Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by 36 Viruses/Trojans/Malware - Infected My Professor


  • Please log in to reply
1 reply to this topic

#1 _spamSauce

_spamSauce

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 23 August 2012 - 02:48 AM

Hi,

My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out.

It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.

But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.

I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back.

I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.

Criminal hacker gangs are locked in battle inside my laptop for control of my DNS, right now Russians are winning but Chinese hackers are not far behind. I installed my own DNS server since I got tired of having google, paypal and my only bank resolve into phishing websites.

I was told by my ISP technician that I am a 'zombie bat' in multiple bot nets and to throw my computer away. I ran so many virus killing programs I lost track. But here is what I did yesterday because I had enough. I infected my grad school professor and he wasn't happy because he receive from me email (i never send!) that his daughter is an web prostitute. Now I may fail class.

I ran ESET Scanner and after 16 hours (not joke) it froze at 18% finding 36 viruses. But before I ran Titanium Trend MIcro (uninstalled now) and it found 64 completely different tojans and every other malignancy and I can't find log). I removed directory root name to protect privacy. These below look weak compared to evil Titanium uncovered.

ESET:

C:\*\GoWildCasino.exe probably a variant of Win32/PrimeCasino application
C:\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4ae2f8a-64c0cfd2 a variant of Java/JShrink.A application
C:\*\AutoKMS.exe probably a variant of Win32/HackKMS.B application
D:\*\backwpup_2_2012-07-08_03-02-58.tar.gz PHP/Obfuscated.F application
D:\*\webstory.zip Win32/Toolbar.Babylon application
D:\*\Stardock.ObjectDock.Plus.v2.01.743\keygen.exe a variant of Win32/HackTool.Patcher.J application
D:\*\RSS Feed Creator Pro.exe probably a variant of Win32/Agent.IKJZUOV trojan
D:\*\Get Article Pro\Update.exe a variant of MSIL/Packed.CryptoObfuscator.C application
D:\*\tm.zip PHP/Obfuscated.F application
D:\*SpeedUpMyPc 2012 5.1.5.2\speedupmypc.exe Win32/SpeedUpMyPC application
D:\*\Dropbox-Cloud-Storage\*\Get Article Pro.rar a variant of MSIL/Packed.CryptoObfuscator.C application
D:\*\Dropbox-Cloud-Storage\*\Get Article Pro\Update.exe a variant of MSIL/Packed.CryptoObfuscator.C application
D:\*\Backup Files 2012-06-10 190001\Backup files 1.zip HTML/Iframe.B.Gen virus
D:\*\Backup Files 2012-08-17 190002\Backup files 4.zip multiple threats
D:\*\Word Press Themes\fullscreen_v2.7.rar PHP/Agent.AS trojan
D:\*\minos_v1.1.rar PHP/Agent.AS trojan
D:\*\Senuke X 2.0.4.0.rar a variant of MSIL/Packed.CryptoObfuscator.D application
D:\*\Word Press Plugins.rar PHP/Obfuscated.D application
D:\*\wp-cart-for-digital-products.zip PHP/Obfuscated.D application
D:\*\wp-cart.zip PHP/Obfuscated.D application
D:\*\fullscreen.zip PHP/Agent.AS trojan
D:\*\wp-cart.zip PHP/Obfuscated.D application
D:\*\jquery.php PHP/Obfuscated.D application
D:\*\header.php PHP/Agent.AS trojan
D:\*\SENuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
D:\*\wp-cart-for-digital-products.zip PHP/Obfuscated.D application
D:\*\wp-cart.zip PHP/Obfuscated.D application
D:\*\wp-cart.zip PHP/Obfuscated.D application
D:\*\jquery.php PHP/Obfuscated.D application
D:\*\jquery.php PHP/Obfuscated.D application
D:\*\wp-cart.zip PHP/Obfuscated.D application
D:\*\Amazingbook.zip PHP/Obfuscated.D application
D:\*\wpspirit.zip PHP/Obfuscated.D application
D:\*\Setup_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application
D:\*\acens_v1.1.rar PHP/Agent.AS trojan

=========MiniToolBox by Farbar

these below are the tunnels in my network that make me nervous:

Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPUTER NAME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ZTE USB Remote NDIS Device
Physical Address. . . . . . . . . : 00-26-5A-D7-FB-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b536:eae7:e78c:dd15%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2012 7:58:29 PM
Lease Expires . . . . . . . . . . : Thursday, August 23, 2012 7:58:28 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 352331354
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-5E-17-D2-F0-4D-A2-5E-E9-40
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7BE94A19-4A45-4D7A-8578-4FDED50351DE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:148a:d17:dbda:23ec(Preferred)
Link-local IPv6 Address . . . . . : fe80::148a:d17:dbda:23ec%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 127.0.0.1
Address: 127.0.0.1#53

==========================================

This below what used to be my camera and now while working for enemy this is how it looks and doesnt accept any driver


========================= Devices: ================================

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

----------------------------------------------------------------------

Help Me Please,

N

Here is photo of my event log on typical day:
Posted Image

Edited by _spamSauce, 23 August 2012 - 03:33 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 AM

Posted 23 August 2012 - 10:54 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users