Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Malware. Trojan.Tibia


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sismetic

Sismetic

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 13 June 2011 - 08:40 PM

Hello, thank you for helping :P.

I have a serious malware infection on my brother's computer. He downloaded a file, which after running it(I told him to download from a certain source, and he downloaded from other sources, which 90%+ of the time are infected) made the system act weird.

First it only showed an error message like this:

svchost.exe - Application Error

The instruction at 'series of numbers and letters' referenced at memory '0x0000000'. The memory could not be "written"

And then, I could not connect to internet(still cant).

Then I came here to bleepingcomputer.com, and saw posts and threads. And tried to run MalwareBytes, GMER and other applications(via USB), but whenever I tried to open them, or nothing would happen or a black console windows would appear and dissapear(in less than a second) really quickly. But that only happens with applications which I pass through the USB, as I dont have internet, I can't download them or anything. I've tried renaming them (for example to explorer.exe, iexplorer.exe, Google Chrome.exe), changing the extension( for example to explorer.com, explorer.scr- which displayed an error saying that scr wasnt a valid extension recognized by Win32-), running .reg files(supposedly to solve that problem), and nothing has worked.

Ran SFC.exe and it did not ask for my Windows XP disk(which according to http://www.bleepingcomputer.com/forums/topic43051.html is because everything is ok), also I've tried resetting winsock, via a Winsock XP Fix application, but to no avail.

Also ran Avast!(a free version and with updates) and Spybot S&D(with no updates though, because I cant download them) and they didn't show anything.

I also ran Hijack This! but the files changed its content(somehow, probably the malware) to nonsense(weird characters).

I browsed through the history(of the browser- Firefox -) and downloaded on my pc the downloaded files(sanboxed of course), and ran them through virustotal.com

So, I can't pass non-binary files back or forth the infected computer, nor execute binary files(except the ones already on the system). Cannot connect to internet, it apparently made changes on kernel(my dad says) and/or regedit.

I would appreciate ANY help at all, thank you for your time.

Oh, and here's the link to the virustotal report(as the trojan has many aliases) for information. Thank you:

VirusTotal Report

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:48 AM

Posted 22 June 2011 - 07:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:48 AM

Posted 28 June 2011 - 06:36 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users