Hi, this is my first post so please be patient if it get this wrong!!

I keep getting a pop-up window quoting MD5| and then a string of numbers but with a different url in the top of the window each time. I recently got sent a load of messages which McAfee picked up as having viruses in them, have scanned and quarantined but still get the same annoying window popping up.
A jpeg of one of the windows is attached.

Any help would be really appreciated.

Attachments
2
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by PhilliePhan

Hi, this is my first post so please be patient if it get this wrong!!

I keep getting a pop-up window quoting MD5| and then a string of numbers but with a different url in the top of the window each time. I recently got sent a load of messages which McAfee picked up as having viruses in them, have scanned and quarantined but still get the same annoying window popping up.
A jpeg of one of the windows is attached.

Any help would be really appreciated.

That's interesting - definitely looks like foul play:
http://safeweb.norton.com/report/show?name=sa-vand.dk

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

-- Post the MBAM log for us and one of the volunteers ought to be able to advise you further.

Cheers :)
PP

Thanks Philliephan, i've down done what you suggested and I had around 19 trojans etc to sort out. Since rebooting I dont seem to have had a pop-up yet, but I guess I still need to give it a while.
The log is attached as requested.

Thank you very much for your help with this. Please let me know if you think I need to do anything else.

Attachments
Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 6.0.6001 Service Pack 1

08/11/2009 14:09:06
mbam-log-2009-11-08 (14-09-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186023
Time elapsed: 1 hour(s), 25 minute(s), 2 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
c:\Windows\freddy73.exe (Worm.Koobface) -> Unloaded process successfully.
c:\Windows\pp12.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\freddy73.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\Windows\pp12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\carl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H020H8C6\fb.73[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Users\carl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEIP7NBF\pp.12[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\ld15.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465155.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Thank you very much for your help with this. Please let me know if you think I need to do anything else.

Happy to help!

MBAM is great at removing active infections, but I'd like to have a closer look just to double-check:

-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it.

-- Also, please give me an update on how things are running - hopefully still no problems.

I will check back as time permits.

Cheers :)
PP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.