Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help removing malware


  • Please log in to reply
2 replies to this topic

#1 AvengerNinja

AvengerNinja

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 28 April 2013 - 08:11 AM

I've been getting email errors from norton about some spam pharmacy emails and I searched for this error on the internet and it appeared that it may be caused by a malware. Can you help me detect this malware?

 

Edit: No Logs posted, Moved to a more appropriate forum

Roger


Edited by rotor123, 28 April 2013 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 Eric Bennett

Eric Bennett

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Granby, MA (United States)
  • Local time:06:13 AM

Posted 28 April 2013 - 08:56 AM

Hi AvengerNinja,

 

Could you please run a full system scan with MalwareBytes Anti-Malware and post the results of the scan below?

 

Please download MalwareBytes here.

 

If you need help running the program, please refer to this guide.

 

Also, please use the <> button at the top when pasting scan results.

 

Cheers!

 

-Eric Bennett


Eric Bennett (ebthepcguy) | Helping People One Post At A Time | YouTube Twitter Facebook Email me | Forum Rules Homepage | My Profile


#3 AvengerNinja

AvengerNinja
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 28 April 2013 - 12:52 PM

Thanks man! I tried it and it worked and I no longer get the email errors from norton!

 

Norton itself couldn't find all the malware and delete them but malewarebytes did. Norton only notified me of the email errors and said "no action required". Is norton a bad anti-virus? What is the best program to protect me from all these stuff and hacks and attacks? I'd love to see any recommendations. Also do you have any idea where I got this infection from and how to avoid it in the future?

 

Here are the results and I've rebooted my pc after this so the remaining bugs were eliminated too:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
hp :: HP-PC [administrator]

Protection: Enabled

28/04/2013 05:15:39 م
mbam-log-2013-04-28 (17-15-39).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 603903
Time elapsed: 1 hour(s), 31 minute(s), 38 second(s)

Memory Processes Detected: 1
C:\Users\hp\AppData\Local\Temp\1367456346.exe (Backdoor.Agent.DDN) -> 5444 -> Delete on reboot.

Memory Modules Detected: 1
C:\ProgramData\EdfepxoPqelt.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\hp\dxlfdoasa.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSNetDDNowiz (Backdoor.Agent.DDN) -> Data: "C:\Users\hp\AppData\Local\Temp\1367456346.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Time (Trojan.Agent) -> Data: rundll32.exe "C:\ProgramData\EdfepxoPqelt.dll",EntryPoint -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent.RSRVGen) -> Bad: (c:\users\hp\dxlfdoasa.exe) Good: () -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Users\hp\dxlfdoasa.exe (Trojan.Agent.RSRVGen) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Local\Temp\1346826809.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Local\Temp\1347185233.exe (Trojan.Agent.RSRVGen) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Local\Temp\1353753157.exe (Trojan.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\hp\Favorites\Downloads\GameCamXPress261_Setup.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\hp\Favorites\Downloads\GameCam_V250_Setup.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Users\hp\Favorites\Downloads\SoftonicDownloader_for_origin.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Local\Temp\1367456346.exe (Backdoor.Agent.DDN) -> Delete on reboot.
C:\ProgramData\EdfepxoPqelt.dll (Trojan.Agent) -> Delete on reboot.

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users