Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help request


  • Please log in to reply
3 replies to this topic

#1 JoButt

JoButt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 November 2015 - 09:39 AM

Hello, everyone. I'm looking for some support regarding a possible security issue. It might be nothing, but.. I'd rather be safe than sorry.

 

I just ran HiJackThis and while some of it makes sense to me, I'm not savvy enough to be able to tell whether something's actually wrong. Can I post the full log here and get some assistance in figuring out whether I should be worried? I'm running Windows 7, with the most recent updates, if it matters.

 

And because I come from a Helpdesk background, here's the full (and I assume relevant) story of why I'm worried:

 

A few days ago I installed Trillian, thinking it still supports Skype, only to find out while using it that it doesn't anymore. Seeing as I'm rather stubborn when faced with a possilbe "No" I still went out looking for ways to get it working, seeing as there does seem to be a Skype component that simply isn't active in Trillian. And in that process I ended up on and logging into https://help.trillian.im/ , which now seems a little dodgy to me. Mostly because Chrome tells it's identity isn't verified. 

 

Anyway, that same evening, a good while after I had given up on- and closed Trillian, I suddenly noticed that the light on my webcam was on; this isn't normally the case when it's not actively being used by software. It took me a while to actually notice it because I usually have the thing turned to face my rig when not in use.

 

A look at the Task Manager at the time didn't reveal anything out of the ordinary for as far as I could tell, so I thought I'd reboot my machine, but maybe try to run Windows Update first. That immediately failed and gave me error code 80244019. Which, according to Microsoft, can have something to do with malware, trojans and viruses. So I then immediately restarted my machine and performed both a rootkit scan and a whole computer scan with AVG. The only things that came out of that were what I believe to be a false positives. As it marked an IRC log file from 2003 (which isn't new in any way) as a possible threat, along with three "This file is signed with a broken signature" warnings and one final "runtime packed nspack" warning.

 

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:07 PM

Posted 23 November 2015 - 12:59 PM

JoButt:

 

:welcome: to the Am I Infected Forum.

 

The rules in this Forum prohibit the posting of HijackThis logs, and other logs, such as those generated by FRST, Zoek, etc.

 

You have a choice to make.  If you want to have a member of the Bleeping Computer Malware Response Team (MRT) examine your logs, you should post in the Virus, Trojan, Spyware and Malware Removal Logs Forum.  Please follow the instructions here to expedite the review process.  Please note that the LOGS Forum is very busy, so it could take up to five days for an MRT member to initially respond.  After that, they are usually pretty prompt, but there is a backlog and too few MRT members to go around.  As you will note from the link in this paragraph, MRT members prefer to work initially with FRST logs.  If they want you to use additional scan and repair tools, you will receive instructions.

 

If you want to just do some quick scans in this Forum to see if anything obvious is amiss with your computer, then please let me know and I will assist you in running some of the simpler scans with tools that are permitted to be used in this Forum.

 

Your decision.  Have a great day, and welcome to the Bleeping Computer community.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 JoButt

JoButt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 November 2015 - 02:19 PM

First of all, thank you very much for the kind response! I realized after I had posted, that I kind of already broke a bunch of rules and felt like a complete dork. Sorry about that! ._.

 

I wouldn't mind trying some quick scans in this forum to check for any obvious problems. I suppose I could always try the other option after that, right?

 

So where do we start and what do I do? :)



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:07 PM

Posted 24 November 2015 - 07:27 AM

JoButt:

Thank you for your post. My name is Phil, and if you would permit me, I would like to address you by your first name, since we will be working together.

First off, you did not "break" or "bend" any rules. You didn't post your HJT log in this Forum, so there is no issue there. The reason for the prohibition of posting HJT, FRST, Zoek, etc., logs in this Forum is for your protection. Bleeping Computer has the philosophy of the medical profession, which is, above all, "do no harm." There are lots of well-intentioned folks who might want to help you with the advanced scanner logs, but who do not have the requisite training in the use of those tools. That leads to the possibility that your computer could be seriously compromised by following instructions that might be given to you. The Virus, Trojan, Spyware and Malware Removal Logs Forum is closely monitored to ensure that only qualified Malware Removal Specialists are permitted to post there, for your protection and the protection of other users with malware issues.

Personally, I am in training to qualify for the Bleeping Computer Malware Response Team (MRT). I started training back in April, but it will be many more months of intense training before I can expect to be designated as an MRT. There is a lot to learn. In fact, I had to just about complete the Junior Level training (there are three levels: Sophomore, Junior, and Senior) before I was allowed, by Bleeping Computer policy, to request permission to respond in this Forum. That's because they want to ensure that anyone "endorsed" by Bleeping Computer as a staff member, has the requisite skills with the less-advanced scanning tools.

Quite a digression, I know, but I just wanted to explain to you the rationale behind the approach here at Bleeping Computer. And yes, if during the process of running the less advanced scans, I find evidence that your computer may be seriously compromised, I will advise you to post in the Virus, Trojan, Spyware and Malware Removal Logs Forum, with a link to this thread, so that the MRT member who responds to your post is aware of what has already been done. The MRT member will then pick it up from there and go forward to disinfect your computer.

OK, so the first thing that I would like you to do for us is to run an ESET online scan for viruses.

2. ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



We are going to follow that up with a Malwarebytes Anti-Malware scan.

2. Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

So, what I will need from you is to paste the both the ESET and Malwarebytes Anti-Malware scan logs into your next reply, and we will go from there.

If I don't reply within 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users