Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I have malware? (This is kinda urgent!)


  • Please log in to reply
5 replies to this topic

#1 helpmeohgodhelpme

helpmeohgodhelpme

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 August 2011 - 11:38 AM

Hi,

I just went to a website called main-hosting.com believing it had something to do with my server.

I was presented with a page saying "http ok- to report abuse email abuse@main-hosting.com"

I immediately pressed control u (to view source to see if there was anything malicious) then closed the tab.

In the view source I got the doctype then head then the doctype again then "HTTP OK" then some garbled javascript.

I closed the view source and googled the website.

Apparently there is a malicious website called "homepage.main-hosting.com" but nothing about just the domain itself.

I am running Google Chrome with Adblock plus installed on Windows 7 and the posts about "homepage.main-hosting.com" say it hijacks I.E.

I looked up WOT and it said the domain had not been rated.

I looked up SiteAdvisor and it rated green but there is a bit at the bottom saying:

USER REVIEW SUMMARY FOR MAIN-HOSTING.COM
Breached browser security [Reported]
Feedback from credible users suggests that visiting this site made unauthorized changes to users' systems.


Virus total said:


URL analysis tool Result
Avira Clean site
BitDefender Error
Dr.Web Clean site
G-Data Clean site
Malc0de Database Clean site
MalwareDomainList Malware site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
TrendMicro Malware site
Websense ThreatSeeker Malware site
Wepawet Unrated site


I have very important files that I don't want to back up in case they've been infected.

Am I infected and if so, what do I do?

Thanks,

Matthew

Edit: I just opened up MBAM and am scanning now. It updated fine so I assume if anything's there it can't be active in memory. Also I have not seen any popups, fake AVs, redirects, website blocks or anything. I'm kinda hoping that it isn't a virus site after all.

Edit 2: MBAM has found something! Help! I need to wait for the scan to finish before I can find out what it is. Perhaps it's just a tracking cookie? (I hope!)

Edit 3: 2 files infected (probably unrelated) but removed. Am I ok now?

Edited by helpmeohgodhelpme, 16 August 2011 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:25 PM

Posted 16 August 2011 - 10:52 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 helpmeohgodhelpme

helpmeohgodhelpme
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 17 August 2011 - 03:41 AM

Thanks for your help but it appears that MBAM was just reporting false positives (it was a program I wrote myself and it couldn't have been infected as the only two infections picked up by MBAM were that program and a backup of the same program on a different drive). After a re-boot everything seems to be fine (thank goodness).

Should I still run these checks?

-- Matthew

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:25 PM

Posted 17 August 2011 - 06:45 PM

It'd be up to you.
I suggest we run those checks just to make sure.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 helpmeohgodhelpme

helpmeohgodhelpme
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 18 August 2011 - 04:06 PM

Everything seems to be fine even after 5 re-boots & I have no suspicious processes or hard drive access. I think it was a false alarm so I won't run the scans. I'll scan again with MBAM though.

Thanks,

Matthew

P.S. You just know what's going to happen. The minute I post this my system will go haywire :)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:25 PM

Posted 18 August 2011 - 08:22 PM

I'll be around :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users