unknown malware

[fallingrock]

Hi Lonny

The popups have stopped for the moment. I have changed from IE to Firefox and uninstalled those cracked apps and deleted the installation files.

And by the way, I have to say that it is awesome that people like you fight this terrible crap. Thankyou so much for helping me, you have no idea ho much I appreciate it

I have also installed Kerio Personal Firewall (trial). Although there are no symptoms anymore, now I am concerned about two things:

1. The fact that I previously executed the file setup.exe which mwav found to be infected with Trojan-Clicker.Win32.VB.kb
And since executing that file the only thing I have done to fight the attack is to delete the "setup.exe" file which was found by mwav in c:/ root directory. I don't know what else to do.


2. the entries in the mwav log:

File C:\Documents and Settings\Administrator\Desktop\offending spyware file\the files\Google Earth Pro Map With CRACK FULL.zip infected by "Trojan-Clicker.Win32.VB.kb" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\offending spyware file\the files\setup.zip infected by "Trojan-Clicker.Win32.VB.kb" Virus! Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clientman Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.

[LonnyRJones]

Hi

That setup file had lots of things in it, meaning the longer it ran more would have been installed, we have checked for those.
the other items mwav sees in the registry are i think are left overs, not to worry.

Prevention:
Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file: http://www.mvps.org/winhelp2002/hosts2.htm
How did that go ?
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Regards
Lonny

[tashi]

As the problem appears to be resolved this topic will be archived.
If you need the topic reopened please pm me.