Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: leandro.miranda on March 31, 2011, 08:57:20 PM

Title: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: leandro.miranda on March 31, 2011, 08:57:20 PM
Ha I am trying to remove a curse day in the company where I work. MSN OS has its own life. send dozens of messages ..

The LINK to download the plague is VIRUS: h p: / / mynewpicturss.com / album.php? =

This is a problem sary. I have done many actions .. removed and no ...
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Hermite15 on March 31, 2011, 09:02:26 PM
you should have posted this in the virus section, but okay, I'll notify someone that will help you ;) (... if he wants to ;D )
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Hermite15 on March 31, 2011, 09:05:13 PM
in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: essexboy on March 31, 2011, 09:09:41 PM
Here are the destructions for MBAM.  But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?

After the MBAM run I would like to run an analysis on the system 

(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).

Double Click mbam-setup.exe to install the application.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check


Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Charyb on March 31, 2011, 09:15:45 PM
@essexboy
I was getting ready to re-image so I went ahead and ran it. Behavior shield popped up. I submitted the sample to Avast.

3/31/2011 2:03:04 PM   Modification of: \REGISTRY\USER\S-1-5-21-3283010599-301252469-166660181-1000\Software\Microsoft\Windows\CurrentVersion\Run\ovbodmsv
    By:  C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
    Via: C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IJRI3GY\PIC976242742133-JPG-www.facebook.com.exe
         -> Action allowed


http://www.virustotal.com/file-scan/report.html?id=d1ef3ea4cf899250de36a2e7f85f1d934fcaa83bcde558a12b1f904ad31939d8-1301517851
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: leandro.miranda on March 31, 2011, 09:22:23 PM
I have six machines of great importance in the network that are experiencing this problem. Does avast will solve it?


Here are the destructions for MBAM.  But a few questions - does the virus have a name given by your AV ?
Is it a network that is infected or a single system ?

After the MBAM run I would like to run an analysis on the system 

(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

THEN

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check


  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: essexboy on March 31, 2011, 09:28:43 PM
Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: leandro.miranda on March 31, 2011, 09:51:18 PM
Ok, I'll like this, and I'll post the results soon.

Run a bootscan with Avast on each system then run MBAM on each system
If the symptoms persist attach the analysis of one machine and I should be able to give the file locations of it on all machines (the file names may differ though)
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Nesivos on March 31, 2011, 09:55:45 PM
Using HiJackThis might help :)
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: essexboy on March 31, 2011, 10:18:34 PM
Unfortunately Hijackthis no longer looks at all the relevant entry points like appcerts etc .....
Quote
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\Security\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 12:07:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/02/16 04:37:56 | 000,000,000 | R--D | M] - Z:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | R--- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Trend have not updated the programme now for getting on 3 years
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Nesivos on April 01, 2011, 03:36:45 AM
I replaced HJT with OTL and located the OTL Tutorial.  Now I have to read it ???

Thanks
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: essexboy on April 01, 2011, 07:00:05 PM
A fair bit of malware nowadays inserts commands into the IFEO, appcert or security providers chain.  So deleting files from the run entries will still leave the malware active..

OTL is very versatile as well, it will investigate any area that you ask it to

Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: leandro.miranda on April 05, 2011, 06:49:07 PM
This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Hermite15 on April 05, 2011, 07:04:25 PM
This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

follow Essexboy's instructions when he comes back to this thread ;)
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: leandro.miranda on April 05, 2011, 07:21:57 PM
Yes I followed the instructions, I installed mbam and did the updates, then scan sent on any PC. And did not detect any problems.

This program did not remove the virus, I'm having the same problem today. :'(

in the meantime you can give a shot to mbam:
http://www.malwarebytes.org/mbam.php

download the free version, install and update it, then run a quick scan, follow the instructions if any.

follow Essexboy's instructions when he comes back to this thread ;)
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Hermite15 on April 05, 2011, 07:45:53 PM
you didn't do what he asked you here:
http://forum.avast.com/index.php?topic=75127.msg621901#msg621901

download OTS and post log etc...
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: essexboy on April 05, 2011, 08:51:48 PM
MBAM and Avast will only get known files - the unknown have to be removed manually  ;D
Title: Re: Windows Live Messenger sends multiple messages to users virus Brazil
Post by: Zyndstoff (aka Steven Gail) on April 05, 2011, 08:56:42 PM
MBAM and Avast will only get known files - the unknown have to be removed manually  ;D

To boldly remove what no man has removed before...  8)