Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? Please help


  • Please log in to reply
11 replies to this topic

#1 TrustTheDoctors

TrustTheDoctors

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:04 PM

So stupid me downloaded a tool I thought was safe. After extracting the files but not running anything  kaspersky said it blocked an attack and quarantined the time. Dark Comet. I heard this was a RAT, this RAT I've read about is very dangerous and can steal passwords. . I immediately deleted the files.  Next notavirus.exe tried acessing internet explorer but it was blocked. I had no idea what this was and was more concerned about the darkcomet. I looked at  the files in the quarantine Kaspersky said it was a Trojan dropper. I did a full scan and a critical scan and it came up with one adware which it said not a virus ad ware and two backdoor Trojans. Someone told me to do a system restore I did it and Kaspersky said my system was safe. No it was not . I did a root scan and it found one and deleted it. I used superantispyware to deleted 5 tracking cookies and Malewarebytes took care of allot of PUPS. I thought everything was fine but I looked using process explorer under internet explorer  and this came up  eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 now I checked again after closing IE and it's gone. I'm wondering if I'm still infected. Please help. 

I found this website after looking up the numbers http://www.threatexpert.com/report.aspx?md5=699b2b92fad39d4a55476e15a7d33bc5

 

I also used netstat and found no suspicious connections.

 Now also I'm noticing youtube vids breaking up but I don't know if that has anything to do with this. 


Edited by TrustTheDoctors, 08 January 2014 - 10:28 PM.


BC AdBot (Login to Remove)

 


#2 TrustTheDoctors

TrustTheDoctors
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:09 PM

Oh Also I found  the numbers compile with this http://www.threatexpert.com/report.aspx?md5=e8720247cbf73107f7b9edcf6b6b4e5e which I think I also was infected with something similar


Edited by TrustTheDoctors, 08 January 2014 - 10:13 PM.


#3 Goldie*7

Goldie*7

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:26 PM

I'm new here cause Windows accelerator pro has my win 8 computer.  I have not paid any money; I downloaded the deal from Abrams site but I have win 8.  Any hope?



#4 TrustTheDoctors

TrustTheDoctors
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:34 PM

I'm new here cause Windows accelerator pro has my win 8 computer.  I have not paid any money; I downloaded the deal from Abrams site but I have win 8.  Any hope?

I'm sorry I don't understand what you are trying to say.



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:12 AM

Posted 08 January 2014 - 10:39 PM

just wait for a malware specific helper... it is removable.

 

patience.



#6 TrustTheDoctors

TrustTheDoctors
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:46 PM

just wait for a malware specific helper... it is removable.

 

patience.

Oh. Okay, I thought it was something major since I've hear horror stories about this thing. Thanks :) I get anxious allot and these pills I'm taking for back pain cause my anxiety and worryess. 



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:12 AM

Posted 08 January 2014 - 10:49 PM

It is a serious problem, but there's super experienced people on here who will lead you through getting it off, you've come to the right place... There will be several steps involved, but you will be fine.



#8 TrustTheDoctors

TrustTheDoctors
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 10:54 PM

It is a serious problem, but there's super experienced people on here who will lead you through getting it off, you've come to the right place... There will be several steps involved, but you will be fine.

Okay thanks



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:12 AM

Posted 08 January 2014 - 11:38 PM

something you can do in the meanwhile is read this thread

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

and then post a new topic in this forum, following the guide above.

 

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

This will speed up the ability of our helpers to help you...

 

You can then report this thread (button next to edit on your posts) to request the admins to close it.

 

I would help you myself... but these things can be a bit tricky sometimes, it's better to wait for the malware team.


Edited by TsVk!, 08 January 2014 - 11:40 PM.


#10 TrustTheDoctors

TrustTheDoctors
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 January 2014 - 11:49 PM

something you can do in the meanwhile is read this thread

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

and then post a new topic in this forum, following the guide above.

 

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

This will speed up the ability of our helpers to help you...

 

You can then report this thread (button next to edit on your posts) to request the admins to close it.

 

I would help you myself... but these things can be a bit tricky sometimes, it's better to wait for the malware team.

Actually the virus was called backdoor.win32.darkkomet.aqzv 



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:12 AM

Posted 08 January 2014 - 11:57 PM

Mention that in your new thread with your logs.



#12 Goldie*7

Goldie*7

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 09 January 2014 - 08:21 AM

I have a new topic thread started and have a spare computer and my little acer so I am letting the infected computer with windows 8 rest. Thank you for your help. I especially enjoyed reading Lawrence Abram's 12/28 article and was able to download the registry file to my jump drive put could not get F8 to get me to the screen I needed. I will read these other links and keep working on it. -15 degrees here so I have to warm up the car to go to work. I will be back later today 1/9/2014. Thank you again for all your help. Goldie*7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users