Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSS Labs Sues CrowdStrike, Symantec, ESET, AMTSO for Alleged Testing Conspiracy

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

malware draining internet bandwidth

Started by tensa , Sep 02 2017 02:22 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 tensa

tensa

  • Members
  • 33 posts
  • OFFLINE
    •  
  • Local time:10:08 PM

Posted 02 September 2017 - 02:22 AM

Good morning. I am Tensa. Yesterday,  I downloaded a hollywood movie. It was a zip file. I opened it. It asked for a password to play it. In another page it said you can get password from this link. I opened that link but, no password I got. May be it was a malware. From that moment on it is draining my internet bandwidth so badly. I scanned my pc with malware bytes anti malware nothing has changed. Please, help me to solve this problem. Here is log.

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2017/09/02 10:44:19 +0530</date>
<logfile>mbam-log-2017-09-02 (10-44-18).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2017.07.31.01</malware-database>
<rootkit-database>v2017.05.27.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>MADHAVA</hostname>
<ip>172.28.32.61</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>naresh</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>275816</objects>
<time>1072</time>
<processes>0</processes>
<modules>1</modules>
<keys>16</keys>
<values>2</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>enabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<module><path>C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll</path><vendor>Trojan.SathurBot</vendor><action>delete-on-reboot</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></module>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>21ac4824beeb96a03507b68490703cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}</path><vendor>Trojan.SathurBot</vendor><action>success</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>2aa3a5c7a405f442e3f8d4567d83f40c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>15b83f2d7f2ab77f789b62c8d729d927</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>7756beaebeebaf87c9a5a398629e8a76</hash></key>
<key><path>HKLM\SOFTWARE\REIMAGE\Reimage Repair</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>5e6fc6a6d9d0fd39328bbe8307f9728e</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Reimage</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d900e5e4564c07626e384d7f60a748c</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief.</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>814c3636a40573c3d77bc175c9378b75</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\REIMAGE\PC REPAIR</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>517c45270d9c48ee9dfa2c01946c9f61</hash></key>
<value><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0</path><valuename></valuename><vendor>PUP.Optional.Reimage</vendor><action>success</action><valuedata>REI_AxControl 1.0 Type Library</valuedata><hash>7756beaebeebaf87c9a5a398629e8a76</hash></value>
<value><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\REIMAGE\PC REPAIR</path><valuename>QuitMessage</valuename><vendor>PUP.Optional.Reimage</vendor><action>success</action><valuedata> </valuedata><hash>517c45270d9c48ee9dfa2c01946c9f61</hash></value>
<file><path>C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll</path><vendor>Trojan.SathurBot</vendor><action>delete-on-reboot</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></file>
<file><path>C:\Users\naresh\AppData\Local\Temp\amipixel.cfg</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>10bd6705c6e344f23dd4df0944be09f7</hash></file>
<file><path>C:\Windows\Reimage.ini</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>1faea4c86d3caf870f3d0576926f1be5</hash></file>
</items>
</mbam-log>

Edited by Al1000, 02 September 2017 - 04:25 AM.
moved from Web Browsing/Email and Other Internet Applications

BC AdBot (Login to Remove)

 

#2 buddy215

buddy215

  • Moderator
  • 13,256 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:38 AM

Posted 02 September 2017 - 05:38 AM

Welcome to BC...

 

One trojan mentioned in that log is: Trojan.Sathurbot is a Trojan horse that opens a backdoor on the compromised computer. It also steals information and downloads potentially malicious files.

 

I think it best for you to start a new topic in the malware removal forum. Follow the directions below for doing that.

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,095 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:38 AM

Posted 03 September 2017 - 07:56 AM

New topic in Malware Removal Logs forum:  https://www.bleepingcomputer.com/forums/t/656078/infectedwith-trojan-local-disk-c-space-decreased-using-internet-bandwidth/ .

 

Please do not duplicate that post again.  Further instructions will be forthcoming in the topic indicated above.

 

To prevent further confusion, I am closing this Am I Infected topic.

 

Thanks :).

 

Louis


Malware Removal Logs Forum

Preparation Guide, Malware Removal Assistance

Windows Crashes, BSODs,Hangs Help & Support Forum

BSOD Forum Posting Guide

Backup, Imaging, Disk Management Forum

 

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·