Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman pro finds ''Quarantine.exe'' trojan over and over?


  • Please log in to reply
7 replies to this topic

#1 effingmalware

effingmalware

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 02 September 2013 - 11:37 PM

So I don't know how to remove whatever impossible to remove malware I have going on.  

 

When I run most scans they find nothing.  Even my Superantispyware no longer finds any cookies. I have tried to uninstall and reinstall it but it never finds any tracking cookies like it used to.  It feels like someone is disabling all my scanners from finding anything.  I know it's not working right (and probably lots of other scanners aren't either) because when I run hitman pro I just got a few dozen tracking cookies which it deleted. The primary threat it finds is a 'Quarantine.exe' file which it labels as a trojan in C:\Documents and Settings\Owner\Local Settings\Temp\ 

 

Further, when I try to run something like TFC it simply locks up. Several other scanners just do not work at all.  Rkill finds nothing to remove.  Adwcleaner does sometimes.  JRT finds nothing. (always used to)  Nothing ever gets permenantly fixed.  

 

Anyway Hitman defaults to 'Quarantine' the Quarantine.exe file but I have deleted it before and it constantly comes back.  What is this? Is it a residual trace of previous scans?  I know somethings going on.  

 

Also these tracking cookies hitman pro finds are all .com files.  Are they usually?  What can I scan with to try to remove everything.  I've done it all.  The only firewall I have up is mbam live security (which occasionally blocks ip address accessing) and the default windows xp firewall.  I would like to use a better firewall but this computer is slow and when I had comodo up and running it ran about 70% slower.  Any smaller type of firewalls I can use?  I think I need some kind of HIPS running and to define a policy so I don't keep getting reinfected.  What programs can I scan with to find out whats really going on?  Thanks


Edited by effingmalware, 02 September 2013 - 11:40 PM.


BC AdBot (Login to Remove)

 


#2 effingmalware

effingmalware
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 05 September 2013 - 06:34 AM

I just waited a few days and ran hitman again.  This time it finds TDSSKiller.exe as the trojan.  How could that file have become turned into a trojan?  I just quaranteened it and the fan instantly seems to be more relaxed. 



#3 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:44 AM

Posted 05 September 2013 - 06:55 AM

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

#4 effingmalware

effingmalware
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 06 September 2013 - 05:36 AM

I just started getting massive massive hd reading going on.  sounds like grinding. also the fan was switching on off on off like it does sometimes ive noticed when i have some malware or tracking cookies.

 

ive been looking through task manager but dont really see anything that is reading/writing that much.removed a bunch of recent software. anyway, i just uninstalled a ton of programs that i put on recently and anything i thought might be suspicious (including my old ccleaner and mbam).  installed new mbam will post the log after its done...



#5 effingmalware

effingmalware
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 06 September 2013 - 06:04 AM

mbam finds nothing : 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.06.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: COMPUTER-3815 [administrator]
 
Protection: Disabled
 
9/6/2013 3:49:07 AM
mbam-log-2013-09-06 (03-49-07).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206817
Time elapsed: 13 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
i notice when i run hitman pro, it found one tracking cookie threat, yet after that it says 6 threats total... where are those displayed?  why doesn't it show them?  strange?  meh.  I just wish something would stop reinfecting my comp.  This hd accessing is so irritating


#6 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:44 AM

Posted 06 September 2013 - 06:36 AM

Your PC seems clean, HDD grinding could indicate hardware problem...



#7 effingmalware

effingmalware
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 06 September 2013 - 05:57 PM

na can't be.  the hd light is blinking nonstop and i hear constant accessing.  even before i connect to the internet (i have it set to on demand).  i have been reformating the os monthly because these issues always return but are seemingly fixed upon a reformat.  it doesn't seem there is any kind of scanner that can permenantly remove whatever the heck it is.  right now, the hd is constantly accessing. there is no other program open other than chrome.  it's as if theres a background scan going on or something else like a background torrent application i have no idea.

 

also, on previous os installs, i always ended up getting reinfected with a file called 'catchme'  or 'catchme.sys'  which i looked up is a key logging trojan.  i believe i am constantly reinfected from the same hacker who has taken an interest in me.  this last time i even flashed the bios but that didn't seem to help much either.  I have some browsers set to accept cookies so that I can log into sites while others block all with various adblocks and etc settings.  when i try to whitelist sites to allow cookies it never seems to work and i always end up having to use a cookie-enabled browser.  maybe this is how i keep getting reinfected i dont know.  i dont know what to do its annoying constantly having to reformat just to keep my pc clean.  



#8 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:06:44 AM

Posted 07 September 2013 - 02:31 AM

If you think you're infected, then open the topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

If not, tell me is your system updated, do you have Antivirus, are you keeping your applications updated?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users