Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware affecting admin account rights


  • Please log in to reply
No replies to this topic

#1 ajetrumpet

ajetrumpet

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa City, IA
  • Local time:05:22 PM

Posted 15 April 2012 - 11:18 PM

Hi guys,

Ran into an unwanted download today. I believe a page on
http://www.tomshardware.com/
has done it. I noticed the change right away.

The resulting behavior was the confirmation pop-ups that the UAC usually gives a user with certain clicks. Afterwards, I noticed 2 programs in the software list. One was visicom's antiphishing domain advisor, and the other one was the SPAM free toolbar. Google reveals many links about illegitimacy.

I ran MBytes and got this log:

***************************************************************************************************

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19222
mike :: MIKE-PC [administrator]

Protection: Enabled

4/15/2012 7:59:06 PM
mbam-log-2012-04-15 (19-59-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400665
Time elapsed: 1 hour(s), 1 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\mike\Mike's Files\Programs\AVI media player\AVIMediaPlayerSetup.exe (Adware.RKN) -> Quarantined and deleted successfully.

(end)

***************************************************************************************************

I also have internet filtering software on my machine, and it shows system tray popup immediately after win boot that shows "visicon.antiphishing.com" blocked.

Other stuff that may be relevant:

*AVG icon is in the sys tray, but security center says it's off. If I try to turn it on via security center, I get the "insufficient user rights" error in the image that's attached.
*setup.exe stops working when i try to uninstall an external VGA card software
*UAC dialogs keep appearing regardless of whether it's on or off, per security center.
*msconfig - launching "disable UAC" results in a DOS window w/2 lines. 1 => "cannot find specified path", 2 => "operation completed successfully.

*when clicking the "turn UAC on or off" link in the CP, the final dialog that has the checkbox in it won't appear. I get a flash on the screen and the window fails to appear.
*Same thing happens when I try to click any links in "user account" section of CP that has a security center icon next to it (cannot add user accounts, etc..)

*Windows defender is now turned on, whereas I don't believe it was before because the update downloader wasn't working.

Things I've done so far to fix the issue:

*Restored machine to 2 days ago, before the install of my external VGA card for monitor 2.
*Ran MBytes, Spybot.
*The UAC was apparently turned off via the msconfig attempt, so not getting popups anymore, but account rights are still blocked with certain CP clicks.

Not sure where to go from here. Any suggestions guys? Also, anyone know what I'd be looking at, worse case scenario? Re-format the disk? Re-install win?

thanks guys!

Attached Files

  • Attached File  err.jpg   136.9KB   3 downloads

Edited by hamluis, 16 April 2012 - 06:50 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users