Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ORDER_JB462-20131218-17586.ZIP Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ladymaestro1

Ladymaestro1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 27 December 2013 - 07:47 PM

Hello. I am new here. I have Windows 7. I was an idiot and downloaded this ^#%##$# fake Amazon email file to my computer the other day (see file name in Topic Title) and it got into everything. It kept popping up a window asking me if I wanted to run C:windows\syswow64\cmd.exe " \c c:\progr~3\msewhx.exe. 

 

I have McAfee and it kept shutting off the firewall. I got it to stop doing that. I downloaded Malwarebytes and it found three trojans which it quarantined and deleted. I booted into safe mode and found the msewhe.exe file it wanted to run and I deleted that. I then created an entirely new administrator profile, moved all my docs and pics over and deleted the old profile. I can now boot up without the window popping up incessantly. However, my IE LAN connection settings keep reverting to "open with proxy server" which then cannot be found and the internet stops working. I keep resetting them to "Automatically Detect" so I can use my wireless to get on here. 

 

I have run Hijack this. From the desktop shortcut, it kept telling me that it had no access to my hosts file and every time that I tried to "analyze this", it told me I had no internet connection. I went directly to the program and right-clicked it to "run as administrator" and that now works and I now have a log file. A web search on ORDER_JB462 brings up a malwr analysis of the executable and what it exactly does, but I do not know how to undo everything. A look into my registry shows some suspicious things. What can I do with my HijackThis log file and how can I go through and eradicate everything that the executable did? I am concerned that it is spyware and that it has made system changes and taken over certain administrator rights.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:29 AM

Posted 28 December 2013 - 07:38 AM

HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Ladymaestro1

Ladymaestro1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 December 2013 - 03:58 PM

Good Afternoon, quietman7. Thank you for the detailed explanation and instructions. I have done as you requested. The new topic is here: http://www.bleepingcomputer.com/forums/t/518882/order-jb462-20131218-17586zip-infection/. I zipped the dds logs and attached them to the new topic in the Virus, Trojan, Spyware, Etc. forum. Thanks again.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:29 AM

Posted 28 December 2013 - 05:54 PM

You're welcome.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users