Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kazy/Backdoor.Papras- Hacker got my PayPal info


  • This topic is locked This topic is locked
2 replies to this topic

#1 josalyn

josalyn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 December 2014 - 10:31 PM

Hacker got my PayPal info, charged $700 for an iPhone off ebay and now I'm dealing with viruses. I logged into my bank earlier and immediately a pop up from my antivirus said a virus had been detected. I just ran a full system scan with my antivirus (keeps finding Kazy and quarantining it), and Malwarebytes (found Backdoor.Papras). The bank is aware, I changed my password last week when this first happened but I wasn't running the antivirus I have now, it's a new computer and idiot me didn't get around to installed the usual things I keep on here to protect myself. I have the internet turned off whenever possible, and won't be logging into my bank. I do work from home on the computer so need to use it, is it safe to log into work only?

 

I'm also getting an error pop up every time I boot the computer, the location is one of the Kazy items the antivirus found. It says..
RegSvr32

The module C:\ProgramData\Betiylywar\ZanafQospe.dts failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. Access denied.

 

I've googled a bunch, not totally new to dealing with malware, have a degree in IT but I am far from a pro or as good as you guys. Since this is sensitive information and my money I wanted to see if you all had some advice. I tried running DDS and it says it can't run in compatibility mode? Thank you for any help you can give!

 

This is MWB log-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/21/2014
Scan Time: 9:19:45 PM
Logfile: MWB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.22.01
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Josalyn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366522
Time Elapsed: 59 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Backdoor.Papras, c:\Users\Josalyn\AppData\Local\Temp\pgnrusj.dat, , [d603560f2557db5b5659cc2ff8092fd1],
Backdoor.Papras, c:\Users\Josalyn\AppData\Local\Temp\qsbzghk.dat, , [92477de8e795013536e236c4857cd42c],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by josalyn, 21 December 2014 - 11:07 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 PM

Posted 26 December 2014 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:32 PM

Posted 31 December 2014 - 10:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users