Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spygate RAT infection...


  • Please log in to reply
4 replies to this topic

#1 trm34669

trm34669

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 27 October 2014 - 09:34 PM

Hello,

  I had a problem with a game I installed saying that it couldn't be loaded due to a problem with Microsoft C++ Visual files and downloaded a fix which happened to be infected. I got the game working but I am constantly getting notifications from norton about System Infected: Spygate RAT attack trying to send information to an ip address but no way of fixing the issue. I have scanned with Norton, Malwarebytes PRO,  and Anti-Rootkit but none of them seem to find the problem. I even tried the darkcomet removal tool which found a windows update disabler and said it fixed it but still have the same issues.  I get the notifications between every 10-30 minutes of it trying to send info and norton stopping it. Any help would be appreciated. Thank you



BC AdBot (Login to Remove)

 


m

#2 trm34669

trm34669
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 27 October 2014 - 09:43 PM

Didnt know if this would help but this is what norton tells me: 

 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
10/27/2014 10:00:49 PM,High,An intrusion attempt by c1.allocal.info was blocked.,Blocked,No Action Required,System Infected: Spygate RAT Activity,No Action Required,No Action Required,"c1.allocal.info (54.69.32.99, 80)","c1.allocal.info/?step_id=1&installer_id=1119929340200492211&publisher_id=3888&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=4&download_id=8027888101480062157&external_id=1414356524866831962&installer_type=IX_2013&hardware_id=1857999432724316382&session_id=1456677933452913569&external_id=1414356524866831962&q=Fix+0xc0000142.7z&q=Fix+0xc0000142.7z&product_name=Fix+0xc0000142.7z&installer_file_name=Fix+0xc0000142.7z&st=0&ifr=1&ttl=1414356524867&enc_u_p=1&filesize=&installer_type=IX_2013&include_signature=0&pic=1&include_signature=0","CRAZEDMSI-PC (192.168.1.19, 50834)",54.69.32.99 (54.69.32.99),"TCP, www-http"
Network traffic from <b>c1.allocal.info/?step_id=1&installer_id=1119929340200492211&publisher_id=3888&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=4&download_id=8027888101480062157&external_id=1414356524866831962&installer_type=IX_2013&hardware_id=1857999432724316382&session_id=1456677933452913569&external_id=1414356524866831962&q=Fix+0xc0000142.7z&q=Fix+0xc0000142.7z&product_name=Fix+0xc0000142.7z&installer_file_name=Fix+0xc0000142.7z&st=0&ifr=1&ttl=1414356524867&enc_u_p=1&filesize=&installer_type=IX_2013&include_signature=0&pic=1&include_signature=0</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. 


#3 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:21 AM

Posted 31 October 2014 - 03:46 PM

Hi,

 

Your Post is a few days old. If you still need help download and generate a FRST log and we will go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
     When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from, your desktop.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#4 trm34669

trm34669
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 31 October 2014 - 06:58 PM

Thanks for the reply. I went ahead and backed up my important files and re installed windows since the file affected by the virus seemed to be the svchost file. I hasn't most of my drivers and windows updates done but still have to reinstall my programs and files. Thank you though

#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:21 AM

Posted 01 November 2014 - 02:51 PM

Ok thanks for letting me know. Happy Safe surfing out there.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users