crap

Discussion in 'Malware Help (A Specialist Will Reply)' started by ellezeebub, Feb 20, 2006.

  1. ellezeebub

    ellezeebub Private E-2

    ok, sorry 'bout the pissing and moaning, but for some reason a long post i just wrote went missing. so, once more into the breach!!

    my son has been playing online games with my inspiron 4000, and while i won't let him touch my new computer, i had hoped to keep the old one in working order.

    but, i can't update windows components (it stalls out using 100% CPU), and when i run spybot a key called fake.wget comes up that can't be removed even at startup. spybot did remove alexa related, wget, dso exploit, net sys and weblookup.

    i went to the sticky-do-me-first-before-you-ask-for-help, and loaded what i didn't have already. unfortunately, i don't have all the components for the windows defender tools to run--it says i need CDI+, but since i can't update any windows components i can't get the pieces that it needs. i over-ran ccleaner (oops, it seemed like a good idea at the time) and ran the extra buttons (am i fired?).

    do you think i can go ahead and do steps 6 and 7?

    thanks.

    and yes, i know, my son should be doing this, but i don't have a lot more faith that he will fix it successfully ...

    thanks a lot,

    elle.
     
    ellezeebub, Feb 20, 2006
    #1
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Yes, continue on with Steps 6 and 7.
     
    Shadow_Puter_Dude, Feb 20, 2006
    #2
  3. ellezeebub

    ellezeebub Private E-2

    okay, we have infection. running panda now, will get back to you with results soon.

    farking children. is it too late to send him back??? *kidding*
     
    ellezeebub, Feb 20, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I hope you ran BitDefender first as instructed.
     
    chaslang, Feb 20, 2006
    #4
  5. ellezeebub

    ellezeebub Private E-2

    BitDefender Online Scanner -Scan Report

    BitDefender Online Scanner

    Scan report generated at: Mon, Feb 20, 2006 - 16:35:33


    C:\Program Files\Weblookup\weblookup.dll Detected with: Adware.WebLookup.A

    C:\Program Files\Weblookup\weblookup.dll Disinfection failed

    C:\Program Files\Weblookup\weblookup.dll Deleted

    C:\System Volume Information\.Bin\lanmon.exe Infected with: GenPack:Trojan.HackTool.IpcScan.200

    C:\System Volume Information\.Bin\lanmon.exe Disinfection failed

    C:\System Volume Information\.Bin\lanmon.exe Delete failed

    C:\System Volume Information\.Bin\Mtu.Rkt.28.07\snss.exe Infected with: GenPack:Backdoor.Bifrose.D

    C:\System Volume Information\.Bin\Mtu.Rkt.28.07\snss.exe Disinfection failed

    C:\System Volume Information\.Bin\Mtu.Rkt.28.07\snss.exe Delete failed

    C:\System Volume Information\.Bin\pwd\pwdump2.exe Infected with: GenPack:Virtool.Pwdump.2.0

    C:\System Volume Information\.Bin\pwd\pwdump2.exe Disinfection failed

    C:\System Volume Information\.Bin\pwd\pwdump2.exe Delete failed

    C:\System Volume Information\.Bin\speedtest1\hidden32.exe Infected with: Virtool.HiddenRun.B

    C:\System Volume Information\.Bin\speedtest1\hidden32.exe Disinfection failed

    C:\System Volume Information\.Bin\speedtest1\hidden32.exe Deleted

    C:\System Volume Information\.Bin\wanip\pwdump2.exe Infected with: GenPack:Virtool.Pwdump.2.0

    C:\System Volume Information\.Bin\wanip\pwdump2.exe Disinfection failed

    C:\System Volume Information\.Bin\wanip\pwdump2.exe Deleted

    C:\WINNT\m00.exe Infected with: Trojan.Dropper.QuickBatch.C

    C:\WINNT\m00.exe Disinfection failed

    C:\WINNT\m00.exe Deleted

    C:\WINNT\se.exe Detected with: Adware.WebLookup.A

    C:\WINNT\se.exe Disinfection failed

    C:\WINNT\se.exe Deleted

    C:\WINNT\system32\snss.exe Infected with: GenPack:Backdoor.Bifrose.D

    C:\WINNT\system32\snss.exe Disinfection failed

    C:\WINNT\system32\snss.exe Deleted

    Activescan.txt

    Incident Status Location
    Adware:adware/weblookup Not disinfected C:\PROGRAM FILES\Weblookup
     
    ellezeebub, Feb 20, 2006
    #5
  6. ellezeebub

    ellezeebub Private E-2

    i could go ahead and remove the files from the list that bit defender said it deleted if that would make it easier to read ...
     
    ellezeebub, Feb 20, 2006
    #6
  7. ellezeebub

    ellezeebub Private E-2

    okay, read again, here is attachment.
     

    Attached Files:

    ellezeebub, Feb 20, 2006
    #7
  8. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    I need your HijackThis log. From what I can see in the BitDefender Scan your system is seriously compromised.

    You are strongly advised to do the following immediately:

    1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

    2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

    3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

    Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

    Your system has a program on it that is design to dump passwords from you registry.
     
    Shadow_Puter_Dude, Feb 20, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds