Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded an infected file, what can I do now?


  • Please log in to reply
5 replies to this topic

#1 Guntosh

Guntosh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 28 December 2013 - 06:57 PM

Hello BC community, today I was searching for a keyboard macro to use in a game, it was zipped, had no password and was not detected by Eset Nod 32, I am using Windows 7 64 bits but I don't have a installation cd (custom pc). When I opened it, my default browser (Google Chrome) crashed and my computer rebooted. Then my anti virus found cmsetac.dll and ntdtcstp.dll, both were rated as win32/cakl.nag trojan and couldn't be cleaned, I already tried finding them with regedit, regscanner and msconfig but found nothing. I'm scanning my pc with Malware Bytes right now and found 4 objects so far, I'm also running Security Check by Screen317. I was reading some stuff at Virus Radar and I have a log file named "KB8888239.log", according to VR that is where the collected files go before being sent to a remote machine (scary stuff lol). These dlls are also related to mstwain32.exe, there's a folder in Windows folder called twain_32 and a dll file called twain_32.dll, but I don't want to go around deleting stuff. I think that is all the info I can give at the moment, as I'm still scanning with MB. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:56 AM

Posted 28 December 2013 - 07:00 PM

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.

  •     Click on Change Parameters and click Detect TDLFS File System.
  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  •     Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  •     Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.
ADW Cleaner


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 Guntosh

Guntosh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 28 December 2013 - 07:04 PM

Can I run these programs while MB and ESET are running?

 

Edit: I mean, can I run FSS and TDSS


Edited by Guntosh, 28 December 2013 - 07:10 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:56 AM

Posted 28 December 2013 - 07:45 PM

run each tool separately.

#5 Guntosh

Guntosh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 28 December 2013 - 07:57 PM

I have to get out of the computer now, maybe tomorrow I will be able to get on and run these tools, thanks a lot for your help.



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:56 AM

Posted 28 December 2013 - 08:17 PM

You are welcome just post the logs when you have them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users