Author Topic: Help check my logs please essexboy  (Read 1436 times)

Offline tjallen8

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Help check my logs please essexboy
« on: March 29, 2012, 11:36:24 PM »
Hi,

Recently I was notified by my bank that my MasterCard had been accessed twice overnight, and it leads me to suspect that I have some kind of virus that was able to log my details, as I typed them in recently for an online purchase. So I ran Malwarebytes' Anti-Malware, OTL and aswMBR.

Edit: perhaps I should mention that I ran the Kaspersky TDSSKiller scan with no threats, and a full scan with Kaspersky Internet Security also with no threats.

MBAM:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tim_2 :: TIM-PC [limited]

30/03/2012 9:56:33 AM
mbam-log-2012-03-30 (09-56-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168370
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\users\tim\local settings\tempdir\betterinstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)



aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 09:36:38
-----------------------------
09:36:38.699    OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:38.699    Number of processors: 4 586 0x2A07
09:36:38.700    ComputerName: TIM-PC  UserName: Tim
09:36:57.406    Initialize success
09:38:10.098    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:38:10.098    Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
09:38:10.098    Disk 0 MBR read successfully
09:38:10.098    Disk 0 MBR scan
09:38:10.098    Disk 0 Windows 7 default MBR code
09:38:10.108    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:38:10.118    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
09:38:10.128    Disk 0 scanning C:\Windows\system32\drivers
09:38:13.455    Service scanning
09:38:16.429    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
09:38:16.429    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
09:38:16.476    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
09:38:16.510    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:38:20.679    Modules scanning
09:38:20.679    Disk 0 trace - called modules:
09:38:20.695    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:38:20.695    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d8a790]
09:38:20.695    3 CLASSPNP.SYS[fffff88001e1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007585050]
09:38:20.695    Scan finished successfully
09:39:50.757    Disk 0 MBR has been saved successfully to "C:\Users\Tim\Documents\MBR.dat"
09:39:50.760    The log file has been saved successfully to "C:\Users\Tim\Documents\aswMBR.txt"


The OTL log is attached.

Thanks a lot in advance!
« Last Edit: April 04, 2012, 04:18:44 AM by tjallen8 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: Help check my logs please
« Reply #1 on: March 29, 2012, 11:52:02 PM »
check back tomorrow night when essexboy is here
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline tjallen8

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #2 on: April 04, 2012, 04:17:42 AM »
Hi, not sure what the rules are, but thought I should bump this as it's nearly on page 3. I'm just worried because my bank account was accessed --- I've been using a virtual keyboard since then, but I think I could have something lurking in my computer.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #3 on: April 04, 2012, 05:53:02 AM »
Ok......essexboy must have missed this one..

I have sent him a note this time.
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline tjallen8

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #4 on: April 04, 2012, 05:55:46 AM »
Great, thanks a lot.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #5 on: April 04, 2012, 05:57:40 AM »
He is usually in here late UK time.... 
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28987
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #6 on: April 04, 2012, 06:04:11 PM »
Hi sorry I missed you

The logs are showing clean of any known password stealers/keyloggers

Could you use Kaspersky to generate an analysis log, then upload to a file sharing site for me to collect

Details here http://support.kaspersky.com/faq/?qid=208279710

Offline tjallen8

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #7 on: April 06, 2012, 03:41:11 AM »
Thanks a lot for checking.

The links for the log files are below, there is a .rar or .zip of the same file.

RAR: http://www.sendspace.com/file/ltxtwq

ZIP: http://www.sendspace.com/file/rrxvu0

Thanks :)

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28987
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #8 on: April 06, 2012, 09:38:39 AM »
That also shows clean, are you experiencing any problems with the computer ? 

Offline tjallen8

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #9 on: April 06, 2012, 02:05:14 PM »
No, my computer seems fine. I just suspected I had a problem due to unauthorised access of my bank account, and I think the most likely explanation was a keylogger or something. But other than that, I have no reason to suspect any viruses. Thank you very much for checking :)

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28987
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Help check my logs please essexboy
« Reply #10 on: April 06, 2012, 02:47:31 PM »
Not a problem, always better safe than sorry  ;D

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now