Suspected Malware?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by stone773, Apr 13, 2007.

  1. stone773

    stone773 Private E-2

    Hi, over the last week I have been receiving infected W32 files in my Outlook inbox, along with unsavoury porn related messages.

    My Nod32 virus definitions were out of date at the time.

    I have followed all of the Spyware removal steps as best as possible.

    I was unable though to create a log from the Counterspy scan. The scan did, however, quarantine the following:

    ZeroPopUpBar
    Adult Search Bar
    Trojan-Downloader.Zlob.Media-Codec
    CWS.CameUp

    These items are still in quarantine.

    I am attaching all other log files generated during the required steps.

    Any assistance will be appreciated.

    Thank you.

    Edit: I am having difficulty uploading the last two files. Will try again later.
     

    Attached Files:

    Last edited: Apr 13, 2007
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have voilated step 3 of the READ ME's rule for only running one antivirus application. You have CA eTrust and NOD32 running. Pick the one you want to keep and uninstall the other. Do this now before getting the below logs!


    You missed two other very important logs requested in step 6! Attach the below now.

    runkeys.txt - the log from GetRunKey.bat
    newfiles.txt - the log from ShowNew.bat


    Note, receceiving items in your email is really not a malware problem. It is spam! Once you have allowed spammers to get your email address, you are going to get more and more spam.
     
  3. stone773

    stone773 Private E-2

    Sorry about that, I was not even aware of the CA program.

    I have been unable to upload the last two log files since yesterday. Could I perhaps email them?
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Me too! I forgot to welcome you to Major Geeks. :eek: So welcome to Major Geeks! :p

    Where did it come from? Is this a company owned PC?

    Are you seeing any error messags in the Manage Attachments window? You have to watch carefully in that window. The messages are not very obvious. If you still cannot upload them, try putting both of them into one zip file and upload that.
     
  5. stone773

    stone773 Private E-2

    Thanks for the welcome. :)

    Yes, it is a company owned laptop.

    The Manage Attachments window was showing "connection with the server was reset" error message. It seems to have worked now with uploading a zip file.

    Please note: Since following the Malware Removal Steps, I have stopped receiving spam.
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did they install the CA eTrust software as a required company policy?

    But you did not attach anything.

    Well then we don't have to worry! ;) Most of the time incoming messages like that are not malware related. They are normally due to the fact that you have gotten your email address on some spammers lists.


    You do need to delete the item from your Mailbox Deleted items folder that Panda detected. See your log. In fact, just remove everything from your Deleted Items folder. You don't need them.

    And you can Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    After clicking Fix, exit HJT.
     
  7. stone773

    stone773 Private E-2

    CA software came with preloaded with the PC - there is no company policy for AV software :eek

    Hopefully the attachment works this time. I will follow you instructions listed above now.

    Thank you. :)
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But earlier you said
    Have you now uninstall NOD32? Or did you decide to keep it and uninstall all of the CA software?

    You did not upload the logs! You uploaded the ShowNew.zip file you downloaded from the READ ME! We don't really need them if you are not having anymore problems and as I said, receiving spam is not normally a malware problem.
     
  9. stone773

    stone773 Private E-2

    I did not know that CA was an anti-virus program. :eek: I have uninstalled it and kept NOD32.

    Sorry about uploading the incorrect file! :eek:

    Thank you for your help - you guys do a great job! :cool
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!

    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you run Avenger, you can delete all files related to Avenger now.
    7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    9. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds