Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With A Virus Called Blackmal Something


  • Please log in to reply
3 replies to this topic

#1 Lorithehun

Lorithehun

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 20 January 2006 - 07:41 PM

I doubt this will post, everytime I get close to finishing posting my computer freezes. I received a virus in an email attachment. I googled it, it is called Blackmal but I don't remember the whole name and can't get back to look it up again. Please, if you see anything on my log file could you let me know? I tried to delete this entry in my Hijack log file: 04-HKLM/../Run:[ScanRegestry]scanregw.exe/scan
but when I run Hijack again it's back. Not sure that's even the offending entry, it just didn't look right. I am really stupid for opening the attatchment, I know better.... :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 7:32:39 PM, on 1/20/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\SYSTEM\WINZIP.EXE
C:\WINDOWS.000\SYSTEM\UPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:37 PM

Posted 22 January 2006 - 05:25 AM

scanregw.exe/scan

This is a legimitate file, part of Windows 98.

Download Nod32 trial and scan your computer: http://www.eset.com/download/trial.htm
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 Lorithehun

Lorithehun
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 January 2006 - 01:35 PM

Hello, thank you for replying... I got impatient though, and just erased my hard drive. Thanks again. :D

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:37 PM

Posted 22 January 2006 - 01:42 PM

OK, don't forget to install an Antivirus and a firewall.

How did I get infected ? With steps so it does not happen again !
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users