Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Prevx and MBR


  • Please log in to reply
5 replies to this topic

#1 hpvidi

hpvidi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 June 2011 - 10:12 AM

Good day, thanks in advance and for the useful info and products you are providing.

Here is the short description, my wife;s bank account was pharmed or phished, as per her she did enter in the web page where she had been requested to change the password for the money wire option. i got a liitle freaky and ran bunch of programms, few backdoors and trojans were detected, apparentley succesufully deleted.
Then I ran, prevx and it shows that mbr.exe and cfxx.exe are infected, i tried to scan mbr.exe file with kaspersky and others anti viruses, came back clean.
So here is my concern, is it something wrong with previx?, prevx started to warning me after i ran combo fix, i know that you have warned not to use combo fix but i just wanted to be on the safe side as i do a little stock trading from my pc.
Also I ran hijack and it came back with file sdra64.exe but i am not able to delete it, however i went through reg and no such files were found.
Please advice.
P.S.
English is not my first language.

Edited by hpvidi, 15 June 2011 - 08:49 PM.
No logs, moved from MRL to AII.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 20 June 2011 - 03:38 PM

Hello, first a bit of advice,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hpvidi

hpvidi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 28 June 2011 - 09:30 PM

boopme, thanks,
i have reinstalled the OS,
can you please check a log, whenever you will have a time, created by Hijack recently,

thanks in advance


ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:43 PM, on 6/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

EDIT Removed HJt Log

Edited by boopme, 28 June 2011 - 09:41 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 28 June 2011 - 09:43 PM

Hello All looks good here, I have to remove that log as they are not posted here.
But you are good to go. :thumbup2:

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hpvidi

hpvidi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 28 June 2011 - 09:53 PM

wow, that was fast, sorry.

thanks a lot,

Edited by hpvidi, 28 June 2011 - 09:54 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 28 June 2011 - 10:09 PM

You're welcome from us all!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users