Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help - Cycbot infection found


  • Please log in to reply
3 replies to this topic

#1 OhCrud

OhCrud

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 05 January 2012 - 01:49 PM

Hi there,

I'm in dire need of help. MSE picked up multiple infections of Cycbot.B and Cycbot.G, as well as Fareit.gen!C, Iframe.AC, and Fareit over the last few days. I also noticed a few .exe's named things like 69A.exe and AAE.exe in the running Processes when MSE first notified me of the Cycbot infections; MSE took care of them a bit later. I wasn't worried at first but now I am.

I'm running Windows 7 Home Premium 64-bit, firewalled with Windows Firewall. I ran a full scan with MSE last night but new ones popped up again this morning.

Can someone help me figure out what next steps I should take? This is my personal laptop and I have personal info of all kinds on here. I'd like to avoid doing a complete re-format as I've never done it before, but if I have to in order to keep using this computer I'm willing to do so.

Also, should I back up my files now, or would backing them up just infect whatever else I use?

Thanks for your help. Could really use it.
*A

Edited by hamluis, 05 January 2012 - 02:21 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:47 PM

Posted 05 January 2012 - 09:35 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 06 January 2012 - 12:50 AM

Hi Broni,

just followed your instructions (defogger, restart, DDS, no GMER since running 64-bit), and also ran MBAM quick scan. In case it has any bearing on the issue, since I began worrying about these infections this morning, I have done:

-MSE full scan (picked up additional cycbots and clearned suspicious .exe files from running processes)
-DDS
-MBAM quick scan running concurrently with new MSE full scan (I aborted the MSE b/c it was taking too long, but MSE picked up a new cycbot.G while MBAM quick scan was still running). MBAM picked up this:
C:\Users\arnie\AppData\Local\Temp\ICReinstall\cnet_PangoBright_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
-new MSE full scan (clean! yay!...?)
-defogger + restart
-DDS
-MBAM

hope running multiple scans doesn't mess things up...

Thank you, Broni. I just reposted the issue with pertinent info and logs here. I really appreciate the help!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:47 PM

Posted 06 January 2012 - 01:18 AM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users