Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cash edge malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 wcutler

wcutler

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 21 June 2012 - 01:23 PM

Have a users computer that has the cash edge malware on it.
used malwarebytes and combofix to try and remove it.
still having the issue.

tried using online scanners and I am getting redirected to logon.live.com using 3 different types of browers
Also used tdsskiller - finds nothing

for info on it - go to link below
http://www.gatecitybank.com/home/privacy/fraud_information/fraud_alerts

BC AdBot (Login to Remove)

 


#2 wcutler

wcutler
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 21 June 2012 - 02:04 PM

if i logon as a different user, i am able to get to eset.com on ie
running eset online scanner now - will see if it gets rid of it.

#3 wcutler

wcutler
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 June 2012 - 07:05 AM

this what eset found
combofix and malwarebtyes did not find this

C:\Documents and Settings\%username%\My Documents\123\pvreadme.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\My Documents\PresentationCD\pvreadme.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\Application Data\Microsoft\Signatures\****.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\Application Data\Microsoft\Signatures\****.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\Application Data\Microsoft\Signatures\****.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\Application Data\Microsoft\Signatures\****.htm HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\%username%\Application Data\Real\Msg\4155_1163091622\20061109090022newmusicalerts.html HTML/Iframe.gen trojan cleaned by deleting - quarantined

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:23 AM

Posted 23 June 2012 - 02:29 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs. Since you have already used ComboFix please include any logs created by that tool.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 25 June 2012 - 07:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 PM

Posted 02 July 2012 - 06:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users