Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All downloads get error: "....contained a virus and was deleted"


  • Please log in to reply
13 replies to this topic

#1 notasoccermom

notasoccermom

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 30 May 2013 - 03:38 PM

I was definitely infected with one of the malware programs that mocked being an anti-malware/anti-virus tool, and I was able to get rid of MOST of it.  MalwareBytes and HitMan Pro got rid of the trojan files (I also ran Spybot and TDSS Killer which didn't find anything), but I'm still being plagued by an after affect of it.  EVERY file I try to download from the internet gets the above error message and it gets deleted.

 

I re-ran Hitman Pro and it found that my Internet Explorer was being redirected to a Proxy server "localhost:23012".  I found that in my registry and modified the keys to not redirect and I removed the Proxy server address. (Internet Explorer options did not show a proxy server being used).

 

However, I still cannot download files from the internet.  Very frustrated!!



BC AdBot (Login to Remove)

 


#2 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 May 2013 - 04:04 PM

I have this exact same issue too, I can't download through chrome or IE - sounds like you had the same trojan that I had, it's messed up all my registry keys as well.



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 30 May 2013 - 04:20 PM

I think you guys might be infected in the ZeroAccess rootkit which often uses tactics like this. Also ZeroAccess is known to download other malware like Trojans on to your machine.

I suggest that you make your own topic about this ruddyidiot. I also feel like this will need elevated help since I believe we are dealing with ZeroAccess.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 May 2013 - 04:24 PM

Hi Toffee.

 

It sounds like we have been infected by a very similar virus doesn't it.

 

I started a post regarding mine, http://www.bleepingcomputer.com/forums/t/496430/another-one-bites-the-dust-think-the-infection-is-gone-but-computer-still-buggy/ if it is easier I am happy to be guided by the same help as ZeroAccess if it's easier?

 

Thanks.



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 30 May 2013 - 04:36 PM

I just looked at your topic you are definitely infected with ZeroAccess.
That will require elevated help, please do this for me (this goes for both of you)
 
Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Also this topic and the other one does not need to be open as this new topic should take care of any issues you have.

Edited by xXToffeeXx, 30 May 2013 - 04:37 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 May 2013 - 04:53 PM

Hi Toffee.

 

Understood. I will start going through that guide and getting the necessary, or at least attempting the necessary logs tomorrow. It is late here in the UK and I have to be up early so need to get to bed. Please can you leave this thread open so I can review your steps again tomorrow.

 

Thanks for all the help and your instructions so far, I promise it has been greatly appreciated.

 

Cheers,

Tom



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 31 May 2013 - 01:47 AM

Take the time you need :) I am also from the UK and know how late it is. The thread will not be closed until you and notasoccermom are ready and have made the topics. Just post here with a link to your new topic once you have made it just so I know.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 31 May 2013 - 03:50 AM

Hi again Toffee.

 

As per your instructions I have created a new post regarding the ZeroAccess virus I have encountered. You can view that post here, http://www.bleepingcomputer.com/forums/t/496529/computer-infected-by-zeroaccess-think-the-virus-has-gone-but-pc-is-unhealthy/

 

I have also attached the DDS logs.

 

Can you confirm that I have done all that is needed up to this point?

Thanks,

Tom            



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 31 May 2013 - 04:02 AM

Hello Tom,

 

Looks good, I would also suggest that you post the logs from the other tools you have run so far in another post in order to give who is helping you more information. Otherwise, just wait for a member of staff to help you and follow what they say.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 31 May 2013 - 04:19 AM

Unfortunately I've not kept a copy of each of the logs :( Poor show on my behalf. I am happy to run any of the scans again though to get any appropriate log needed.

Thanks for all the help Toffee, much appreciated.



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 31 May 2013 - 04:35 AM

Hi Tom,

 

I see, it shouldn't impact too much, although it would have been easier if we did have these since we would know what had been deleted. Did you delete the logs, or do you not know where they are? The Malware Response Team member who will be helping may want you to run these scans again, but for now you should not attempt anything else without consulting them first.

 

xXToffeeXx~


Edited by xXToffeeXx, 31 May 2013 - 04:36 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 ruddyidiot

ruddyidiot

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 31 May 2013 - 05:32 AM

Yeah I deleted the logs off my computer, silly really. Problem is I had no guideance and assumed I could fix the problems myself... morale of that story, never assume, it makes an ass out of u and me - and right now I am feeling like the worst biggest ass with a broke computer :/



#13 notasoccermom

notasoccermom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 31 May 2013 - 08:04 AM

I'll get started on this too, but I'm laughing because the DDS download can't be downloaded from my computer--it gets "deleted"!  I'll download it to one of my servers and then copy it to my PC....I just thought it was funny!



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:12 PM

Posted 31 May 2013 - 08:39 AM

Hi notasoccermom,

 

Well normally you can download DDS, but I can see that you wouldn't be able to because of ZeroAccess's defence mechanism. Good to know that you have other ways to "download" DDS (and yes, it is quite funny xD)


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users