[Resolved] b.exe virus
#1
Posted 23 September 2009 - 10:23 AM
Register to Remove
#2
Posted 23 September 2009 - 07:58 PM
Please read the instructions here first: http://forums.whatth...rs_t106388.html
Post the results once done.
~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#3
Posted 24 September 2009 - 04:24 PM
#4
Posted 24 September 2009 - 04:40 PM
#5
Posted 24 September 2009 - 05:56 PM
Seems your infected with one the newer rootkits out there these days.
Regarding rootkits...
Rootkit Threat
Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.
IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
- When should I re-format? How should I reinstall?
- Help: I Got Hacked. Now What Do I Do?
- Where to draw the line? When to recommend a format and reinstall?
If you wish to continue, please follow the instructions below please...
Download and Run ComboFix (Rename Before Saving)
Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.
Download Combofix from any of the links below. You must rename it before saving it.
rename it to: Svchost.exe before saving it to your desktop.
Link 1
Link 2
Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
Double click on Svchost.exe & follow the prompts.
When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.
Do not mouseclick the ComboFix window while it's running. That may cause it to stall.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#6
Posted 24 September 2009 - 07:03 PM
#7
Posted 25 September 2009 - 09:03 AM
#8
Posted 25 September 2009 - 09:16 AM
No. We are not done yet and you're not good to go. Still some more things we need to accomplish before I give you the all-clean.
Please be patient. Just because things feel better doesn't mean you're completely clean.
Please run a scan with Malwarebytes followed by taking a new DDS run and post back with the logs.
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
- Make sure you are connected to the Internet.
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link
~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#9
Posted 25 September 2009 - 02:55 PM
#10
Posted 25 September 2009 - 08:00 PM
..followed by taking a new DDS run and post back with the logs.
Thanks.
~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
Register to Remove
#11
Posted 25 September 2009 - 10:06 PM
Attached Files
#12
Posted 27 September 2009 - 03:20 PM
Sorry for the delay. I apologize.
Let's continue.
Update Java to Version 6 Update 16
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
- Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
- Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
- Click the Download button to the right.
- Select your Platform: "Windows".
- Select your Language: "Multi-language".
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Click Continue and the page will refresh.
- Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Open the Kaspersky WebScanner
page. - Click on the button on the main page.
- The program will launch and fill in the Information section on the left.
- Read the "Requirements and Limitations" then press the button.
- The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
- Once the files have been downloaded, click on the ...button.
In the scan settings make sure the following are selected:- Detect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers and other potentially dangerous programs - Scan compound files (doesn't apply to the File scan area):
Archives
Mail databases
By default the above items should already be checked. - Click the button, if you made any changes.
- Detect malicious programs of the following categories:
- Now under the Scan section on the left:
Select My Computer
- The program will now start and scan your system. This will run for a while, be patient and let it finish.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
IF Kaspersky doesn't work let me know.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.
Thanks.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#13
Posted 28 September 2009 - 11:18 AM
Attached Files
#14
Posted 28 September 2009 - 02:28 PM
Try the ESET Scan instead...
Run ESET Online Scan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
The help you receive here is free. If you wish to show your appreciation, you may wish to
#15
Posted 28 September 2009 - 05:57 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users