Unsure if I have malware/virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by exeon, Aug 1, 2009.

  1. exeon

    exeon Private E-2

    My wife received the infamous email 'Fotos' where the sender attaches 3 links to apparent photos but that links to malware sites. Obviously, my wife clicked on the link; the mail was from a friend.

    I would think that our computer is infested but I'm not sure; I'd like to confirm everything is OK.

    I went through the steps by steps and some of the tools found issues. I also tried an hijackthis auto analyzer and it did detect issues. So here is everything.
     

    Attached Files:

    exeon, Aug 1, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We still need the C:\MGLogs.zip. From running the C:\MGTools.exe
     
    TimW, Aug 4, 2009
    #2
  3. exeon

    exeon Private E-2

    Don't think I can edit my post so here it is. Not sure why I forgot it ><
     

    Attached Files:

    exeon, Aug 6, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Malware detected in email databases has to be cleaned up by you. You have a few choices:

    1. delete the whole file which is not an option you normally want to use
    2. load the email folder that contains the infection and delete ALL unnecessary emails (hoping to remove the problem email) and then use the Mailbox Cleanup option to delete all old emails. Then compact the Outlook database to permanently remove data. See http://support.microsoft.com/kb/196990 If you do not cleanup and compact the databases, the deleted emails may still be leaving hidden information in the database that you just cannot see but a scanner may still pickup on it.
    3. create a new folder and move only emails you really need into the new folder and then delete the infected folder.

    There are a few things we can clean up (none of which is malware):

    Did you install this:
    PreyAgent
    If you did, remove it from the HJT fix.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Then use windows explorer to find and delete:
    C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Nancy.job
    C:\Users\Nancy\Desktop\prey-0.1.2-win --> again, not if you installed this.

    Otherwise, your logs are clean. So tell me what issues you are having.
     
    TimW, Aug 9, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds