Email php link

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by deindl, Jul 8, 2012.

  1. deindl

    deindl Private E-2

    Dear users,

    I got an email from a friend with the following link:

    ATTENTION MALWARE, dont put it inii your browser:
    _http://10086sjw.com/likeit.php?seems208.php_

    It is obviously malware and i notified the friend of it. However neither windows defender nor avira could find anything on his computer.

    Does anybody have an idea how to track this down and remove it ?

    Best wishes and thanks for the help in advance
    deindl
     
    deindl, Jul 8, 2012
    #1
  2. deindl

    deindl Private E-2

    Hi guys,

    here are the logs.

    RK seems to have found something (the server where the link went to was chinese):

    [HIDDEN VAL] HKLM\[...]\Run : @ĺF醂俢劘⏰輀 () -> ERROR [0x1]

    Thanks already in advance for the help !

    deindl
     

    Attached Files:

    deindl, Jul 8, 2012
    #2
  3. thisisu

    thisisu Malware Consultant

    Welcome to MajorGeeks, deindl :)

    __

    [​IMG] From Programs and Features (via Control Panel), please uninstall the below:
    • Java(TM) 6 Update 31
    • FreePDF (Remove only)
    • pdfforge Toolbar v4.1
    • PC Inspector File Recovery
    • PDFCreator
    • pdfsam

    __

    I'm not so sure what RogueKiller found is actually malware related as there is no path to any file.

    Code:
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
[COLOR="Red"]@=""[/COLOR]
    I think it's just a junk value for (Default) but it shouldn't be there so we can remove.

    __

    [​IMG] Open RogueKiller again.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[3].txt
    Attach RKreport[3].txt to your next message. (How to attach)

    __

    [​IMG] Rescan with HitmanPro but this time have it Delete the following:
    C:\Program Files\Application Updater\ApplicationUpdater.exe / Service = Application Updater

    __

    Here is one additional scan I'd like to run just to make sure no rootkits are present.

    [​IMG] I want you to read and follow these instructions: TDSSKiller - How to run

    __

    [​IMG] Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
    This updates all of the logs inside MGlogs.zip.
    When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

    __

    Let me know what malware related problems you are experiencing after you have completed these steps.
     
    thisisu, Jul 9, 2012
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds