Author Topic: "Shoppy Bag" virus?  (Read 4240 times)

0 Members and 1 Guest are viewing this topic.

potterybeelady

  • Guest
"Shoppy Bag" virus?
« on: May 08, 2011, 08:11:15 PM »
I'm new here, disclaimer:  not very savy as far as poking around in my files goes. Got an email from an aunt
with the subject line stating something about being tagged in a shoppy bag picture. 
So I bit... big mistake. :-[
Now my email account is attaching this virus thing to my all my emails and sending out emails twice a day all by itself, imagine that!  :o

I've run avast once, the quick scan, so now I'm running a full scan, but will this scan my email account? 

Any other suggestions? 

Thanks so much.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37594
  • Not a avast user
Re: "Shoppy Bag" virus?
« Reply #1 on: May 08, 2011, 08:23:50 PM »
First see "my messages" here  (top right corner)


Then

Check for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected  button to quarantine anything found

post the scan log here

« Last Edit: May 08, 2011, 08:29:31 PM by Pondus »

potterybeelady

  • Guest
Re: "Shoppy Bag" virus?
« Reply #2 on: May 08, 2011, 08:36:17 PM »
Thanks so much - should I wait until this present scan is finished, or should I stop that one and proceed with this other suggestion?

pcclean3453

  • Guest
Re: "Shoppy Bag" virus?
« Reply #3 on: May 08, 2011, 11:07:47 PM »
Doesn't matter. ;D

potterybeelady

  • Guest
Re: "Shoppy Bag" virus?
« Reply #4 on: May 09, 2011, 02:08:40 AM »
Okay - here it is :-) Hope this is what I'm supposed to post. 

Scan type: Full scan (C:\|)
Objects scanned: 391459
Time elapsed: 2 hour(s), 39 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\user\documents\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37594
  • Not a avast user
Re: "Shoppy Bag" virus?
« Reply #5 on: May 09, 2011, 06:07:29 AM »
did this help on your problem ?

potterybeelady

  • Guest
Re: "Shoppy Bag" virus?
« Reply #6 on: May 09, 2011, 06:18:14 AM »
I don't know if I can make that determination yet.  Twice in a 24 hour period, the virus has done a mass mailing from my account.  I've always remained logged in to that account, but I've changed my password and alternate email preferences and logged out each time I checked it. So far, there have been no more mass mailings, but I don't think I'll feel completely at ease until in the morning. 


grumpycat

  • Guest
Re: "Shoppy Bag" virus?
« Reply #7 on: May 09, 2011, 06:37:39 AM »
Shoppybag is a social network, it doesn't let you download anything and doesn't ask for your email password.  It is not on your computer, anyway.  If you want to stop them inviting your friends to join (which is normal social network functionality), you can change your account settings in your ShoppyBag profile, or delete your account if you don't care for social shopping. 

Safeweb and McAfee routinely scan everything for possible malware and security threats:

http://safeweb.norton.com/report/show?url=http%3A%2F%2Fshoppybag.com

http://http://208.69.152.108/sites/shoppybag.com/postid%3Fp%3D7350957&ct=ga&cad=CAcQARgBIAEoBDAAOABA6cfU7QRIAlgAYgVlbi1VUw&cd=Sk1XXX2csnQ&usg=AFQjCNFzPmzC3bWaIw6gFHIFUY8d-YnOfg

Good luck!
Grumpy :D

potterybeelady

  • Guest
Re: "Shoppy Bag" virus?
« Reply #8 on: May 10, 2011, 01:40:45 PM »
Shoppybag is a social network, it doesn't let you download anything and doesn't ask for your email password.  It is not on your computer, anyway.  If you want to stop them inviting your friends to join (which is normal social network functionality), you can change your account settings in your ShoppyBag profile, or delete your account if you don't care for social shopping.
Good luck!
Grumpy :D


Thanks for the information.  :)

 I  don't necessarily think that the virus is called "shoppy bag", that's just how it presented itself.
The subject line said something about "shoppy bag" and then inside the email itself it said "Jane Doe has tagged you in a photo".  So I clicked on the photo, and got the message "can't be opened."
Then all these mass emailings from my personal email account started bouncing back as "undeliverable", or "spam warnings".   

I got another "undeliverable" one this morning. I'm trying to sign out every time so I don't know if that one was just a stray one finally making it back or if it's a whole new batch. Time will tell. 

When this happened I had just sprained my ankle (Thursday) and was taking pain medication only at night, but that's usually when I'm online, so I'll use that as my excuse for doing something that normally would set off alarm bells.