0

Spambot has taken hold of my computer and is sending out emails to my clients, friends and family. If someone could help me get this off of my computer, I would appreciate it. I do need the information in laymen's terms, I'm so not IT (but I learn quickly).

3
Contributors
12
Replies
30
Views
3 Years
Discussion Span
Last Post by LynnCarter62
0

What operating system are you running and is it 32 or 64 bit? What anti-virus is installed?

To get started, download and install Malwarebytes Anti-Malware, let it update the database, then run a Quick Scan. Allow it to quarantine anything detected and reboot to complete disinfection.
Attach the log file to your post.

Download the appropriate version of Rogue Killer for your OS.
Rogue Killer 32 bit - http://www.adlice.com/softs/roguekiller/RogueKiller.exe
Rogue Killer 64 bit - http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

It doesn't need installation, so just double click to run. After it completes its pre-scan, accept the licence agreement, then click on Scan. When it has finished running, just exit the program, don't have it fix anything at this point. A log will be created on your desktop. Attach the log to your post.

If you have any problems or questions just let me know.

0

64 bit, Webroot and Windows Defender. file 1.Malwarebytes found nothing. file 2. Roguekiller found two. There should be two attached files.

Attachments
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org



Database version: v2014.03.09.07



Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

lynncarter033 :: LYNNCARTER62 [limited]



3/9/2014 3:34:12 PM

mbam-log-2014-03-09 (15-34-12).txt



Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 269859

Time elapsed: 5 minute(s), 1 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 0

(No malicious items detected)



(end)
RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : lynncarter033 [Admin rights]
Mode : Scan -- Date : 03/09/2014 15:23:12
| ARK || FAK || MBR |

 Bad processes : 0 

 Registry Entries : 2 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 Scheduled tasks : 0 

 Startup Entries : 0 

 Web browsers : 0 

 Browser Addons : 0 

 Particular Files / Folders: 

 Driver : [NOT LOADED 0x0] 

 External Hives: 

 Infection :  

 HOSTS File: 
--> %SystemRoot%\System32\drivers\etc\hosts




 MBR Check: 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-35HXZT3 +++++
--- User ---
[MBR] 84c715495513ceb40e77ef002daedf3d
[BSP] 53236564fceea3158d55668e62010107 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03092014_152312.txt >>
0

No sooner after doing all of this and leaving these files, was my email compromized and multiple emails were sent out with another malicious attachmen sent out! Coincidental?

0

Both links give me a 404 page not found. Just paste the Rogue Killer log into a reply.
Download OTL. Just double click to run. In its settings, toggle Output to Minimal Output, then press 'Run Scan'. When it has finished there should be 2 log files. Zip the logs and attach.

0

Yes I did all that and the links didn't work for you so these are the same logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.07

Windows 8 x64 NTFS

3/9/2014 3:34:12 PM
mbam-log-2014-03-09 (15-34-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269859
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

________________________________________________________

RogueKiller V8.8.10 x64 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 64 bits version
Started in : Normal mode
User :
Mode : Scan -- Date : 03/09/2014 15:23:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

0

Rogue Killer is only showing two false positives.

Download TDSSKiller and run it. Once it has started, click on 'Change parameters', leave the default settings for 'Object to scan' and put a check mark in both Additional options. Press OK, then Start scan.
If it detects anything, change the action to 'skip', press continue and exit the program.
A log will be created at the drive root, usually C:\TDSSKiller.*_log.txt. Post the log.

Also follow the instructions in my previous post for running OTL.

0

I don't see that it's deleting the issue. I'd like an explanation before I download anything more onto my computer. Thanks.

Edited by LynnCarter62

1

Hello, Lynn, and welcome. From what you say it appears that you have been infected by malware which has read your email address book and then proceeded to use those addresses to spread itself via infected emails. But you knew that... Anyway, that makes it a trojan (just an industry definition so that we know what we are dealing with). And no, I don't know why it should be called a trojan... they were the ones who got attacked by the greeks inside the horse. Maybe call it a Greek with Gift. Malwarebytes.org is a reputable group with a formidable anti-malware tool, which you used, but it only fights some groups of infections, and of course, only those it knows about. RogueKiller is generally run to stop malware processes that interfer with the running of anti-malware softwares; it has some killing capabilities, too. Neither software would have introduced problems into your system, nor did they remove anything.
There.
OTL, which you did not use, is a software which gives via its log a detailed look into your system, the processes which are running, or can be set to run, the add-ons to your browsers and so on. It is totally safe to run, but has removal capabilities if separately and specially instructed.

Edited by gerbil

0

Thank you gerbil for providing Lynn with that information.

I go on to these sites, get more viruses and no explanation. nice.

I was called away on a large malware removal and data recovery job, so I've not been able to respond. None of those sites that I linked to serve any type of malware. It's possible that the malware you have, is downloading more malware to your system, or redirecting you to malicious sites that host exploit kits.

TDSSKiller is an application provided by Kaspersky Labs. that detects and removes many types of rootkits.
Rootkit definition as provided by Kaspersky:

A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).

Whether you decide to run these programs is your choice. If you don't feel comfortable in doing so, then I'd suggest disconnecting your computer from the internet and take it to a reputable PC repair service.

0

Thank you for lending the information. Unfortunately I ended up with pop-up windows and emails were sent out from my own email address within an hour of download from one the sites so I had to change my email password immediately (coincidental) after the download. I did fix the pop-up problem through a friend of a friend.:D The spambot, I have no idea if that is fixed, though no one has gotten any emails after the initial one's.
As long as you don't run or have any connection with any of these sites, you're not to blame for any of this. Thanks again.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.