Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91639 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vundo Removal Help


  • Please log in to reply
36 replies to this topic

#31 sagiter

sagiter

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 21 May 2008 - 03:17 PM

Scan taken on 21 May 2008 21:16:08 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Downloader.Generic7.NWA BitDefender Found nothing ClamAV Found nothing CPsecure Found W32.W.Downloader.fb Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found W32/DLoader.FMND Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

    Advertisements

Register to Remove


#32 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 21 May 2008 - 04:36 PM

I'll install the genuine app onto a VM and see what shows up. It is possible that malware is trying to mimic legitimate software, but i'll not know more until i've had a play.
Death to the salad eaters!

#33 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 22 May 2008 - 01:12 PM

I've installed the uTorrent application and get the same two folders as were created on your machine, but not the other files. This doesn't unfortunately get us any further as it's possible that malware is using an old trick of creating file sharing folders in the hope of spreading itself this way.
I need you to scan that file again at Jottis as the file I scanned is not flagged by any AV. This could either be because the file you have is different to mine, or it could be that the AV companies have updated their definitions after inspecting the file.
As well as posting the results as before, I need the upper part of the screen as well, which contains the following four pieces of info:

File:
Status:
MD5
Packers detected:

Death to the salad eaters!

#34 sagiter

sagiter

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 22 May 2008 - 01:19 PM

File: uTorrent.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: ae9630191876d67772d36c4d973361e8 Packers detected: - Scan taken on 22 May 2008 19:17:57 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Downloader.Generic7.NWA BitDefender Found nothing ClamAV Found nothing CPsecure Found W32.W.Downloader.fb Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found W32/DLoader.FMND Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

#35 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 22 May 2008 - 01:53 PM

Two different files entirely - nice! I'd like you to do the following please:

Right click an empty area of your Desktop and from the menu that appears click New > Compressed (zipped) Folder - the default name will be fine.
Cut and paste the following file(s) into this folder:

F:\Program Files\uTorrent
F:\Documents and Settings\Owner\Application Data\uTorrent
F:\WINDOWS\system32\xwusuhzh.exe
F:\WINDOWS\system32\hljwugsf.bin


Once you have done this, open the folder, if it isn't already, and click File > Add a Password...
Enter infected (all lower case) into the Password: textbox, confirm it in the box underneath, and then click OK.

If they are too big to email in one go, just send them individually. I'll PM the email address to send them too - thanks.

Is the PC behaving itself now?
Death to the salad eaters!

#36 sagiter

sagiter

    Authentic Member

  • Authentic Member
  • PipPip
  • 36 posts

Posted 22 May 2008 - 02:19 PM

I cannot locate this file: F:\WINDOWS\system32\xwusuhzh.exe I will email all else momentarily. The computer seems fine right now.

Edited by sagiter, 22 May 2008 - 02:29 PM.


#37 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 22 May 2008 - 04:21 PM

OK, got the files thanks. As long as the PC is behaving itself, i'd not worry too much - just keep an eye on it and try to avoid dodgy links. I don't think that the PC was reinfected by a usb device, simply because there was no sign of this particular malware in your earlier logs. If it was the same cause, i'd expect the same slime to be dropped. It could have been a simple drive by download or something sent via instant messaging that caused the problems, but I don't really know. As long as you've got rid of the two folders and the other file, that should be the last of it. Run the PC as before for a couple of days and then complete the last of the instructions given earlier to have CF tidyup after itself and flush System restore.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users