Security Tool infection Read me Run me attached

Discussion in 'Malware Help (A Specialist Will Reply)' started by epicfail13, Aug 14, 2010.

  1. epicfail13

    epicfail13 Private E-2

    My aunt has no idea how she got this one. The infection blocked everything from running on her profile, but apparently she has a restricted user account on this computer. Used the administrator's account and everything ran. Had some trouble updating Java at first, but tried after running Malwarebytes and it worked fine.


    Let me know if I missed any steps in the Run list, and I'll get to it as soon as I can. Also if there's any ideas how it got in, we'd like to know. She wasn't downloading anything, and McAfee was up and running; but of course there are so many ways to get infected.
     

    Attached Files:

    epicfail13, Aug 14, 2010
    #1
  2. epicfail13

    epicfail13 Private E-2

    Last attachment.
     

    Attached Files:

    epicfail13, Aug 14, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is a very bad idea to allow all users to have Admin. privileges!! You need to run both SAS and MBAM on each user account.

    You should also use a different computer to change any online passwords.

    The only thing that looks questionable is this:
    C:\WINDOWS\SYSTEM32\zqy
    If you don't know what this is for, rename it by adding a .old to the file name. Then see if anything is affected. If everything is running correctly, then you can delete the file.

    What issues are you still having?
     
    TimW, Aug 14, 2010
    #3
  4. epicfail13

    epicfail13 Private E-2

    Only my uncle had Administrator's priviledges, I think; and the infection started with my aunt's account. If you see otherwise from the logs please tell me, I'll change that as soon as I can.

    I'll also run the scans under the other accounts as soon as I can. If nothing pops up I'll attach logs of that too.

    They haven't had any other problems with the computer so far, but I wanted someone with more experience than me to check over the logs. Thanks for the help!
     
    epicfail13, Aug 16, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not correct. All of the below accounts have admin priviledges. The below is direct from your logs.
    Code:
    Users on this computer.
Is Admin? | Username
------------------
   Yes    | Administrator
   Yes    | Eric Reynolds
   Yes    | Katie Reynolds
   Yes    | Mary Theresa Carroll
   Yes    | Thorin Kiernan Aidan
     
    chaslang, Aug 17, 2010
    #5
  6. epicfail13

    epicfail13 Private E-2

    Okay then. I'll make sure that gets changed right away.

    When I tried to install the Java update under her account it said she had to be an administrator, but that must have been the malware.

    Thanks for the help.
     
    epicfail13, Aug 17, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know if any of the user accounts have something picked up by either SAS or MBAM. Be sure to name them so we know what account it is when you attach them.
     
    TimW, Aug 17, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds