« previous next »
Pages: [1]   Go Down

Author Topic: Malware-gen :(  (Read 4225 times)

0 Members and 1 Guest are viewing this topic.

Argus11111

  • Guest
Malware-gen :(
« on: June 22, 2012, 12:42:55 AM »
Like the post below me I'm suffering from this issue. Avast has tossed up 60 or so blocked sites and on at least two occasions has blocked some sort of executable that's trying to run. Here is the latest log from MWB:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.21.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
derp :: DERP-PC [administrator]

Protection: Enabled

6/21/2012 4:21:46 PM
mbam-log-2012-06-21 (16-21-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234240
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\derp\AppData\Roaming\exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\derp\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{b350d6a5-1237-8980-0eb0-89ea3204fd8f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #1 on: June 22, 2012, 12:45:21 AM »
Here is the OTL.txt
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #2 on: June 22, 2012, 12:46:23 AM »
And Extras.txt
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #3 on: June 22, 2012, 12:47:24 AM »
ASWmbr wouldn't complete a scan no matter how hard I tried but it did turn up several red lines, denoting infections. At my wits end with this thing.
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #4 on: June 22, 2012, 12:48:39 AM »
Also while I'm at it I should add that I'm ashamed of the atrocious state of my computer at the moment, I really need to clean the damn thing up. I'm hardly a newbie either, just lazy. Oops.
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #5 on: June 22, 2012, 06:13:31 AM »
I really, really hate to bump such a recent thread but I really need help with this little monster. It's not having ANY discernible effect on my PC, which is odd to me, but I want it out out out. Help! ... please!
Logged

true indian

  • Guest
Re: Malware-gen :(
« Reply #6 on: June 22, 2012, 06:15:52 AM »
attach anything else needed from here http://forum.avast.com/index.php?topic=53253.0

and wait for essexboy or jeff to help u by today evening
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #7 on: June 22, 2012, 06:30:30 AM »
Thanks True Indian! As far as I know I've posted everything  that the relevant thread calls for. I'm really not trying to be a nuisance. Thanks.
Logged

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Malware-gen :(
« Reply #8 on: June 22, 2012, 09:26:30 AM »
one of the malware expert will check those logs and help you from there.
« Last Edit: June 22, 2012, 09:28:41 AM by mikaelrask »
Logged
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Malware-gen :(
« Reply #9 on: June 22, 2012, 10:14:28 AM »
Hi Argus11111, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
I see you have ran combofix. Please post the log. It can be found at C:\combofix.txt

Thanks
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #10 on: June 22, 2012, 09:43:57 PM »
I ran it yesterday but it seems that it didn't create a log file... I searched the entire C: drive and couldn't turn one up. Should I run it again today?
Logged

Argus11111

  • Guest
Re: Malware-gen :(
« Reply #11 on: June 22, 2012, 09:52:18 PM »
Also I turned off the Avast! realtime shields in an experiment and found that Adobe Flash Player is trying to install.. endlessly. If it's malware pretending to be official Adobe stuff it's pretty convincing. I manually stopped the progress of the install each time. Weird.
Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Malware-gen :(
« Reply #12 on: June 23, 2012, 10:21:12 AM »
Hi Argus11111,


Let's do it this way. Right click combofix.exe and click delete. We'll get a new copy.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1or Link 2 to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:

     -Tools->Options->Main tab
     -Set to "Always ask me where to Save the files".

  • During the download, before you save it to your desktop, rename Combofix to jgh.exe
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
    -----------------------------------------------------------
  • Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]
4. If after running should you recieve a message "Illegal operation on a registry key that has already been marked for deletion" or similar, reboot the compter.

Please post back with
  • combofix log
How is the computer?

Thanks
Logged
Pages: [1]   Go Up
« previous next »