 |  |  |  |  |  |  |  |
Virtumonde/Seneka infection please advise
 |
Ok ..yet another glitch.
I restarted in Safe Mode and tried to run RunThis.bat
A blue window appeared for a fraction of a second and then it closed right off.
I tried to run it again as admin ad stii the same thing.
I don't know what else to do.
I guess vista has something to do with that .
So to wrap it up it didn't do anything , no scan no log no nothing
I restarted in Safe Mode and tried to run RunThis.bat
A blue window appeared for a fraction of a second and then it closed right off.
I tried to run it again as admin ad stii the same thing.
I don't know what else to do.
I guess vista has something to do with that .
So to wrap it up it didn't do anything , no scan no log no nothing
Port 5550/TCP is open (matches XTCP.200)
Port 5550/TCP is open (matches XTCP.201)
Found trojan file: C:\ComboFix\hidec.exe (RiskTool.Hidec.100)
Found adware file: C:\Program Files\BS.Player ControlBar\BSToolbar.dll (Adware.FastLook)
Found adware file: C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (Adware.FastLook)
Found adware file: C:\Program Files\Webteh\BSplayer\bplay.exe/Upx.tooqfmrg (Adware.BSPlay.100)
Found adware file: C:\Program Files\Webteh\BSplayer\bsplay.exe/Upx.xxoplfyg (Adware.BSPlay.100)
Found trojan file: C:\Users\MIRA\Desktop\ComboFix.exe/hidec.exe (RiskTool.Hidec.100)
Found trojan file: C:\Users\MIRA\Desktop\ComboFix.exe/Upx.hafftohv/hidec.exe (RiskTool.Hidec.100)
I did a scan with TrojanHunter and this is the result
I think that the results here are false pozitives ... at least that is my opinion
Port 5550/TCP is open (matches XTCP.201)
Found trojan file: C:\ComboFix\hidec.exe (RiskTool.Hidec.100)
Found adware file: C:\Program Files\BS.Player ControlBar\BSToolbar.dll (Adware.FastLook)
Found adware file: C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (Adware.FastLook)
Found adware file: C:\Program Files\Webteh\BSplayer\bplay.exe/Upx.tooqfmrg (Adware.BSPlay.100)
Found adware file: C:\Program Files\Webteh\BSplayer\bsplay.exe/Upx.xxoplfyg (Adware.BSPlay.100)
Found trojan file: C:\Users\MIRA\Desktop\ComboFix.exe/hidec.exe (RiskTool.Hidec.100)
Found trojan file: C:\Users\MIRA\Desktop\ComboFix.exe/Upx.hafftohv/hidec.exe (RiskTool.Hidec.100)
I did a scan with TrojanHunter and this is the result
I think that the results here are false pozitives ... at least that is my opinion
Last edited by OneBlueD; Jan 16th, 2009 at 10:06 am.
•
•
Join Date: Feb 2004
Posts: 9,923
Reputation: 
Solved Threads: 709
Try and run it in normal mode. Not sure if the latest version will do that or not.
How far back does your system restore go?
How far back does your system restore go?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I tried to run it and it says that I need to do it in SafeMode
So no luck there.
System restore will probably take me to when I first bought the laptop ...so december 2008
So no luck there.
System restore will probably take me to when I first bought the laptop ...so december 2008
•
•
Join Date: Feb 2004
Posts: 9,923
Reputation:
Solved Threads: 709
Might be the way to go seeing that we are having no success this way.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 9,923
Reputation:
Solved Threads: 709
You will not lose any documents and the like by doing the sys restore.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 9,923
Reputation:
Solved Threads: 709
Will not hurt I suppose to run this;
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.
RECONNECT TO THE INTERNET
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.
RECONNECT TO THE INTERNET
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Trojan Found On a Disc I Burned. Did it infect me? Log Provided
- Next Thread: jeefo virus
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday