Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could be infected but not sure


  • Please log in to reply
12 replies to this topic

#1 AmyM247

AmyM247

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 28 January 2014 - 01:08 PM

Hi everyone, this is my first post here but this forum has helped me clean many infections in the past so thanks! Here is my problem today. I work as a subcontractor for a small web design company maintaining websites. Updated a client site yesterday with some YouTube links, today we get an S.O.S. from them saying google is giving a "your site may have been hacked" message. No idea how long that may have been the case, prior to yesterday I hadn't worked on the site in months.

So I immediately updated my MBAM and started a scan. It looked funny because the scan started in the wrong partition of my hard drive and started showing non-existent gibberish file names made of all symbols. Also, after about ten minutes my computer would produce the blue screen of death and have to be restarted. I'm now in safe mode doing a full scan and after 2 hours it's found nothing.

I am on a Thinkpad T420 running Windows 7 enterprise.

One of the clients scanned her Mac with Sophos and found bredozp-d, phish-a, and pdfjs-xw. I'm not familiar with Sophos, and can only find reference to these infections in their forums, so...no help there?

Prior to the bizarre MBAM scan my computer was behaving normally, no slowdowns, misdirects or weird messages. Nothing I can find on the web is helping me decide if I actually have a problem to worry about here so I'm turning to the experts...if my scan finds nothing should I just relax, or if not, what's my next step? Thanks in advance for any advice you can offer!

BC AdBot (Login to Remove)

 


#2 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 28 January 2014 - 03:44 PM

Just an update to this issue, MBAM scan in safe mode found nothing and I see no suspicious processes other than the obviously spoofed scan that runs when I start up in normal mode. Symantec scan also found nothing. Has anyone seen Malwarebytes behave this way? File names showing as long strings of symbols? Thanks for any help you can offer.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 PM

Posted 28 January 2014 - 09:07 PM

Hello Amy let's try running RKIll then MBam. Post both logs please.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 29 January 2014 - 12:54 PM

Hi thanks for your help! I'll post the Rkill log at the end of this post. I'm still not able to run MBAM, in full scan mode the scan starts normally, in the c: partition, then within 3-5 minutes switches to d:, listing no particular folder and giving the junk file names. The scan slows to a crawl and if I try to do anything else on my computer at that point the whole thing freezes up. I was trying to get a screen shot to post and had to do a hard reboot just to get back online to post this.

 

Just as an aside, I ran a quick scan yesterday after trying to make some changes in the MBam settings and the quick scan looked normal and found nothing.

 

So... now that I had to restart, should I run Rkill again? 

 

Log from first scan:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/29/2014 12:31:54 PM in x86 mode.
Windows Version: Windows 7 Enterprise Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\Wake\DeaconHelp\TrayApp.exe (PID: 5504) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  127.0.0.1       localhost
 
Program finished at: 01/29/2014 12:32:59 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)


#5 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 29 January 2014 - 01:22 PM

Hi again, I was able to get a screen grab but can't figure out how to post it... can someone let me know how to upload media? Sorry, I checked the help files but can't find anything. Hopefully not missing something really obvious.  :wink:



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 PM

Posted 29 January 2014 - 07:03 PM

How To Capture And Edit A Screen Shot. - http://www.bleepingcomputer.com/forums/topic43088.html

Post 4 by Andrew is probably the easiest.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 30 January 2014 - 11:25 AM

So sorry, but what I need help with is attaching this image, not creating it... I don't seem to have access to the attachment area for posts which I'm seeing elsewhere on the site. Seems like that feature isn't enabled in this part of the forum, should I repost my issue with a screen shot elsewhere?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 PM

Posted 30 January 2014 - 11:33 AM

Yes there are No Attachments in AII..

you can try Inserting

In order to insert an image within a post. First you must save it to your Hard Drive.

> Right click on image of choice
> Left click on > save as

> clear box and name as you wish.
> click on > save
> It will now be saved on to your Hard Drive

You will now need to Host the image at a Photo Hosting Site.

I use and recommend Photobucket. It is a great photo hosting site, plus registration is free. Unless of course, you choose the premium service.

> Go to Photobucket
> Sign up > log-in
> Click on the > browse button. Find your image and then click > submit.

> You will then see your pic uploaded

> Three links will show under the image itself.

> Sample Album


> For a small to medium size image. Copy the IMG link.

> IMG Example: 2dazed_honorScarlett_2.gif

> For a large image. Copy the URL
> This saves on bandwidth. Pages will also load much faster for those on dial-up.


> URL Example: http://img.photobucket.com/albums/v317/sca...18/IMG00057.jpg

> Paste the link into your post

> Note: Actually for images that are quite large, as in desktop screenshots. I use the photo hosting site ImageShack. Which is a free service as well. Since it allows a maximum image size of 1024 kb. Photobucket has a maximum allowance of only 250 kb. They will be re-sized if they are larger. And the image will not be as crisp.

ImageShack

Click on Register in the top right hand corner.
Check your e-mail for your activation link
Click on > Browse
Then click on > Host It
Then click on the link > My Images
You will now see that your image has been uploaded.
> copy eiether the Thumbnail Code for forums. The thumbnail code will create a clickable thumbnail.

Example: Clickable Thumbnail

mbawallpaper1024jellyfish5xe.th.jpg


> Or the Direct code. Just under the thumbnail code.

Example: Direct http://img340.imageshack.us/img340/9320/thimg000573fi.jpg

Now if you wish to insert a signature or a small image, that will show in all of your posts. You must do this.

> Copy the IMG link
> Go to your Control Panel @ Bleeping Computer
> On the left hand side go to> Personal Profile > Edit Signature
> For a signature > Paste the IMG link in the text box
> To insert a small image > Paste the IMG link eiether before or after your Signature
> For eiether choice > Click on Update Signature

Note: Images in signatures must also be no larger than 500 pixels wide X 90 pixels high. Also please keep in mind that offensive content is prohibited. This applies to both text and image's.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 30 January 2014 - 11:46 AM

Thanks for your patient explanation :) I did try that using a photo upload to imgur because I didn't want to create an account anywhere, got too many as it is... when I inserted into the post it didn't look like the link was functioning properly, and now I get that that service isn't allowed?  Did the Imageshack account, so here's what my problem looks like. Wondering if this is a MBAM problem? Should I just reinstall it?

 

ndpi.jpg



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 PM

Posted 30 January 2014 - 11:52 AM

Yes reinstall

https://forums.malwarebytes.org/index.php?showtopic=122284
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 31 January 2014 - 09:31 AM

Good morning, sad to report that uninstalling and reinstalling Malwarebytes hasn't changed anything. The weird file names I posted start in full scan mode after about five minutes. Once they've started, I can't do a thing with the computer and have to do a hard reboot.  Still no other indications of infection though... not sure what to do.



#12 AmyM247

AmyM247
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 31 January 2014 - 11:16 AM

Hi again, you can close this thread and thanks for your help. The problem was Bitlocker, my laptop is a company owned one and they recently encrypted our hard drives. I hadn't run Malwarebytes in awhile and as it turns out it won't run on the encrypted drive but no one seemed to know that until I mentioned my problem to one of our IT people in the course of a separate conversation. Appreciate the time you spent talking me through things!



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:25 PM

Posted 31 January 2014 - 02:13 PM

Well there ya go. Thanks for the update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users