INFOSTEALER.GAMPASS - Please help!!!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Mustela, Aug 2, 2008.

  1. Mustela

    Mustela Private E-2

    Hi everyone

    First time poster here, I just wondered if anyone could please help me?? Ive recently had my World of warcraft account compromised, everything stolen and taken... I managed to get my account back yesterday.. scanned my computer for keyloggers/trojans etc.. and cleared everything that was found, I then reinstalled wow incase the exe was corrupt or tampered with, and reset my password. I thought I would be ok, but today my account has yet again been taken and password changed.

    I have just downloaded and installed norton antivirus and a full system scan is showing that I am infact infected with the infostealer.gampass trojan.

    Now, norton is saying that the threat is resolved, but I have people telling me that I need to arse around disabling system restore etc, to allow the trojan to be removed fully?

    Does anyone have any experience with this particular virus, and can anyone advise as to proper removal of this?? My other half seems to think that norton will take care of everything once the scan is finished but Im just looking for other opinions as I know how devious these infections can be.

    Is there anything else I need to do???

    Please help :(

    Thanks alot

    Emily
     
    Mustela, Aug 2, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes you do need to toggle System Restore off and then back on to remove restore points that may contain the infection. Otherwise if you use System Restore, you can restore the malware.

    We have had a few threads here on it which you could search on. Here are a few examples but there were more.

    infostealer.gampass <-- Norton/Symantec did not fix the problems.

    InfoStealer.Gampass??? <-- Norton/Symantec did not fix the problems.

    Infostealer/Infostealer.Gampass Problem <-- Norton/Symantec did not fix the problems.


    Our experience has been that Norton has not fixed this malware.

    It may be in your best interest to do the below.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide


    Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    Starting your computer in Safe mode
     
    Last edited: Aug 2, 2008
    chaslang, Aug 2, 2008
    #2
  3. Mustela

    Mustela Private E-2

    Hello,

    Thanks for your reply. Well my norton scan says it has "fully removed" infostealer.gampass, and Ive done a few more scans its not showing and im not being alerted of it. Im just running NOD32 now and it's been going a while but not picked it up.


    I did the disable restore thing too.

    erm.. there is no sign of the trojan on my system anymore but Im having many people saying that I should reformat just to be sure. I actually managed to speak with the "hacker" who had my WoW account today and he accidentally scripted the password to me, which I managed to change fast and regain access to my account. I am however very worried that he'll take it back again if my system is not clear of infection ...


    If im not getting alerts and nothing is showing anymore, do you think it will be ok ???

    Thanks


    Emily
     
    Mustela, Aug 2, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You MUST NOT have multiple antivirus programs installed.

    If you are convinced that because Norton says you are clean that you are clean then that's fine. However if you read those other threads you will see there were dozens of things Norton never found nor did it remove. I'm not saying it is the same for you! I'm just stating a fact.

    There are no guarantees in malware removal. Even formatting is not sufficient. You need to delete partitions, repartition, format and reinstall to be sure you are clean. And then you need to make sure you don't reinstall the infection from infected media or files you may have backed up. Rather than rewriting the same information, there is a good writeup in the below link on when to re-format.

    http://www.dslreports.com/faq/10063

    Do I think it is necessary? No. Especially not for a game. For financial related passwords that would be a different matter, but even then, formatting is rarely necessary unless you are paranoid or have extremely sensitive data to worry about.


    I cannot answer this since you have not run the READ & RUN ME. You already said once that you thought you were clean and then your password was stolen again.
     
    chaslang, Aug 2, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds