Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: Malware - PC Crashes / Browser redirects

  1. #21
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5765

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/14/2011 8:48:02 PM
    mbam-log-2011-02-14 (20-48-02).txt

    Scan type: Quick scan
    Objects scanned: 186236
    Time elapsed: 7 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #22
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Step 4 | Let's perform an ESET Online Scan
    ============
    Hi
    How much time does this take ?

    Its been 60 mins and its still scanning one of the .iso installation files by Microsoft.

    Please advise
    Thanks and regards
    Sanjay

  3. #23
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi Sanjay,


    Yes, Online Scanners like this often take several hours to complete. I would suggest you run the scan at night, and if possible, let it running the rest of the day. It's important that you provide me with it's results.


    The rest of the logs are looking fine. How're your browser running?

  4. #24
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Thanks.
    Can I disconnect my internet when its scanning?

  5. #25
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    ESET scan log

    C:\Qoobox\Quarantine\C\Users\Sanjana\AppData\Local\ayetaciw.dll.vir a variant of Win32/Cimag.FT trojan
    C:\Users\Public\Documents\Server\hlp.dat probably a variant of Win32/Agent.JCVPCMR trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43120580-37e6314a Java/TrojanDownloader.Agent.NBK trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-2482c0d8 probably a variant of Win32/Agent.FPEXZHL trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7a087e0b-340f2d40 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-634e45ea multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\308c10c-46579c39 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6b2b5d8c-41e726b4 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\15397e0d-7f42dd1c a variant of Java/TrojanDownloader.OpenStream.NAY trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\48173611-6b28a619 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\16f80713-5915a4a4 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\8cc76d3-57b25d78 a variant of Java/Exploit.Agent.NAL trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5f546d95-515d52fd multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-17b0d7ca multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\42f2dad8-6a223b6f probably a variant of Win32/Agent.RPSVWU trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7b7b6759-76a96a10 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\53c8c5da-44d9b878 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\48c654db-5a6528b1 probably a variant of Win32/Agent.HRYTTOE trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-71923437 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-1903ca14 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-1a42ef06 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-74daa67c multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-2004b95f multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\35d18421-58060da7 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-5a475499 probably a variant of Win32/Agent.FPEXZHL trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\43ddf822-35b7d5ff multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-407cc926 probably a variant of Win32/Agent.HRYTTOE trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-4b4d12e9 probably a variant of Win32/Agent.HRYTTOE trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\546b8c27-4a2b8e78 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\40591084-2bc9dd3f Java/TrojanDownloader.Agent.NBL trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5ebca369-3def0ec0 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\34a3fab-62c16d5b multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-2596151f probably a variant of Win32/Agent.HRYTTOE trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\f6e936c-1489abc4 a variant of OSX/Exploit.Smid.C trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-1835644b multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-40f8015a probably a variant of Win32/Agent.DYXWUMY trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a183b45-16a9ac88 probably a variant of Win32/Agent.HRYTTOE trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\425fc2f3-3663729c probably a variant of Win32/Agent.RPSVWU trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-7ba92068 probably a variant of Win32/Agent.DYXWUMY trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7971bb76-26972c50 multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1192d4f9-74dea01b multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fd18ba-48640a7b multiple threats
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\23146dfe-1e91f3dd a variant of Java/TrojanDownloader.OpenStream.NBF trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\43e0867f-2eb57fe0 Java/TrojanDownloader.Agent.NBL trojan
    C:\Users\Sanjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3f5641c8-18f911d0 Java/TrojanDownloader.Agent.NBK trojan
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4812d38c-56443801 multiple threats
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\44d775d7-1278bf7f multiple threats
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1131b71b-28fe058d a variant of Java/TrojanDownloader.OpenStream.NBF trojan
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3c257486-775cb703 multiple threats

  6. #26
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi there,


    We are almost done. How's the computer running now?


    Please follow these steps:


    Step 1 | Please go to the following site to scan a file: Virus Total

    • Click on Browse, and upload the following file for analysis:

      • C:\Users\Public\Documents\Server\hlp.dat

    • Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
    • If it says already scanned -- click "reanalyze now"
    • Please post the results in your next reply.



    Step 2 | Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components
    and update.


    • Click on the following link to visit java website:
      Java Runtime Environment (JRE)
      6

    • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)".
    • Click the "Download" button to the right column (JRE).
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: " I
      agree to the Java SE Runtime Environment 6 with JavaFX License
      Agreement
      ". Click on Continue. The page will refresh.
    • Click on the link to download Windows Offline Installation
      and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Now go to Start > Settings > Control Panel, double-click on
      Add/Remove Programs and remove all older
      versions of Java.
    • Check (highlight) any item with Java Runtime Environment
      (JRE or J2SE or Java(TM) 6) in the name [Java(TM) 6 Update 21 and Java(TM) 6 Update 3.]
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the recently downloaded java
      installer icon to install the newest version.
    • After the install is complete, go into the Control Panel
      (using Classic View) and double-click the Java Icon. (looks like a
      coffee cup)
      • On the General tab, under Temporary Internet Files, click the
        Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave
        BOTH Checked
        • Applications and AppletsTrace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from
        the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

  7. #27
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    When I browse and click on "Send File" it does not do anything.
    The status bar in IE shows "Error on page" message. I clicked on details i get below message.

    ==============================================

    Webpage error details

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; InfoPath.3)
    Timestamp: Fri, 18 Feb 2011 03:55:02 UTC

    Message: 'tagName' is null or not an object
    Line: 73
    Char: 4
    Code: 0
    URI: http://www.virustotal.com/

    ===============================================

  8. #28
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Then please upload the file to Jotti:

    Go here: http://virusscan.jotti.org /

    • When the jotti page has finished loading, click the "Browse" button and navigate to the following file and click Submit:

      • C:\Users\Public\Documents\Server\hlp.dat

    • Copy the results and paste them here

  9. #29
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Results

    http://virusscan.jotti.org/en/scanre...639a24653d3229

    2011-02-19 Found nothing 2011-02-19 Found nothing
    2011-02-18 Found nothing 2011-02-18 Trojan.Win32.Bamital
    2011-02-18 Found nothing Scanning, please wait...
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-19 Mal/Bamital-A
    2011-02-19 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-19 Found nothing

  10. #30
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    http://virusscan.jotti.org/en/scanre...639a24653d3229


    2011-02-19 Found nothing 2011-02-19 Found nothing
    2011-02-18 Found nothing 2011-02-18 Trojan.Win32.Bamital
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-19 Mal/Bamital-A
    2011-02-19 Found nothing 2011-02-18 Found nothing
    2011-02-18 Found nothing 2011-02-18 Found nothing
    2011-02-19 Found nothing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •