Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Malwarebyte Notifications & Possible Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 mzhang

mzhang

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 13 December 2011 - 06:33 AM

Hey guys - sorry for the trouble. Could you help advise me on this?

I'm currently running XP SP3 with MSE, which I haven't booted into for a couple of months. I think this started when I accidentally installed a rougue Adobe Flash update a week or two ago (or the last time I used it), which turned out to be an XP Antivirus 2012 installer.

I Malwarebyte'd it, which seems to have done the trick; as a precaution, I'm letting Malwarebyte run in the background to monitor any traffic - I'm getting a constant stream of blocked incoming / outgoing popups from MB, stemming from around 83.133.(119 | 120 | 124).xxx. According to WhoIs, the IP belongs to 'Greatnet New Media', a German communications company.

Recently, I've also come to notice that if I turn off MB, I start pinging Google with times around 1 - 2k ms (normal is 50 ms), which leads me to believe that there may actually be something else that's the matter.

I ran MSE and MB again - MB came up with a Trojan in \WINDOWS\Temp\. I then ran HijackThis, DDS, and GMER (as per forum suggestions), and have uploaded them to pastebin:

hijackthis.log: http://pastebin.com/pi5XjkYs
dds.txt: http://pastebin.com/ivxLhFLj
attach.txt: http://pastebin.com/99CL1yJs
ark.log: http://pastebin.com/vjkpEeei
mbam-log.txt: http://pastebin.com/S8V24Lb6

The HJT and DDS logs seems pretty ordinary (msconfig changes were mine, unless I'm overlooking something really obvious) - overall, I'm just puzzled as to what would be causing the ridiculously high ping and the constant stream of blocked IP notifications from MB, though the Trojan from the MB scan does worry me somewhat.

I do run an external hard drive which I can back data into - most of this has already been taken care of, and what's left are programs to be reinstalled in case of catastrophic system failure. I'm dual-booting the computer as a Linux box, so wiping XP is always an option.

Does anyone know what all this means? Grateful that you guys can look this over for / with me. If you have any questions about this, please reply to this post. Thanks!

Best,
M

Edited by mzhang, 13 December 2011 - 06:36 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:56 AM

Posted 18 December 2011 - 09:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:56 AM

Posted 23 December 2011 - 10:12 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users