February 2011 - 09:15 AM

Your Malwarebytes Anti-Malware log indicates you are using an outdated database version.
The database shows 5852. Last I checked it was 5875.

Please update it through the program's interface <- preferable method. If malware is blocking you from updating, then manually download the database definitions from one of the following locations (they may not be the most current as manual updates are behind in version level compared to updates from within the program) and just double-click on mbam-rules.exe to install:Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Then continue with the SUPERAntispyware scan if you have not already started it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2011 - 10:40 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5875

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/25/2011 10:26:15 AM
mbam-log-2011-02-25 (10-26-15).txt

Scan type: Quick scan
Objects scanned: 141992
Time elapsed: 16 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/25/2011 at 09:31 AM

Application Version : 4.45.1000

Core Rules Database Version : 6476
Trace Rules Database Version: 4288

Scan type : Complete Scan
Total Scan Time : 00:58:07

Memory items scanned : 441
Memory threats detected : 0
Registry items scanned : 7726
Registry threats detected : 0
File items scanned : 61452
File threats detected : 16

Adware.Tracking Cookie
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@insightexpressai[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@adecn[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@invitemedia[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@content.yieldmanager[3].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@pro-market[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ru4[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ad.yieldmanager[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@tribalfusion[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@revsci[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[2].txt
media.oprah.com [ C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23N25MBT ]
media.wamu.org [ C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23N25MBT ]
secure-us.imrworldwide.com [ C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23N25MBT ]
tracking.onefeed.co.uk [ C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23N25MBT ]

#6 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2011 - 11:16 AM

After another re-boot

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/25/2011 at 11:14 AM

Application Version : 4.45.1000

Core Rules Database Version : 6476
Trace Rules Database Version: 4288

Scan type : Quick Scan
Total Scan Time : 00:29:38

Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 1618
Registry threats detected : 0
File items scanned : 27292
File threats detected : 0

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 25 February 2011 - 01:07 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image
  • Check Remove found threats
  • Click Advanced settings, then check Scan potentially unwanted applications and Enable Anti-Stealth technology.
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2011 - 05:32 PM

Before I go any further, I must say thank you so much, quietman, for your help and patience. Eset Online Scanner did not find any threats:

Scanned files 134775
Infected files 0
Cleaned files 0
Total scan time 02:34:27

Can I assume now that I really am safe?
Should I uninstall Eset?

Edited by mrsb, 25 February 2011 - 05:33 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 25 February 2011 - 06:19 PM

I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 25 February 2011 - 06:51 PM

Everything seems fine thanks. My main worry was whether anyone could have accessed passwords or any other sensitive data. I use Lastpass password manager, and although I know they don't record my master password, I was concerned about that password being recorded anywhere on my computer when I use it. I have now changed it. Do you think, from my logs, it all looks ok? Unfortunately, none of this means anything to me. The Eset simply showed no infections, there was no log to copy. I do appreciate your continued help, very much.

Edited by mrsb, 25 February 2011 - 07:02 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 25 February 2011 - 11:14 PM

Having feelings of uncertainty and concern after encountering malware infection is not uncommon. How concerned you should be depends on what was actually found and removed. For example, rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by an attacker for malicious purposes. Keyloggers are dangerous because they sit stealthy on your system, monitor all the keys you press and can steal sensitive information to include your logins, passwords and private (financial) data. We did not find evidence of any of these types of malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 mrsb

mrsb
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 26 February 2011 - 07:39 AM

Thank you.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 26 February 2011 - 08:20 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users