User having problems posting: breatle.b?

Discussion in 'Malware Help (A Specialist Will Reply)' started by goldfish, Aug 11, 2005.

  1. goldfish

    goldfish Lt. Sushi.DC

    I'm posting this thread on behalf of a majorgeeks user who contacted me via MSN, because they cannot post due to their problems.

    All required steps have been followed in the sticky successfully (according to the user), however, the user cannot reach windowsupdate or download any patches.

    The infection was detected as "breatle.b" by Adaware SE (updated) and Norton Internet Security Suite AV. the file with the virus in is called twunk, which the user never downloaded intentionally. However the user did report having a warning appear for bloodhound.exploit.6, which was dealt with by Norton.

    The infection was apparently removed by Adaware (Norton couldn't remove), but the infection returned on reboot.

    Symptoms are: constantly changing homepage, countdown for reboot popping up intermittantly, downloads fail half way through, and the user cannot log into websites or post threads. The "twunk" file cannot be deleted in normal or safe mode.

    User has:
    Windows XP SP2 (no extra patches, unable to reach windows update)
    Norton Internet Security Suite
    Sygate Personal Firewall (I assume norton's firewall is disabled?)
    Internet Explorer 6
    512kbps down connection

    So far I've told the user to set the RPC service to recover by restarting the service rather than the computer, which hopefully prevents the random restarts currently occuring. I've also pointed the user to the following articles:
    http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html
    http://securityresponse.symantec.com/avcenter/venc/data/w32.bratle.b.html
    http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

    Until the user is able to log into majorgeeks and post, I can contact them through MSN and post results here (unless anyone has a better idea?).
     
    goldfish, Aug 11, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have them complete the steps below:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).


    Malware can cause problems with Windows Update but so can firewalls and AV programs. I have seen a dozen or more cases where after uninstalling Symantec's tools, windows update worked properly. Yes, it could be that the use blocked something by mistake in a firewall and uninstalling the firewall fixes it.
     
    chaslang, Aug 11, 2005
    #2
  3. goldfish

    goldfish Lt. Sushi.DC

    Got a response, and a message to pass on
    Thanks for checking it out.

    Attached is the logfile
     

    Attached Files:

    goldfish, Aug 12, 2005
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds