Infected with PWSteal.Metafisher

Discussion in 'Malware Help (A Specialist Will Reply)' started by bahollings, Mar 22, 2006.

  1. bahollings

    bahollings Private E-2

    I have a virus alert that says:Object Name:C/programfiles/.../1AI4D92wmf,Virus Name:pWSteal.MetaFisher, Action Taken:This file was automatically deleted.
    The problem is it doesn't delete.
    I have taken the steps you listed up through step 6. I'am posting the two scans from Defender and Malicious. It shows I do have a virus.
    Also before this I ran Norton and it shows no virus.
    thank you
     

    Attached Files:

    bahollings, Mar 22, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You only attach a log from PandaActiveScan. You should attach the log from Bitdefender. Make sure you create the log per the instructions in step 6 or you will not get the correct log.

    Also if you have run ALL steps in the READ ME, complete the instructions in step 7 and attach a HijackThis log.

    Are you Norton AV definitions up to date?
     
    chaslang, Mar 22, 2006
    #2
  3. bahollings

    bahollings Private E-2

    Yes I have read all the steps, definitions are up today. I've been unable to attach the results from Defender, it will not upload. It does indicate on the results that I do have a virus and it was unable to repair it. I'm working in a third world country right now so the internet is not very fast. Is there another way to post Defender? attached is the HiJack This results.
    thank you
     

    Attached Files:

    bahollings, Mar 22, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no problems showing in your HJT log.

    I would like to see what Bitdefender found. Why won't it upload? Is it too large? If so, put it in a ZIP file and attach the ZIP.

    Are you still having problems with the Virus? Which program is detecting it? Is it Norton???? But you said a scan indicates you are clean. Have you looked at their info on this: http://www.symantec.com/avcenter/venc/data/pwsteal.metafisher.html

    Attach the full message of what and where it finds it. What you post in the first message is not a complete path to the file.
     
    chaslang, Mar 23, 2006
    #4
  5. bahollings

    bahollings Private E-2

    The Bitdefender is 5.89 MB, the program ran all night long. I'm going to copy and paste a small sampling at the bottom of this message. I hope thats not againist the rules. If u still want me to put it in a Zip file I'll have to figure out how to do that, not sure.
    Yes I first went to the symantec web page and followed those instructions, it say to delete all files detected and all values added but the scan didn't show any but at the same time I was looking at a dialogue box on the screen that shows that PWSteal.Metafisher was detected and deleted but evidently it wasn't.
    I will leave the computer on and see when the message pops back up and I'll put down everything it says. sometimes my computer has to run for a couple of hours before the virus warning shows up.Here is just a sampling of what the scan shows:
    oAntiVirus\Quarantine\489B565B.wmf=>(Quarantine-2)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infected with: Exploit.Win32.WMF-PFV</font></p>
    </td>f
     
    bahollings, Mar 24, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you follow the instructions in step 0 of the READ & RUN ME? It tells you to cleanup (empty) all quarantines and temp stuff like this to prevent scanning from taking so long and to reduce log sizes.

    Sounds like you are just detecting things in a Quarantine folder. You must delete all those files.

    I would suggest at this point that you disable system restore per step 1 in the Read Me. Then reboot in safe mode.
    After rebooting into safe mode, run a full scan with your antivirus program and see if it finds anything. If it does, save the log and attach here.
    Then empty the Quarantine folder. And reboot into normal mode. Now enable system restore and let's see what happens.
     
    Last edited: Mar 24, 2006
    chaslang, Mar 24, 2006
    #6
  7. bahollings

    bahollings Private E-2

    I did everything u told me to do, the virus scan showed nothing, I did delete theQuarantine Folder (it did show the PWSteal. And the Norton dialogue box has not popped up again.
    thank you
    If it comes back I'll start all over and then contact you
    again thanks
     
    bahollings, Mar 25, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 25, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds