« previous next »
Pages: 1 [2] 3 4 5 6 7 ... 12

Author Topic: Uhm, virus? Help?  (Read 10604 times)

Lando The Climber²

February 03, 2013, 12:41:31 PM
Quote from: Evar678 on February 03, 2013, 12:39:04 PM
Nooo, I'm totallyy not sure that I live in another country. Jesus, somebody shoulda told me that..
No need to be a prick about it

Ad Bot

Advertisement

Evar678

February 03, 2013, 12:43:05 PM
Quote from: Lando The Climber² on February 03, 2013, 12:41:31 PM
No need to be a prick about it
I'm sorry my attitude isn't what it normally is considering I'm presumably being hacked.

Log:
Code: [Select]
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evar678 :: EVAR678-HP [administrator]

Protection: Enabled

2/2/2013 5:41:37 PM
mbam-log-2013-02-02 (17-41-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243838
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EF96EDE0-E1F8-4EB2-956B-D54DF35335E4} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\Interface\{44C0ECF5-4AC6-4E39-8091-E57070F8945A} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Quarantined and deleted successfully.
C:\Users\Evar678\AppData\Local\Temp\DNS.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Evar678\Local Settings\Temporary Internet Files\Content.IE5\AHLU549W\DNS[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)

Mr.jacksaunt

February 03, 2013, 12:43:40 PM
Quote from: Evar678 on February 03, 2013, 12:39:04 PM
...
Nooo, I'm totallyy not sure that I live in another country. Jesus, somebody shoulda told me that..
So you're saying that's your ip, yet it's in argentina.

Comatose

February 03, 2013, 12:44:44 PM
iexplorer.exe is the file used to initialize Internet Explorer.

Based on the lines of code and from what I can piece together, the malware may be attempting to delete Internet Explorer to in order to hinder your computer's performance and permanently damage the OS.

I don't know what kind of malicious software this is. Google searches have turned up nothing. If possible, try a system restore back to a point before you downloaded whatever it was.

Evar678

February 03, 2013, 12:45:58 PM
Quote from: Mr.jacksaunt on February 03, 2013, 12:43:40 PM
So you're saying that's your ip, yet it's in argentina.
I'm sorry are you loving handicapped...??

Code: [Select]
[font=sarcasm]

Quote from: Comatose on February 03, 2013, 12:44:44 PM
iexplorer.exe is the file used to initialize Internet Explorer.

Based on the lines of code and from what I can piece together, the malware may be attempting to delete Internet Explorer to in order to hinder your computer's performance and permanently damage the OS.

I don't know what kind of malicious software this is. Google searches have turned up nothing. If possible, try a system restore back to a point before you downloaded whatever it was.
I haven't downloaded anything recently.

Blockzillahead

February 03, 2013, 12:46:17 PM
Quote from: Evar678 on February 03, 2013, 12:43:05 PM

C:\Users\Evar678\AppData\Local\Temp\DNS.exe (Trojan.Dropper)
C:\Users\Evar678\Local Settings\Temporary Internet Files\Content.IE5\AHLU549W\DNS[1].exe (Trojan.Dropper)
Those two.

Now run a "Perform Flash Scan" with Malwarebytes.

Evar678

February 03, 2013, 12:46:52 PM
Quote from: Blockzillahead on February 03, 2013, 12:46:17 PM
Those two.

Now run a "Perform Flash Scan" with Malwarebytes.
Ok.
I gotta go shovel snow, you'll get the results when I get back.

Lando The Climber²

February 03, 2013, 12:47:14 PM
trojan.dropper
it downloads and installs more malware onto your system so that's not good

Mr.jacksaunt

February 03, 2013, 12:47:47 PM
Quote from: Evar678 on February 03, 2013, 12:45:58 PM
I'm sorry are you loving handicapped...??

Code: [Select]
[font=sarcasm]
forgeten thought you said it was your ip
still you should have been more politically correct

Blockzillahead

February 03, 2013, 12:48:42 PM
Quote from: Evar678 on February 03, 2013, 12:46:52 PM
Ok.
I gotta go shovel snow, you'll get the results when I get back.
What? You're not done yet. Either you do this now or it keeps coming back.

Blocklandian¹

February 03, 2013, 12:48:49 PM
Quote from: Evar678 on February 03, 2013, 12:43:05 PM
Code: [Select]

Have you considered doing a rootkit scan?

Evar678

February 03, 2013, 12:50:07 PM
Quote from: Blockzillahead on February 03, 2013, 12:48:42 PM
What? You're not done yet. Either you do this now or it keeps coming back.
Code: [Select]
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.02.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evar678 :: EVAR678-HP [administrator]

Protection: Disabled

2/3/2013 1:02:10 PM
mbam-log-2013-02-03 (13-02-10).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 199660
Time elapsed: 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Are you happy?

I'm sorry that I have responsibilities. If I don't do this now then I'l probably get my laptop taken away considering shes told me to do this about 17 times today.
Il be back in 5 minutes.

Blockzillahead

February 03, 2013, 12:53:49 PM
Quote from: Evar678 on February 03, 2013, 12:50:07 PM
Ok you're safe for now. But something tells me there's more hiding.

Try getting Anti-Rootkit by Malwarebytes and running a scan with it like Blocklandia said earlier.

http://www.malwarebytes.org/products/mbar/

Blocklandian¹

February 03, 2013, 12:57:30 PM
Have you noticed any potentially strange processes in task manager?

Evar678

February 03, 2013, 12:58:36 PM
Quote from: Blockzillahead on February 03, 2013, 12:53:49 PM
Ok you're safe for now. But something tells me there's more hiding.

Try getting Anti-Rootkit by Malwarebytes and running a scan with it like Blocklandia said earlier.

http://www.malwarebytes.org/products/mbar/
I did a flash scan yesterday, same thing.
You realize that this still happens, right?
It's something mbam isn't catching.

Il try the anti rootkit though. I thought about that yesterday but I didn't think it was nessicary.

Quote from: Blocklandian¹ on February 03, 2013, 12:57:30 PM
Have you noticed any potentially strange processes in task manager?
No, they're all what's normally there.
Pages: 1 [2] 3 4 5 6 7 ... 12
« previous next »