Undefined Spyware/Trojan thingy...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by LifeToTake, May 21, 2006.

  1. LifeToTake

    LifeToTake Private E-2

    I have ran Lavasoft's Adware Remover free versiona nd Windows Defender Beta many times in safe mode. I not been able to fix my problem. On some site (dunno which one) I ended up getting some evil program that I didn't have any knowledge of it's download. Now when I boot up regularly I have 2 red round buttons show in my systems tray with X on them that pop up with bubbles saying I got spyware and crap (which is a way of saying "Hey biznitch buy my crap or live with my shizzy program I forced on you")

    My entire computer specs are listed in Belarc Advisor.html

    I ran runkeys and wimpfind and the logs are attached to this post too. Any help would be much apreciated. :/ I would just reinstall windows XP but I lack access to the CDs untill my dad gets home from his buisness trip.
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Your runkeys log showed:
    Serious Note: If you have files like ibm000x.exe or dll on your PC, you could have a serious problem to deal with related to a password stealing trojan. Your financial accounts (passwords etc) may have been compromised. See this link:

    http://www.liutilities.com/products/wintaskspro/processlibrary/ibm00001/



    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also since you appear to have a bunch of other hiding infections on your system, you really should run the below additional Ewido scan and let it fix everything it finds:

    Running Ewido Anti-Malware

    Attach the requested Ewido log afterwards.
     
  4. LifeToTake

    LifeToTake Private E-2

    I managed to fix the problems. HAHA As to if they accually managed to log my passwords doesn't matter anyways. I don't do online banking or payments luckily and all the passwords I use are pretty much public domain. Anyone who wants them can have them I just give them away... (all eccept the one for my account on newgrounds.com XD but no one would want it XD) If the IBM things information is sent out trying to give the creator a direct connection to me in any way then they are outta luck because they wouldn't have been able to connect to me anyways I am behind a router that has no forwarded ports. Well thanks for the help ^_^ I really needed it.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not necessarily true. Once the applications are on your PC (and they were), they can hook themselves into any valid running application (like Internet Explorer or Windows Explorer) which do have access in and out of your PC thru your firewall. To your firewall it would look no different than those two valid applications running.
     
  6. LifeToTake

    LifeToTake Private E-2

    ......... They can't connect to me. Their programs might be connecting to them and sending them information that the program is designed to send them in data packets. The only thing they can send back is a data packet which would tell the program what to do. No one would want to go reinventing the wheel when remote assistance already exsists. If they were to just send data packets telling it to do something to my computer they would really get pissed after living through tons of lag because I use a wireless router and I am almost out of it's range.. If I were to just move my computer another 4-7 ft it wouldn't be connected to the net anymore XD. Even if I didn't get all of the evil programs I won't need to worry about it in a week when my dad gets home. I will just get the windows XP Home disc and all the required drivers to reinstall. I will use the 3 1/2 floppy that came with the HD to just write zeros to the drive and reinstall windows. I been meaning to do it for a while but I just haven't because I didn't feel like backing up 6 gigs worth of data.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Suit yourself. But they were already connected to you. That is how the files got there to begin with. And if you can connect to the internet, they can send info to the internet. Whether they actually have stolen any important information is the question. The trojan was already on your PC. They don't need to reinvent anything. It already exists and you had it.

    There is no way to really know if they stole any information from you or not yet, but since you had the trojan they may have already done so. They could have passwords for anything you use the PC to connect to (even your PC user login passwords) or they may not.

    Formatting your PC or even writing zeros to the harddrive only insures that you remove any possible remaining malware related to the trojan from your PC. It does not change the fact that they may already have your information. And that is why you need to be safe and change all passwords and check with financial institutions for any illegal activity.

    It is your financial security and others using the PC that is at risk not ours. If you don't want to take this seriously, that's your decision.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds