Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my friend's laptop infected?


  • Please log in to reply
11 replies to this topic

#1 helices

helices

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 June 2012 - 01:34 PM

Hi!

I'm new here today. Thank you in advance for your help and advice.

My friend has an HP laptop running latest Windows XP Professional and Symantec Endpoint Protection, v11.0.4000.2295

Two nights ago, she clicked on Volume Control in Systray to change audio volume and/or mute. She was unable to adjust volume, nor did mouse clicks tick and mute volume. After trying this, her screen was filled with pop-up advertisements AND she could no longer move the cursor on her screen with the mouse nor touchpad.

She rebooted several times to the exact same behavior. I have been remote to her, advising by phone. It seems that this behavior is caused by accessing Volume Control in Systray; otherwise, everything else seems normal.

I advised her to purchase Malwarebytes. She ran this twice (2x) as Administrator (NOT her user.) BOTH times, she says Malwarebytes found nothing wrong.

WHAT ought we try next?

HOW can we solve this problem?

Thank you.

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:17 PM

Posted 30 June 2012 - 01:39 PM

1. Update MBAM and rerun the scan. Post the log for our review.


================================== Eset Scanner ==================================

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Edited by ElFasso, 30 June 2012 - 01:39 PM.


#3 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 June 2012 - 01:42 PM

Hi!

Thank you.

Where is the MBAM logfile?

Based on my description, does she run any risk of connecting to the Internet to send me the logfile via email?

Thank you.

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:17 PM

Posted 30 June 2012 - 01:42 PM

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Note: Replace username with your username.

Yes there is a risk if the infected computer becomes connected with internet. You can transfer with USB, but be sure the use USB Disinfector.

Try Flash Disinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your Flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
  • Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Edited by ElFasso, 30 June 2012 - 01:48 PM.


#5 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 June 2012 - 04:12 PM

MBAM log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: TOFU [administrator]

Protection: Enabled

6/30/2012 11:14:54 AM
mbam-log-2012-06-30 (11-14-54).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489640
Time elapsed: 3 hour(s), 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:17 PM

Posted 30 June 2012 - 04:34 PM

Run also Eset online scanner: http://www.bleepingcomputer.com/forums/topic458865.html/page__view__findpost__p__2747623

This scan may take some hours to finish, depends on hard-drive storage...

Edited by ElFasso, 30 June 2012 - 04:34 PM.


#7 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 June 2012 - 04:38 PM

Hi!

Yes, I have sent her the instructions to do that and she should have that in process right now.

Thank you.

#8 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 June 2012 - 09:27 PM

She couldn't find any copy to clipboard option; but, she read all of the Eset finished lines to me:

No threats found

Scanned files 240909

Infected files 0

Cleaned files 0

Total scan time 04:05:17

Scan status finished

#9 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:17 PM

Posted 01 July 2012 - 01:30 AM

Is she still experiencing any problem? I suspect the router is just infected...

#10 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 01 July 2012 - 08:29 AM

Hi!

What do you mean by this? "the router is just infected"

Please, advise. Thank you.

#11 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:17 PM

Posted 01 July 2012 - 08:47 AM

I was chaotic, I mixed up some of another topic. You may forget about 'the router is just infected'.

Is she still experiencing any problem/issue(s)? Or signs of infection at the moment?

#12 helices

helices
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 01 July 2012 - 10:54 AM

Hi, ElFasso!

Thank you.

My friend has rebooted several times and logged into her non-Admin account and she has NOT been able to reproduce the errant behavior.

I find this odd, since we were NOT able to identify any malware.

Thank you for your insight and considerable patience.

Best Regards,

helices




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users