Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Tracker or Redirector


  • This topic is locked This topic is locked
1 reply to this topic

#1 Fluffums

Fluffums

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 January 2012 - 08:06 AM

Hello -- my brand new XPS 15 with Windows 7 and McAfee is infected with malware. The symptom is a browser window will automatically open randomly and redirect me to some strange site, like "s4.histats.com", "7v7a.com", "forex-brokers.com", etc. I've put each in my hosts file to prevent this but I still would like to remove the malware.

I've already downloaded or run many antivirus software packages including Kaspersky 2012, Eset, Ad-Aware, Spybot, Malwarebytes and some of the custom-written apps from this site. Each one either does not detect anything or reports a different name or type of malware/virus: MBAM calls it "Trojan.Agent" and "Malware.Trace" and can't remove it upon numerous reboots, Kaspersky calls it "Trojan.Spy.HTML.Fraud", Eset calls it "Variant of Worm/Ainslot.aa" and can't remove it. Nothing seems to work. In each case I can run a bunch of tools and things appear better in Safe Mode but after restarting into "regular" mode I see the random browser window try to open and new scans with MBAM show the malware is back. The worst part is my paid installation of McAfee doesn't report a $*#% thing.

During one scan I think Kaspersky found a trojan in my inbox, so I deleted my inbox and uninstalled Thunderbird, and even that didn't work, so here I am.

Saying you guys are busy is probably the understatement of the year but I am stuck. I wanted to fix this on my own and I still have one bullet in the gun where I can wipe the disk and start over but I'd rather not as I would need to back up several gigs of personal stuff first, then of course put all that stuff back -- and those files may be infected, too. If you can help me out I would sincerely appreciate it.

BC AdBot (Login to Remove)

 


#2 Fluffums

Fluffums
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 January 2012 - 07:56 AM

I ended up wiping my disk and starting all over.

For those interested, I had what I believe to be two infections. One was a Trojan that somehow arrived from an "Amazon 20% off" coupon or offer in my Thunderbird inbox; Kaspersky seemed to get rid of that one.

The other one was a spyware tracker that was logging my keystrokes and putting them in various files named "nnn" or "o". It was also attached to an executable named, "svhost.exe" which lived in a few places, at least two were "C:\Users\<user_name>\AppData\Roaming\microft" and "C:\Users\<user_name>\AppData\Roaming\sohft". There was also a process that would run which was linked to this tracker. I don't remember the name exactly but it was something like "nc1rtrc1.exe" with no additional info and a couple of keys that lived in my registry in a folder named "VB and VBA ..." something and a couple of other places.

This piece of crap could not be removed by any software tool but was reliably detected by Malwarebytes as "Malware.Trace", but only when MBAM was run from standard mode (Safe Mode did not produce reliable scan results). Eset could also detect it but could not remove it either. This is all for Windows 7 on a PC, too. XP and other systems may be different.

I was hoping the team at MBAM would have an update to get rid of it. I'm sure after a short time they will but anyway I chose the extreme option. I did lose some data but that's okay. It was disappointing not to see this elevated to a "current threat" on some of the more popular A/V websites but I suppose since it's not "destructive" per se it won't be given a lot of attention. Also, I uninstalled McAfee because I found it virtually useless, annoying with its reappearing desktop icon and pop-up messages, restricted configuration scanning and updating options and buggy interface when operating in Safe Mode -- and I paid for it. I will be buying MBAM and Avast; hopefully that combo will keep the system protected.

Hope this helps anyone needing more info.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users