Author Topic: Trojans, malware...Seriously infected I think...  (Read 67080 times)

0 Members and 1 Guest are viewing this topic.

Ulrazagul

  • Guest
Trojans, malware...Seriously infected I think...
« on: August 16, 2012, 08:51:33 PM »
Hi everyone...I'm really worried about this.
Let me start.

I was using Microsoft Essentials on my laptop...everytime it said the computer was safe until one day I made a full scan...for my suprise the computer is infected and I from there start getting paranoied. It found some a Trojan called EyeStye B and other one C. Microsoft deleted them...ran a full scan again and didnt found anything else? Is my problem resolved?

And then I went to my desktop...ran a full scan with microsoft essentials, nothing found...Wasn't convinced and downloaded Malwarebyte Anti-Malware and then it found somethings.

I took this from the Malwarebytes log

"HKCU\SOFTWARE\VÍTIMA (Backdoor.Trace) -> Moved to quarantine and deleted with success.

...

HKCU\Software\vítima|FirstExecution (Backdoor.Trace) -> Dados: 20/06/2010 -- 18:45 -> .Moved to quarantine and deleted with success

...


 And 3 files were detected with this

C:\Programas\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) ->
C:\Programas\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) ->
C:\Documents and Settings\myUser\Application Data\logs.dat (Bifrose.Trace) -> Moved to quarantine and deleted with success




I'd really appreciate if someone could help me!

Thanks in advance.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: Trojans, malware...Seriously infected I think...
« Reply #1 on: August 16, 2012, 09:13:08 PM »
help with what ....




if you think you are infected......follow guide and attach logs
http://forum.avast.com/index.php?topic=53253.0



« Last Edit: August 16, 2012, 09:38:03 PM by Pondus »

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #2 on: August 16, 2012, 09:57:15 PM »
help with what ....




if you think you are infected......follow guide and attach logs
http://forum.avast.com/index.php?topic=53253.0

Hi Pondus,

sorry I didn't make myself very clear, once again I ran a full scan with Malwarebytes and it didn't find anything...the thing is I'm worried that something maybe hidden and that's what's worrying me, should I still post the logs? ( I'm doing this on my desktop, I haven't turned on the laptop after doing the scan with microsoft essentials.)

Tomorrow I'm gonna scan my laptop with malwarebytes and see what comes up?

One more thing is it possible that the virus could go to computers that are using the same network?

Sorry about this, but this forum and you guys seemed the best option to ask for help from what I found in the search results.

Thanks...


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37642
  • F-Secure user
Re: Trojans, malware...Seriously infected I think...
« Reply #3 on: August 16, 2012, 10:10:58 PM »
Quote
should I still post the logs?
as i said above if you think you are infected .......

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #4 on: August 16, 2012, 10:50:00 PM »
Quote
should I still post the logs?
as i said above if you think you are infected .......

OTL isn't working, is it because of Malwarebytes Anti-Malware or my other anti-virus (kaspersky)?

Meanwhile here's the Malwarebytes log, perfectly clean.

----


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
 [administrator]

Protection: Enabled

16-08-2012 19:54:56
mbam-log-2012-08-16 (19-54-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190738
Time elapsed: 21 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #5 on: August 17, 2012, 12:19:55 PM »
BUMP  :-[

How can I make OTL work?

Can I do the  aswMBR.exe  part without doing OTL? Excuse me all the questions but I just don't want to mess things up...


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojans, malware...Seriously infected I think...
« Reply #6 on: August 17, 2012, 12:22:56 PM »
1. How can I make OTL work?

2. Can I do the  aswMBR.exe  part without doing OTL?

1. Try it in safe mode.
2. Yes.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #7 on: August 17, 2012, 12:43:15 PM »
Kaspersky is telling me that  aswMBR.exe might not be safe, it says it detected PDM.Suspicious driver installation and that it is trying  to download something to C:\DOCUMENTS AND SETTINGS...\TEMP\ASWMBR.SYS.

I should run it right? No worries?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojans, malware...Seriously infected I think...
« Reply #8 on: August 17, 2012, 12:44:06 PM »
I should run it right? No worries?

Yep.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #9 on: August 17, 2012, 12:53:57 PM »
1. How can I make OTL work?

2. Can I do the  aswMBR.exe  part without doing OTL?

1. Try it in safe mode.
2. Yes.



There you go aswMBR.exe is attached.

By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojans, malware...Seriously infected I think...
« Reply #10 on: August 17, 2012, 01:02:38 PM »
By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?

Yes.
-> http://en.wikipedia.org/wiki/Safe_mode
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #11 on: August 17, 2012, 01:04:55 PM »
By the way, trying OTL in safe mode? How do I do that? pressing F8 or something while the pc initiates, is that it?

Yes.
-> http://en.wikipedia.org/wiki/Safe_mode

I got a red line on aswMBr...that means something's bad?

Meanwhile I'll do the OTL in safe mode

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojans, malware...Seriously infected I think...
« Reply #12 on: August 17, 2012, 01:07:09 PM »
1. I got a red line on aswMBr...that means something's bad?

2. Meanwhile I'll do the OTL in safe mode

1. Yes, you're infected, but you knew that before, didn't you. ;)
2. OK.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #13 on: August 17, 2012, 01:08:18 PM »
1. I got a red line on aswMBr...that means something's bad?

2. Meanwhile I'll do the OTL in safe mode

1. Yes, you're infected, but you knew that before, didn't you. ;)
2. OK.

1- Yes, but are we gonna be able to fix it? Is it dangerous?

Thanks for everything by the way..

Ulrazagul

  • Guest
Re: Trojans, malware...Seriously infected I think...
« Reply #14 on: August 17, 2012, 01:25:33 PM »
Hey...Tried running OTL in safe mode, still didn't work!

God...how am I gonna get rid of this??