Trojan/Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by sunglasses, Aug 13, 2012.

  1. sunglasses

    sunglasses Private E-2

    Hello, I am posting hoping to get help because of a potential trojan infection.

    I am not sure if this is what caused the infection, it could have been on the computer before but something that I did today prompted me to scan the computer.
    I did something very very stupid. My computer made a strange noise so I got scared that the hard drive was failing. So I searched for an application to check its state. I downloaded several, and one of them had more functions available only if one buys the full version. So I googled for a keygen. :-o *slaps self* I know, it's illegal and dangerous, I won't do it again. It's better to buy a software than to spend the whole day trying to fix the computer: :cry I've learned my lesson. :( I feel really dumb. :(

    After I clicked on it, nothing happened seemingly. Then I wondered if it wasn't a virus disguised as a keygen.

    So I did several scans with different applications before finding this forum. I found a few infected files and deleted them. Then I rebooted the computer, and did scans again, and found that there were still traces on the computer. One of these applications ( I forgot which one) scan detected a file ending in .sys, which it identified as being a trojan.

    Then I followed the procedures of this forum.

    1) Rogue Killer
    I ran Rogue Killer with Run as Administrator, however, it seems something prevented it from lauching in Administrator mode because the log says Restricted rights.

    2) Malware Bytes
    It ran fine.

    3) HitmanPro
    When I ran HitmanPro, it crashed at 99%. When it crashed, I think it had detected a .sys file if my memory is not wrong, so I ran it again.

    This time, HitmanPro detected almost 30 items, most of them executables which seem to have been infected. It sent many of them to the Scan Cloud.

    4) MGtools
    I got an error message from HijackThis about not being able to modifiy the Hosts file, also MGTools was not able to create a log file because of a "zip error". I tried to run it in Administrator, but it didn't work.

    Thank you so much for any help you can provide! :) Please excuse my bad English, it is not my native language.
     

    Attached Files:

    sunglasses, Aug 13, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTL to your desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.


    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
    TimW, Aug 14, 2012
    #2
  3. sunglasses

    sunglasses Private E-2

    Hello.
    Here are the logs.
    Also, I forgot to mention that I had a BSOD recently. I had put my computer in sleep or hibernation mode, but when I came back the next day, the computer wasn't in sleep/hibernation, there was a blue screen with an error. The error was Driver Power State Failure. Could this be malware related?
     

    Attached Files:

    sunglasses, Aug 14, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No, not a malware issue. In fact I am not seeing much in the way of malware. Let's just do this:


    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:files
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DBDEB62C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:354E094D
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Aug 15, 2012
    #4
  5. sunglasses

    sunglasses Private E-2

    Is that so? Well, that is good to know.:)

    I ran the OTL software, the fix seemed to work fine, until the step before the last one: it gave me an error that it couldn't create the Hosts file, and of course never progressed to reboot. Afterward, it displayed Resetting Hosts file Do Not Interrupt in the bar, for nearly an hour, and never seemed to finished doing it. How much time should the resetting of the hosts file take, in normal circumstances? Should I launch OTL again and leave the application running for more time? Is it normal that the hosts file cannot be resetted even though the program ran for so long? Or is there something preventing the modification fo the hosts file?

    I can't run any application as administrator anymore, so I can't run MGLogs in administrator (I have Vista). Even if I click run as administrator, the application doesn't launch under the administrator account, I don't even get the pop-up window asking for the password. Also, I wanted to re-enable UAC temporarily, but I can't either, it tells me I don't have the correct permissions to do it.
     
    sunglasses, Aug 16, 2012
    #5
  6. sunglasses

    sunglasses Private E-2

    Here are some more precisions about UAC. On the day I opened this topic, after I ran Mgtools, I wanted to re-enable UAC. I tried it first by double clicking the EnableUAC.reg file in Mgtools' directory, but it didn't work. I got this error message:

    "Cannot import C:\MGtools\EnableUAC.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes."

    I tried again from the control panel, and it didn't work either. In the Windows Security Center window, I tried, but I didn't get the password pop-up, just an error message that told me I don't have the permissions to do that.

    PS: I wrote a longer message before, that quoted your message, that hasn't appeared yet because it needs approval (by moderator?).
     
    Last edited: Aug 16, 2012
    sunglasses, Aug 16, 2012
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since we are not finding any malware in your logs, I suggest you post in the software forum for assistance with your permissions issue.
     
    TimW, Aug 16, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds