Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AOL phishing pop-up - Gringo


  • This topic is locked This topic is locked
10 replies to this topic

#1 Moocowman

Moocowman

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 14 March 2012 - 04:37 PM

Hey, my previous topic was locked, sorry I thought I had posted my log but I hadn't. Here is my F-Secure log, not sure where these new viruses came from:

Scanning Report
Wednesday, March 14, 2012 18:46:39 - 21:34:12

Computer name: DELL-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
2 malware found
Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\USERS\ADMINISTRATOR\DESKTOP\0WNSL4QP.EXE (Not cleaned)

Statistics
Scanned:

Files: 48250
System: 3950
Not scanned: 23

Actions:

Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 1
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\HSPERFDATA_ADMINISTRATOR\3444
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_0
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_1
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_2
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SPOTIFY\BROWSER\INDEX
C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\325D879A431D87F22BC77B623B6A4936_70A05AE9-3528-4407-9B37-0ACFAE0E1B9E
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74C8B72CA3A324C1E52590F052D80EED_70A05AE9-3528-4407-9B37-0ACFAE0E1B9E
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF062D0D2E74B6354E2F0742A6B7F677_70A05AE9-3528-4407-9B37-0ACFAE0E1B9E

Options
Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 14 March 2012 - 05:02 PM

Hello


You did post the report - I think you are missing that it went to page 2 - http://www.bleepingcomputer.com/forums/topic444370.html/page__view__findpost__p__2626371

if you have any more questions just let me know here



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 14 March 2012 - 10:36 PM

Ohh, sorry about that. I have no idea where this new malware has come from, scanned and removed it with MSE but I don't download anything. Im currently following the steps to make my browser safer.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 14 March 2012 - 10:39 PM

do you have a new problem?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 14 March 2012 - 11:05 PM

I believe so, 2 malware files showed up before.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 14 March 2012 - 11:13 PM

C:\USERS\ADMINISTRATOR\DESKTOP\0WNSL4QP.EXE (Not cleaned) <-- this is Gmer and is not a problem


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-28 03:48:45
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.EC2O
Running: 0wnsl4qp.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldapod.sys

with out knowing the other one and this time it does not show


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 March 2012 - 09:56 AM

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SW79CQW\._.._load_19[1].exe

This is what MSE described this as.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 15 March 2012 - 01:13 PM

Hello

That is in the Temporary Internet Files which means one of the web pages you went to had something on it that MSE did not like maybe from an ad on the page - it also means that MSE was doing its job and deleted it


We will do some quick checking but I don't think it is needed

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Moocowman

Moocowman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 15 March 2012 - 05:42 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: DELL-PC [administrator]

Protection: Enabled

15/03/2012 22:32:14
mbam-log-2012-03-15 (22-32-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181172
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There is the log. I will donate tomorrow when I get paid as your help has been much appreciated. Also, what do you think is a good free firewall to use?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 15 March 2012 - 10:28 PM

That looks very good and I think we should not push it anymore


you are more than welcome and glad I was able to help


PS make sure to do the clean that was posted before



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:34 PM

Posted 19 March 2012 - 09:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users