Guest Russell Posted January 28, 2009 Posted January 28, 2009 I think my computer is infected with malware. For the last week, when I reboot, and try to connect to the net the windows firewall is off them starts after a few seconds. I'm not able to open the Windows security center until my computer has connect to the net. I have run "Hijack this" where can I post the report? Thanks for your help. Russ Quote
Guest David H. Lipman Posted January 28, 2009 Posted January 28, 2009 From: "Russell" <fake@email.com> | I think my computer is infected with malware. For the last week, when I | reboot, and try to connect to the net the windows firewall is off them | starts after a few seconds. I'm not able to open the Windows security center | until my computer has connect to the net. I have run "Hijack this" where can | I post the report? | Thanks for your help. | Russ Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Root Kit Posted January 28, 2009 Posted January 28, 2009 On Wed, 28 Jan 2009 08:17:28 -0500, "Russell" <fake@email.com> wrote: <span style="color:blue"> >I think my computer is infected with malware. </span> Well, then you basically have 2 choices: Find a "malware removal tool" on order to remove the worst symptoms or take the only truly trustworthy approach: Revert to a known clean state - which ultimately means flatten and rebuild - and then base all your future security on prevention. Quote
Guest Buffalo Posted January 28, 2009 Posted January 28, 2009 Russell wrote:<span style="color:blue"> > I think my computer is infected with malware. For the last week, when > I reboot, and try to connect to the net the windows firewall is off > them starts after a few seconds. I'm not able to open the Windows > security center until my computer has connect to the net. I have run > "Hijack this" where can I post the report? > > Thanks for your help. > Russ</span> Besides posting your HiJackThis log where David suggested, see if you can dl,install, update and run the free versions of 1) MalwareBytes Anti-Malware (MBAM for short) 2)SuperAntiSpyware (SAS for short) Two excellent programs. MBAM works best in Normal Windows (if there really is such a thing) SAS sometimes requires Safe Mode to remove everything it finds. Bothe are excellent programs and highly recommended regularly in the alt.privacy.spyware newsgroup. Buffalo Quote
Guest Mick Murphy Posted January 28, 2009 Posted January 28, 2009 http://www.spybot.info/en/index.html Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program. Download, install, update, and immunize your System with it. Then SCAN with it. Update it, and scan your System once a fortnight. http://www.malwarebytes.org/mbam.php Malwarebytes is as the name says, a Malware Remover! For the Free version scroll down their page to either download from Download.com, or Major Geeks.com Download, install, and update. Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER. RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode. If unable to install above Programs in Normal Mode: Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them. If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there. -- Mad Mike "Russell" wrote: <span style="color:blue"> > I think my computer is infected with malware. For the last week, when I > reboot, and try to connect to the net the windows firewall is off them > starts after a few seconds. I'm not able to open the Windows security center > until my computer has connect to the net. I have run "Hijack this" where can > I post the report? > > Thanks for your help. > Russ > > > </span> Quote
Guest Buffalo Posted January 28, 2009 Posted January 28, 2009 Mick Murphy wrote:<span style="color:blue"> > http://www.spybot.info/en/index.html > > Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program. > Download, install, update, and immunize your System with it. > Then SCAN with it. > Update it, and scan your System once a fortnight. > > http://www.malwarebytes.org/mbam.php > > Malwarebytes is as the name says, a Malware Remover! > For the Free version scroll down their page to either download from > Download.com, or Major Geeks.com</span> [snip] MBAM is also a preventer when using the paid version when you set it to real-time instead of on-demand only. It seems to be much more effective than Spybot in finding and removing the latest malware. However, free Spybot can be used real-time and that is an advantage. SAS will find more old malware than MBAM, so if you install Spybot and use its real-time protection, and then scan with MBAM and SAS, you should find most of any malware on your system. Buffalo Quote
Guest Mick Murphy Posted January 29, 2009 Posted January 29, 2009 Buffalo, each of them will find different things. I always scan people's computers with both of them. S & D is up to 370-380,000 things it scans for, and MBAN is 69,000. I leave the free MBAN on people's comps, but S & D becomes confusing for them, because of the Reg Allow or Deny for them when they install Programs. -- Mad Mike "Buffalo" wrote: <span style="color:blue"> > > > Mick Murphy wrote:<span style="color:green"> > > http://www.spybot.info/en/index.html > > > > Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program. > > Download, install, update, and immunize your System with it. > > Then SCAN with it. > > Update it, and scan your System once a fortnight. > > > > http://www.malwarebytes.org/mbam.php > > > > Malwarebytes is as the name says, a Malware Remover! > > For the Free version scroll down their page to either download from > > Download.com, or Major Geeks.com</span> > [snip] > > MBAM is also a preventer when using the paid version when you set it to > real-time instead of on-demand only. > It seems to be much more effective than Spybot in finding and removing the > latest malware. > However, free Spybot can be used real-time and that is an advantage. > SAS will find more old malware than MBAM, so if you install Spybot and use > its real-time protection, and then scan with MBAM and SAS, you should find > most of any malware on your system. > Buffalo > > > </span> Quote
Guest 1PW Posted January 29, 2009 Posted January 29, 2009 On 01/28/2009 02:31 PM, The Real Truth MVP sent:<span style="color:blue"> > "Buffalo" <Eric@nada.com.invalid> wrote in message > news:glqgc4$jn1$1@news.motzarella.org...<span style="color:green"> >> >> MBAM is also a preventer when using the paid version when you set it to >> real-time instead of on-demand only.</span> > > That feature does not work in the paid version. It is suppose to but it > does not.</span> TRT: According to an authoritative source, that statement is partially false. Under 64bit editions of windows, that's correct. The resident module runs fine under 32bit editions however. Malwarebytes plans to support 64bit versions soon however. I hope this has made everything crystal clear for everyone. -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest The Real Truth MVP Posted January 29, 2009 Posted January 29, 2009 The module runs just fine on 32 bit systems but it does not prevent infection. According to MBAM, and I have tested this numerous times, it's real-time protection is supposed to prevent infection of malware that it normally detects in it's scans or that it has detections for in its database. It simply does does not work. If you have the paid version it is very easy to test by visiting a know malware site. MBAM should block it like Avast does. I even downloaded and installed some and MBAM allowed it. I then used MBAM to remove it. Test it for yourself. Yes I have reported to the MBAM folks. -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message news:glrmao$89n$1@nntp.motzarella.org...<span style="color:blue"> > On 01/28/2009 02:31 PM, The Real Truth MVP sent:<span style="color:green"> >> "Buffalo" <Eric@nada.com.invalid> wrote in message >> news:glqgc4$jn1$1@news.motzarella.org...<span style="color:darkred"> >>> >>> MBAM is also a preventer when using the paid version when you set it to >>> real-time instead of on-demand only.</span> >> >> That feature does not work in the paid version. It is suppose to but it >> does not.</span> > > TRT: > > According to an authoritative source, that statement is partially false. > > Under 64bit editions of windows, that's correct. The resident module > runs fine under 32bit editions however. Malwarebytes plans to support > 64bit versions soon however. > > I hope this has made everything crystal clear for everyone. > > -- > 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] </span> Quote
Guest 1PW Posted January 29, 2009 Posted January 29, 2009 On 01/29/2009 09:08 AM, The Real Truth MVP sent:<span style="color:blue"> > The module runs just fine on 32 bit systems but it does not prevent > infection. According to MBAM, and I have tested this numerous times, > it's real-time protection is supposed to prevent infection of malware > that it normally detects in it's scans or that it has detections for in > its database. It simply does does not work. If you have the paid version > it is very easy to test by visiting a know malware site. MBAM should > block it like Avast does. I even downloaded and installed some and MBAM > allowed it. I then used MBAM to remove it. Test it for yourself. Yes I > have reported to the MBAM folks.</span> TRT: Unfortunately, this situation is difficult to test unless we know of a known malware site. Are you aware of anything currently in the wild? Russell: Please do excuse our theft of your thread. I'm afraid I've lapsed into the use of bad manners here. If you haven't solved your problem, we should get out of your way. Have you received a report from a HJT analysis site? Please let us know. -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest The Real Truth MVP Posted January 29, 2009 Posted January 29, 2009 On this site hxxp://www.antivirus-live-pro.com/antivirus.html there is a link to download AntivirusPro a known infector that is detected and removed by almost all malware removal and antivirus programs including MBAM. MS's Windows Defender and Avast's real-time protection both detect this download and block it. However MBAM does not. the results on that file on Virus Total http://www.virustotal.com/analisis/fcbe0d5...cacf084ae6c0889 -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message news:glssn5$ami$1@nntp.motzarella.org...<span style="color:blue"> > On 01/29/2009 09:08 AM, The Real Truth MVP sent:<span style="color:green"> >> The module runs just fine on 32 bit systems but it does not prevent >> infection. According to MBAM, and I have tested this numerous times, >> it's real-time protection is supposed to prevent infection of malware >> that it normally detects in it's scans or that it has detections for in >> its database. It simply does does not work. If you have the paid version >> it is very easy to test by visiting a know malware site. MBAM should >> block it like Avast does. I even downloaded and installed some and MBAM >> allowed it. I then used MBAM to remove it. Test it for yourself. Yes I >> have reported to the MBAM folks.</span> > > TRT: > > Unfortunately, this situation is difficult to test unless we know of a > known malware site. Are you aware of anything currently in the wild? > > Russell: Please do excuse our theft of your thread. I'm afraid I've > lapsed into the use of bad manners here. If you haven't solved your > problem, we should get out of your way. Have you received a report from > a HJT analysis site? Please let us know. > > -- > 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] </span> Quote
Guest 1PW Posted January 29, 2009 Posted January 29, 2009 On 01/29/2009 12:16 PM, The Real Truth MVP sent:<span style="color:blue"> > On this site hxxp://www.antivirus-live-pro.com/antivirus.html there is a > link to download AntivirusPro a known infector that is detected and > removed by almost all malware removal and antivirus programs including > MBAM. MS's Windows Defender and Avast's real-time protection both detect > this download and block it. However MBAM does not. the results on that > file on Virus Total > http://www.virustotal.com/analisis/fcbe0d5...cacf084ae6c0889</span> TRT: That /is/ interesting. I hope that's getting high on Marcin & Company's honey-do list. Thank you. Pete -- 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t] Quote
Guest John D Posted January 31, 2009 Posted January 31, 2009 "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message news:glt4bm$14o$1@nntp.motzarella.org...<span style="color:blue"> > On 01/29/2009 12:16 PM, The Real Truth MVP sent:<span style="color:green"> >> On this site hxxp://www.antivirus-live-pro.com/antivirus.html there >> is a >> link to download AntivirusPro a known infector that is detected and >> removed by almost all malware removal and antivirus programs >> including >> MBAM. MS's Windows Defender and Avast's real-time protection both >> detect >> this download and block it. However MBAM does not. the results on >> that >> file on Virus Total >> http://www.virustotal.com/analisis/fcbe0d5...cacf084ae6c0889</span> > > TRT: > > That /is/ interesting. I hope that's getting high on Marcin & > Company's > honey-do list. > > Thank you. > > Pete > -- > 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]</span> Living 'on the edge' ...... I went to the site mentioned by TRT and downloaded 'setup.exe'. I did, indeed, receive a warning from Defender - which I ignored. Once downloaded, I scanned the file with Symantec AV - nothing found. I then scanned with MBAM - it found it to be infected and quarantined it. here is the MBAM report to confirm: Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 Service Pack 3 31/01/2009 23:36:35 mbam-log-2009-01-31 (23-36-35).txt Scan type: Quick Scan Objects scanned: 1 Time elapsed: 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\oemuser\Desktop\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. HTH -- Dave Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.