Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Caution! Your computer contains a variety of suspicious programs..

  • 28-11-2010 7:27pm
    #1
    jman0war
    Registered Users, Registered Users 2 Posts: 429 ✭✭


    Ok it looks like i have some malware.

    When i open the odd hyperlink, i get redirected to a page that has an ip in the address bar, and it pretends to do a scan on my computer.
    I can't cancel out and have to End Task on iexplorer.exe

    It's exactly like this:
    http://www.youtube.com/watch?v=VxJlCkX7Spc

    Funny thing is, so far its happened exclusively to Guardian (news site) links.

    Anyway, i have Malwarebytes Anti-Malware and it only returns some false positives (log file below)

    I also use SpyBot S&D, it finds a few things.
    I also use Avast (free version, updated) and it finds nothing.
    My DNS isn't being redirected and there's nothing in hosts file.

    What do you think?



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 5202
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    28/11/2010 05:12:18
    mbam-log-2010-11-28 (05-12-18).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 605811
    Time elapsed: 1 hour(s), 21 minute(s), 8 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\BACKUP\Software - Applications\Adobe Photoshop CS3 Extended\Adobe Photoshop CS3 Extended\Crack\Crack\Keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\BACKUP\Software - Applications\AdobePremiereCS3\AdobePremiereCS3\Crack\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\BACKUP\Software - Applications\Microsoft Office 2007\Office 2007 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.


Comments

  • #2
    bhickey
    Registered Users, Registered Users 2 Posts: 1,340 ✭✭✭bhickey


    Can you first try all those tests again (especially the Malwarebytes bit) in 'Safe Mode with Networking' if you haven't already? Do you think Avast was running and up-to-date when this infection started?


  • #3
    jman0war
    Registered Users, Registered Users 2 Posts: 429 ✭✭jman0war


    bhickey wrote: »
    Can you first try all those tests again (especially the Malwarebytes bit) in 'Safe Mode with Networking' if you haven't already
    Yeah, i suppose i'll have to try it.
    bhickey wrote: »
    Do you think Avast was running and up-to-date when this infection started?
    yes, but there was like 10 minutes between when i downloaded/installed the upgrade (new version), and the mandatory reboot.
    So my computer would have been unprotected for a narrow window of time.


  • #4
    jman0war
    Registered Users, Registered Users 2 Posts: 429 ✭✭jman0war


    Nothing found in SAFE mode:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 5202
    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385
    28/11/2010 21:13:28
    mbam-log-2010-11-28 (21-13-28).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 453218
    Time elapsed: 48 minute(s), 16 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


  • #5
    old_aussie
    Registered Users, Registered Users 2 Posts: 3,410 ✭✭✭old_aussie


    You had some common low risk trojans and malwarebytes quarantined and then deleted them.


  • #6
    jman0war
    Registered Users, Registered Users 2 Posts: 429 ✭✭jman0war


    old_aussie wrote: »
    You had some common low risk trojans and malwarebytes quarantined and then deleted them.
    It would be great if that were true, but between my 1st Malware Bytes scan and the 2nd one (done in SAFE mode), i had another link for the Guardian newssite, get re-directed.

    The 2nd Malware Bytes scan didn't detect anything.


  • Advertisement
  • #7
    bhickey
    Registered Users, Registered Users 2 Posts: 1,340 ✭✭✭bhickey


    A common way to get rid of some of the more stubborn viruses is to use the rkill program first to terminate any infected processes before running Malwarebytes again. This gives Malwarebytes (and other virus checkers) a better chance of detecting some viruses that might otherwise stay hidden. Can you try that? Rkill will produce a log in C:\rkill.log so post that too.


  • #8
    mp22
    Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    Do a scan with super anti spyware the free one.


Advertisement