Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with remote administration trojan + botnet #3


  • Please log in to reply
16 replies to this topic

#1 Zazzec

Zazzec

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 23 September 2012 - 10:10 AM

Hey guys,the problem is that im infected with those things.
I have posted "Am I infected? What do I do?" and "Virus, Trojan, Spyware, and Malware Removal Logs".
But the guys there were unable to remove them.In my last topic nasdaq told me to post here.
So i will be happy if someone here could help me.
Here are the old topics :
First topic

Second topic

Greetings,Zazzec.

Edited by Queen-Evie, 23 September 2012 - 10:46 AM.
language


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 23 September 2012 - 11:35 AM

Hello ,,you are NOT infected.

Your logs are clean.

Second Topic in MRL

What exact issues are still recurring?

Operating system : Windows 7 Professional Service Pack 1 (64 bits)

You would be better off starting another topic here in Networking with the info asked. Changing the Title to remove the term "Infected" and "Botnet" as they will discourage the Network help because they will think you are infected and leave you here for malware help.

Edited by boopme, 23 September 2012 - 11:38 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 23 September 2012 - 02:04 PM

... When my logs seems to be clean,doesnt matter that im NOT infected.If i wasnt infected,my pc wont be controlled and i post topics for that.
Im not saying that someone here is required to remove my infections,im just looking for suggestion/solution.Plus that im not paranoid user i have fully explained whats the virus and whats happening on my pc.

Edited by Zazzec, 23 September 2012 - 02:18 PM.


#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:23 AM

Posted 23 September 2012 - 02:20 PM

In the first topic you stated

The problem is that those nastyes remain even after reinstall of Windows.
Seconds after any fresh install of Windows the control on my pc is taken.


In this topic you state

If i wasnt infected,my pc wont be controlled.
have fully explained...whats happening on my pc.




What exact issues are still recurring?


Please explain what you mean by "control" of your pc. In none of your posts have you "fully explained" what is happening with your pc. What led you to "suspect that may be mbr/tdl4 infection"?

Whether or not you post those issues is up to you. We ask questions for a reason. Help is given based on what a poster tells us. If you don't give us anything to work with no one will be able to help you.

Edited by Queen-Evie, 24 September 2012 - 10:32 AM.


#5 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 25 September 2012 - 06:44 AM

Okay i will tell you everything i know.
Im infected by my ''friend'' .
The only things i know that he finded the source code of Bifrost RAT and recoded it or just crypted to make it undetectable by Av's (or just FUD it).
He also showed me how this work,while playing with other infected people.
And after few weeks the same things started to happen on my pc.
When i reinstalled my Windows,i thinked that everything is okay and the virus i gone,but its just remained.
Also he have send video while i reinstall my Windows ....
And i think tld4 virus is messed,cuz after every fresh reinstall MBAM detects bootmbr.exe located in Windows folder
I have read everything which is written by people with similar problems like mine,they dont helped me.So i decided to post my problem with the hope someone will help me to fix it.

#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:23 AM

Posted 25 September 2012 - 02:38 PM

And after few weeks the same things started to happen on my pc.



"The same things" doesn't tell us anything. What are the "things" that started to happen on your pc?

#7 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 September 2012 - 05:25 AM

Well sometimes my mouse is moving without i do anything,while play games they close suddenly,when watch films the subtitles are changing,the cd rom is opening and closing,some friend told me that i have sended files and talk strange things via Skype.Offcource i know that this are features of RAT (Remote administration tool virus),but dont know how to proove it ..
Also i had few notifications from my Comodo firewall that im trying to connect to other computer at 137 port (UDP) through system.
Posted Image
If this is not enough information or you dont understand something i wrote,feel free to post. :P

Edited by Zazzec, 26 September 2012 - 05:42 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 26 September 2012 - 07:40 PM

Are you using Utorrent with Comodo Internet Security ??

Are you on a router and is it wired or woreless?
Is it passworded?

Edited by boopme, 26 September 2012 - 07:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 September 2012 - 07:42 AM

Yes im using Utorrent,but had the notification while Utorrent wasnt launched.
And no im not using router or any wireless connection.

Edited by Zazzec, 27 September 2012 - 07:48 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 27 September 2012 - 08:09 PM

I cannot translate the line in Russian so I cannot say what that is.
The other lines indicate issues berween Uyorrent and Comodo.
I will say the infections you had came thru torrent downloads and that will continue.

You may need to re-ask post 7 in AntiVirus, Firewall and Privacy Products and Protection Methods as I believe its a firewall configuration..

This may be of help How to configure Comodo firewall 5 for utorrent
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 28 September 2012 - 07:30 AM

Guys im here for malware removal assistance,but it seems i have wasted my time here .

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 28 September 2012 - 08:32 AM

Well then the only thing to do is post a DDS log ab=nd see if something shws.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 28 September 2012 - 08:16 PM

:lol: :lol: :lol: I have already done it.

#14 Zazzec

Zazzec
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 04 October 2012 - 12:43 PM

BUUMP

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 AM

Posted 04 October 2012 - 03:59 PM

Repost a NEW topic so someone else reviews it wit a fresh approach... Else you can only Reformat
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users