Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with something (Drop.2?)


  • Please log in to reply
1 reply to this topic

#1 ntraenkner

ntraenkner

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 01 December 2011 - 01:44 PM

Windows 7 64-bit

last night i got a couple dozen popups telling me there was a "delayed read error" or something. Then a popup telling my my hard drive was broke- asked me to scan and fix. before this I was receiving messages about "googleupdate.exe" or something like that. Whatever infected me logged me off and restarted the computer.

1. I unplugged the network cable and I immediately came here (using another computer) and downloaded iExplore.exe to "stop the processes".

2. Popups disappeared, scan and fix dialog disappeared.

3. Next, I ran tdsskiller it reported it found one thing (Locked File (Service: sptd) default action presented to me was "skip" per the TDSSKiller instructions I hit "continue" keeping "Skip" selected.

4. I installed malwarebytes from a flash drive. because i was unplugged from the network i couldnt update the database

5. when I restarted the same behavior (popups, scan and fix) but no logoff and no mention of googleupdate

6. ran unhide

6. Repeated steps 1-3 ran Malwarebytes again. This time only reported Registry entries.

7. I removed them.

8. Restarted. Same behavior.

9. BECAUSE I DID NOT READ INSTRUCTIONS CAREFULLY I then installed and ran ComboFix but did not do anything other than let it generate a log.

10. Realized that I should update my Malwarebytes and so plugged in the network cable again.

11. updated Malwarebytes.

12. Noticed that I now no longer get the popups or system scan message

13. However, in my notification tray I have a little flag with an X that says: "Solve PC Issues: 1 important message 6 total messages" when I mouse over.

14. If I right-click the task bar and select Properties > Notification Area > Customize Button In the list of Icons there is a file called "Action Center" (the little flag with the X) vMttfGqwlJXmmgo.exe with a USB icon next to it (that looks like malware) and three instances of "proxycheck.exe".

While things seem to be running fine, I'm convinced that by running ComboFix, I half-fixed something. I have since downloaded DDS and created a log. I also have all the logs generated through the above process.

What do you think? Am I doomed?

Thank you for reading this!

If anyone knows how I might go about fixing this, I of course am grateful.

-Nick

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:13 PM

Posted 01 December 2011 - 05:55 PM

Since you already ran ComboFix, the log should be reviewed by our experts in order to ascertain what was detected and removed.

Please read the pinned topic Preparation Guide For Requesting Help. When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

Note: If you're not sure where to find the log, ComboFix will create and save it to the root directory, usually C:\ComboFix.txt. To retrieve the log, launch Windows Explorer, navigate to the root directory and double-click on it to open in Notepad.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users