Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Infected - Smart Fortress 2012

  1. #21
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .



    Hello......here is the ESET scan

    -------------------------------------------------------------------------

    C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
    C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application
    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application
    C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
    C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DA trojan




    .

  2. #22
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .


    Hello......updated MBAM again this morning......scan results below.

    Avast fired a few times during the scan and grabbed some more.....see attached screen capture.

    ------------------------------------------------------------------------

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.02.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gooderham :: DELL [administrator]

    02/05/2012 8:19:48 AM
    mbam-log-2012-05-02 (08-19-48).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 333454
    Time elapsed: 1 hour(s), 53 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp33\a0008867.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

    (end)



    .
    Attached Images Attached Images

  3. #23
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    The Eset detections for the most part are warning you of a Potentially Unwanted Program,Uniblue. See HERE for more information on these types of programs.

    I can't see where the first detections in the screenshot are but they are temprorary files. There is also no date but if the list is chronological those are old detections and were removed when we emptied the temp files.

    From the first MBAM scan:
    Files Detected: 2
    c:\documents and settings\all users\application data\529c50a800717d320000205bd151fc84\529c50a800717d320000205bd151fc84.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
    c:\documents and settings\gooderham.laptop\local settings\temp\_avast_\unp45314377.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
    The 5th and 6th looks like the ones Avast removed during the first MBAM scan.

    Starting with C:\Qoobx\Quarantine those are files we have quarantined or are in System Restore points. The MBAM detection is also in a System Restore point. These are harmless unless you restore to that point. They will be removed when the tools are removed.

    We'll remove the tools now. Once the tools are removed System Restore will be reset and the quarantined files removed.

    From your desktop, please delete, if present
    • any notepads/logs that we created
    • Farbar Service Scanner


    Next

    Click the Start button, click Run. Copy and paste the following line into the run box and click OK

    Combofix /uninstall


    Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


    I suggest you keep MBAM. Keep it updated and use it regularly.

    Upates and upgrades

    Adobe Acrobat - Reader 6.0.2 Update This is very old and vulnerable. You don't need it as you have FoxIt Reader. I suggest you uninstall Adobe Acrobat - Reader 6.0.2 Update

    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall and antispyware to what you have.

    * If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

    Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

    For a resident antispyware program you could use Spybot (scroll down) It can also be used to install a Custom Hosts file.

    OR

    A guide to understanding and using the hosts file.

    Learn how your Hosts file can protect you and how you can protect it.
    Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
    HOSTS

    Please read the info on disabling the DNS Client before installing a custom hosts file.



    -Secure your Internet Explorer

    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


    - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


    - Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab


    - Keep your antivirus program updated, as well as any other security programs you have.


    -More tips and programs can be found HERE

    Please post back if you have any problems.

    Take care
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  4. #24
    Junior Member
    Join Date
    Apr 2012
    Posts
    15

    Default

    .



    Done.....done.....and done......

    I did the Hosts File thingy and the DNS disable.....I assume it's running.

    All seems to be well......Thanks for the help.

    Best Regards



    .

  5. #25
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi Halton,

    You are more than welcome.

    Take care, keep safe.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

  6. #26
    Security Expert oldman960's Avatar
    Join Date
    Sep 2010
    Posts
    631

    Default

    Since this issue appears to be resolved ... this Topic has been closed.
    Member of UNITE and ASAP
    Threads will be closed if no response after 5 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •