Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on bleepingcomputer.com thread?


  • Please log in to reply
4 replies to this topic

#1 beluga

beluga

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 11 June 2013 - 11:47 PM

Having hit an email virus on our laptop, I was desperately looking for expert advice on scanning and cleaning computers. Googling anything to do with malware will attract the bad guys as much as genuine help, so it was a difficult choice. After reading some review and forum posts I decided to put my trust in bleepingcomputer and signed up. I received great advice from Broni and hopefully now can enjoy a clean laptop again.

 

Coming back here to improve my knowledge on malware I browsed some forum topic and when opening "Attempted to run GMER..." a popup window appeared asking:

 

"Do you want to update your Adobe Reader?"

 

That looked very suspicious. This is new Win7 machine freshly built with only MSE, MBAM and SBIE installed. I was inside the Sandbox so killed everthing straight away.

 

Can this thread be compromised? is my brand new machine compromised or what else?

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 12 June 2013 - 01:22 AM

Hi -

Any new computer that is just set up may not have all of the software updated.

 

Please run this quick scan first ang we can see -

It may, or may not give you a warning, but that only depends on your Security settings and programs. See my NOTES - It is 100% safe -

 

Download Screen317Security Check from Here and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt;
* Please Copy / Paste the contents of that document back here.

 

NOTE 1. If one of your security applications (e.g., third-party firewall, etc) requests permission to allow DIG.EXE (or a similar file) access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
 

Thank You -



#3 beluga

beluga
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 12 June 2013 - 04:50 AM

Hi noknojon

 

Thanks for taking this on.

Firstly I would like to clarify my situation here and hope you will forgive me if I don't follow all your instructions to the letter.

 

As I said above, an unfortunate click on an infected email in hotmail (ie browser) triggered some unknown action on the laptop.

 

I am at IT professional, semi-retired now and well out of date with all that Windows' wizardry but still have a house full of computers and computer bits of all ages. All these computers are or have been connected to the home network at some stage. Some have had viruses removed by AV scanners recently or in the past.

 

Having now had a confirmed malware hit (hotmail was hijacked and sent the virus further), I am concerned about what could have happened locally with further infection over the LAN. I have a LAN printer and Android devices also. Since all the scans suggested by Broni did not find anything on the laptop, could it be some new malware not yet identified?

 

The bottom line is that I don't trust any of my computers anymore. However, I still need to check my email, pay my bills etc. so I need a clean machine. I pulled out a new motherboard and new sdd disk that I had bought for another project and started from scratch. This is not a newly bought computer from a retailer with all the bloatware that comes with it.

 

Install Windows 7 Home Premium from a generic install disk

Plugged into the LAN (firewall on as public network)

Installed MSE - ran full scan

fired up IE and proceeded to change my passwords on critical accounts

Ran Windows Update (which keept finding new stuff to update over the past 3 days)

Downloaded Sandboxie 3.76

Downloaded MBAM

Ran several full scan with MSE and MBAM along the way.

Assuming that the machine is still clean I started browsing but only sanboxed

While on bleepingcomputer.com, I was shocked to see an Adobe Update pop up.

I revisited the threat since my first post and the message did not appear.

 

I ran SecurityCheck in the sandbox (should make no difference as the sandbox is tranparent to any program unless trying to write to kernel. The log is indeed minimal as expected.

 

Now I can't even trust this one it seems. I don't know what to think anymore :-(



#4 beluga

beluga
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 12 June 2013 - 04:53 AM

Here is the sandboxed checkup.txt

 

 Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 12 June 2013 - 06:38 PM

Hi -

I have fully gone over your last topic with Broni, and in this area of the forum we can only run certain tools. Even with your new full reinstall I would not be able to add more items other than what you have already done.

The Experts in Virus, Trojan, Spyware, and Malware Removal Logs are able to use more tools than we can here, and can ask for other scans, like DDS and OTL type of checks for more information.

Below are the links and steps to take to post a new topic in the Malware Logs area.

 

Please read Preparation Guide mainly from Step #6 and create the logs requested to post a new topic in Virus, Trojan, Spyware, and Malware Removal Logs

Please post to the Malware Removal Logs area even if you are unable to produce the requested logs and fully describe your problems, and an Expert will assist you with a search for, and removal of any problem, as soon as one is available -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users