Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection!


  • Please log in to reply
2 replies to this topic

#1 DoorMat

DoorMat

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 July 2012 - 11:51 PM

Hello guys, I was surfing/browsing the web when I think I was infected with something... My comodo came up alerting me that it had found something malicious and then asked If I wanted to allow a file (not too sure what it was i quickly clicked block) to access something.

I blocked all traffic and went into paranoid mode and scanned with AVG, MBAM and TDSSKiller, all finding nothing.

Though when I go into my defense+ events I see:
AVG, Explorer.exe, MBAM and Comodo were all blocked trying to access this target:

C:/Documents and Settings/Owner/Local Settings/Temp/124kkk290347.exe

which was blocked and "scanned and found malicious"

As Im typing this I refreshed the defense+ events to see Comodo is also blocking this.

My computer is still working perfectly fine, and is showing no symptoms as of yet. I am still in paranoid mode in Comodo.

I would like some help please!

BC AdBot (Login to Remove)

 


#2 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 July 2012 - 12:28 AM

Sorry for the double post, though I think I may have found it. Everytime I scan my temp files it seems to skip that one, I am not too sure why though it could be because I added the suspicious "124kkk290347.exe" file to the block list, because everytime I scan with AVG or MBAM in the COMODO Defense+ events list another line of "Application - MBAM/AVG
Flag: Block
Target: C:/Documents and Settings/Owner/Local Settings/Temp/124kkk290347.exe"

keeps adding on. I went to where the file is located and I see it, I want to delete but I want to make sure when I delete its gone for good, Thanks.

Edited by DoorMat, 16 July 2012 - 12:29 AM.


#3 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 July 2012 - 04:24 AM

Sorry for the multiple posts, just hoping somebody can help me resolve this issue as soon as possible and I though I'd give an update and provide as much detail as possible.

So I'm 100% positive that "124kkk290347.exe" is the infected/suspicious file. I had gone in my temp files and located that actual file, it's not hidden and I was able to see that it was modified/created at the exact time of the alert. I had added it to the block list and hit the "disinfect" button when the alert still came up so I don't think any file can access it because in my defense+ event log I'm getting that Explorer.exe, MBAM, Comodo and AVG are trying to access the file but it's flagged as "Block". I went into the Anti-Virus log for COMODO and saw that orignally Java tried to run "124kkk290347.exe" when it had first made its way on my computer though it was "denied" and "disinfected". So as I'm typing this my computer seems to be running normally (fingers crossed) and the file is just sitting in my temp file not doing anything (hopefully). I don't want to try delete it myself as I might do something wrong, and thats why I'm here.

-Thanks.

Edited by DoorMat, 16 July 2012 - 04:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users