6to4 Trojan Infection?

Discussion in 'Malware Help (A Specialist Will Reply)' started by MisuzuKamio, Apr 21, 2009.

  1. MisuzuKamio

    MisuzuKamio Private E-2

    Hi MajorGeeks,

    I just finished the Read and Run me procedure and I have attached my logs. :)

    Description of the problems I've been having:

    Truthfully, there hasn't been that many noticeable problems. However, I got a suspicious e-mail on my yahoo account yesterday named : "Undelivered Mail Returned To Sender" from Mail Delivery System. I know that yahoo's default Mail return system is Mailer-Daemon, so I knew not to open it. I trashed it right away and looked up information on it. Some people claim it's legit while others claim that if you recieve that email, your e-mail account is hijacked and someone else is sending out e-mails using your address or that it can give you a virus upon opening it. I freaked and did a scan with Avast, SAS, and Spybot but came up with nothing. When I did a quick scan with MBAM it picked up something called 6to4 located in the registry (hkey_local_machine\system\currentcontrolset\services\6to4). I was a little reluctant to put a registry item in the Vault since reading up what it is, seems pretty essential to some hardware. I thought it might be a f/p. After about five updates from MBAM, I knew it probably wasn't a false positive so I started the Read and Run Me procedure on this site. I think ComboFix and MGTools picked up some infections that my other programs missed.

    Can one of the helpers please help me out? :) I look forward to your reply. Thanks for reading!

    Oh, also - If the suspicious e-mail I got is still in my trash folder and I open the trash folder but not the e-mail itself, if the e-mail had a virus in it can it infect/re-infect me? I think you need to open it to get a virus, but just in case I thought I'd ask.
     

    Attached Files:

    MisuzuKamio, Apr 21, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can open your trash folder and delete the contents without any worries.

    The 6to4 service can be a legit item, but it depends on the location. MBAM removed it and I am not seeing any other traces of it in your logs.

    Let me know what other issues you are having. :)
     
    TimW, Apr 25, 2009
    #2
  3. MisuzuKamio

    MisuzuKamio Private E-2

    Hey Tim!

    I am not having any more issues that I can think of. :)

    Should I keep the 6to4 file in the MBAM quarantine just in case it is legit?

    I look forward to your reply.
     
    MisuzuKamio, Apr 25, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I would just leave it in the quarantine file......If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Apr 28, 2009
    #4
  5. MisuzuKamio

    MisuzuKamio Private E-2

    Hey Tim,

    All the steps are complete. As always, thanks for your help! You are great. :)
     
    MisuzuKamio, Apr 29, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome....go forth and surf. :)
     
    TimW, May 2, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds