« previous next »
Pages: [1]   Go Down

Author Topic: Bredolab-BF  (Read 3910 times)

0 Members and 1 Guest are viewing this topic.

AstronomerSmith

  • Guest
Bredolab-BF
« on: December 22, 2009, 11:23:09 PM »
I've never had a problem with viruses, but now, unfortunately, my stepson's computer has a very annoying "worm", I think.  He downloads all sort of "crap" off the internet, and I knew it would be only a matter of time before he got something on it I didn't know how to get rid of.  I've got Avast, and it does a good job, been using it for several years.
Avast keeps popping up with a "Found Virus" alert every few minutes, I tell it to move it to chest, and it says it can't, because it is being used, or something like that.
When I tell it to delete the file, I assume it does, but within 5 or 10 minutes at the most, another virus file is found and alerts go off.
I'm fairly novice at this, but know some about computers, so while I'm not totally a newbie, I've not removed viruses and worms and trojans all that much.  So any help would be greatly appreciated.
Scott
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37534
  • Not a avast user
Re: Bredolab-BF
« Reply #1 on: December 22, 2009, 11:30:49 PM »
Try this

Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, then click the "remove selected" button to quarantine anything found and restart
« Last Edit: December 22, 2009, 11:34:39 PM by Pondus »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89065
  • No support PMs thanks
Re: Bredolab-BF
« Reply #2 on: December 22, 2009, 11:46:55 PM »
Why not switch him to a limited user account if he can't have more discipline, so any potential damage is also limited.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

AstronomerSmith

  • Guest
Re: Bredolab-BF
« Reply #3 on: December 23, 2009, 12:01:24 AM »
That is what I thought.  I've done Avast Scan and it found boat loads of the file.  Firewall?  ZoneAlarm.
I may end up trying all that stuff you and others have suggested, but it may be a day or three, because of being so busy around Christmas...speaking of which, Merry Christmas to everyone!
Scott

Quote from: DavidR on December 22, 2009, 11:46:55 PM
Why not switch him to a limited user account if he can't have more discipline, so any potential damage is also limited.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Re: Bredolab-BF
« Reply #4 on: December 23, 2009, 12:31:59 AM »
In removing Bredolab (there are 8 different versions) remove the following files if with the corresponding MD5:
~.exe, load[2].exe, winNmHNNoZHatkjc.exe   ab290f18b0fe3ce172638dab58e9d36d
~.exe,load[1].exe   eb34a948b5585b64fa217b0f65b6eab5
ab290f18b0fe3ce172638dab58e9d36d.   ab290f18b0fe3ce172638dab58e9d36d
digeste.dll2   d190b1cf7328c5a196bb5b967b7da94f
digeste.dll   d190b1cf7328c5a196bb5b967b7da94f
e58b9e29a5c4fdca196fc6e837b9212b
m.dll   ca52b4c5fc7c434dad49cce7c855d630
MsZ.exe   eb34a948b5585b64fa217b0f65b6eab5
Kill processes:
file0.exeU
nregister DLLs:
msansspc.dll
Delete files:
file0.exe msansspc.dll

Step 1 : Use Windows Command Prompt to Unregister Trojan.Downloader.Bredolab DLL Files

Search and unregister "Trojan.Downloader.Bredolab" DLL files:

Step 2 : Detect and Delete Other Trojan.Downloader.Bredolab Files

Remove the "Trojan.Downloader.Bredolab" processes files:
digeste.dll

Step 3 : View the Trojan.Downloader.Bredolab Components with its MD5s

Remove the "Trojan.Downloader.Bredolab" components:
File Name   File Size   MD5
digeste.dll   18432   d190b1cf7328c5a196bb5b967b7da94f
digeste.dll   28672   e58b9e29a5c4fdca196fc6e837b9212b
winupdate.exe   24576   77c39565cdd2fecbc446712e3d8d67ed
mwoxsrance.exe   20003   fb3325e076e8bf8b72d36fa9a52e6420
~.exe   18432   ab290f18b0fe3ce172638dab58e9d36d
~.exe,load[1].exe   28672   eb34a948b5585b64fa217b0f65b6eab5
wncoaxmsre.tmp   17955   b7051ee012096b1539339e22268c5eee
winNmHNNoZHatkjc.exe   18432   ab290f18b0fe3ce172638dab58e9d36d
D6f499e61.exe   36352   74d95402682f7e11513433193e1a2684
wpv831257179558.exe   28928   13c60d96299b200f0b5205da7f6b1428
load[2].exe   18432   ab290f18b0fe3ce172638dab58e9d36d
random.exe   16896   b31cc9b74eb8d905d448bed22a5f9c54
wmcenraoxs.exe   20515   ac6732b35060af39b60b93f227ea8978

polonus








Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »