Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Virus Infection_Trojans/Combofix Log Analyzation


  • This topic is locked This topic is locked
2 replies to this topic

#1 cemgüney

cemgüney

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:İzmir, Turkey
  • Local time:01:26 AM

Posted 03 July 2011 - 07:17 AM

Dear Admins and Technicians,

Was hoping get some help/advise on what to do with my situation. This is what happened in order,

1. my laptops functions gets inoperable while i browse on the net. i think this starts to happen when
i use my hotmail account > couldnt close my account + couldnt select the files i wanted + couldnt close my computer...
* the problem happens every now and then...
note: i think that my hotmail account could be hacked and all i did was change my password...didnt help anything?

2. i first tried combofix, but the situation persisted...

3. I use ESET's NOD32 Antivirus, and after an indepth scan i found the following(interface is in turkish so it's also translated below),
> Warning: C:\Documents and Settings\Cem Güney\Application Data\Sun\Java\Deployment\cache\6.0\23\28960f57-6c6a4431 dosyası çoklu virüs sızıntısı bulaşmış.(it says the respective file has a multiple virus infection)

> the files are,
a_C:\Documents and Settings\Cem Güney\Application Data\Sun\Java\Deployment\cache\6.0\23\28960f57-6c6a4431 »ZIP »bpac/a.class - Java/TrojanDownloader.OpenStream.NAU truva atı türevi ::: it says it's a derivation/type of a trojan horse

b_C:\Documents and Settings\Cem Güney\Application Data\Sun\Java\Deployment\cache\6.0\23\28960f57-6c6a4431 »ZIP »bpac/KAVS.class - Java/TrojanDownloader.Agent.NCA truva atı ::: it's a trojan horse

4. i copied the files from the quarantine to ESET's folder: "infected", the files are as follows: NR51JYCA.NQF(4KB) and NR51JYCA.NQI(1KB)

by the way according to the result of the scan it reads,
threats found: 2
active threats: 1, so i assume it's only one of the files that is causing the problem.

* could it be as simple as to erase these files to solve the infection?

the only thing i know as of now is that i used combofix before i did a scan via Nod32 and there still seems to be a problem.

i'm also thinking that the problem could be found in the combofix log so i've attached it.

Well, tried to keep my explanation is simple as possible and hope the info is enough for a diagnosis.

thanks much for your concern and patience, hope to be able to get some help.

all the best & cheers, :)

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:26 PM

Posted 15 July 2011 - 11:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,844 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:26 PM

Posted 22 July 2011 - 01:30 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users