Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very clever trojan


  • Please log in to reply
1 reply to this topic

#1 Norastus

Norastus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 03 January 2012 - 09:48 AM

I've been infected by a particularly resistent piece of malware. The symptoms are:

1) When I try to click through to a search link found by Google it always redirects to some bogus page tied to IP address 63.209.69.107.
2) A process spawns (and respawns) in the background identified as PING.EXE *32. This process starts small (2MB) and grows to as large as 738MB. Once it gets running it averages about 30% of all CPU cycles, but spikes up as high as 99% and will run in the 90% range for a couple of minutes. [I should point out that several decades ago I did the network stack part of the PING command for a couple of notable UNIX operating systems. From personal experience I can attest that the real PING client is quite small and the system part is even smaller.]

I'm running 64 bit Windows 7, so I know that my maleware removal options are limited. Here's what I've done:

I've updated and run MalwareBytes (mbam) using both a full and quick scan. Scans first turned up some minor infections, but have since run clean. There have been a couple of cases when I actually was able to successfully click through on Google links. The first was after an mbam run and the system rebooted. I had waited a couple of minutes for everything to start itself up and then brought up Task Manager to kill off the plethora of printer/updater/application agents that don't really need to be running. All seemed well, but the bug eventually did respawn. Also, I tried killing off a couple of "Steam" processes, which seemed to provide temporary relief.

I'm usually pretty good about reducing the risk of infection for this particular computer... limited internet browsing, the use of web mail instead of a name brand email agent, and the installation of only trusted software. The only notable exception is that I've installed a game (Skyrim) on this computer that requires more horsepower the my daughter's computer can provide. Normally this wouldn't be an issue, since most of these PC games are stand-alone. This one, however, uses a service called "Steam" which requires an internet connection so that your accomplishments can be updated and recorded somewhere in the cloud. I see this as a dubious and unnecessary feature, but it seemed that the most obnoxious side effect was the occasional pop-up trying to sell you some other video game something-or-other. While it's possible this is the culprit, I find it difficult to believe that Bethesda Software would risk poisoning their entire customer base. After all, the game rang up over $600 million in sales the first week... that must be at least 10 million customers. I don't know... stranger things have happened.

Thanks in advance for any help.

Edited by hamluis, 03 January 2012 - 09:57 AM.
No logs, moved from Malware Removal Logs to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 AM

Posted 03 January 2012 - 12:42 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users