Results 1 to 9 of 9

Thread: fake.wget

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Default fake.wget

    well i got infected.searched google and found you guys.i use spybot for a very long time but never went on forum.ok,so i tried to do the thing with notepad and i still am infected with it.here's the report:

    --- Search result list ---
    Fake.Wget: Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1993962763-287218729-725345543-1003\Software\Wget

    Fake.Wget: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Wget

  2. #2
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Default

    got the latest update and now i have a new trojan named Bifrose.LA so now i have the wget and this bifrose here is the report:

    --- Search result list ---
    Bifrose.LA: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}

    Bifrose.LA: System file (File, nothing done)
    D:\WINDOWS\system32\drivers\oreans32.sys

    Fake.Wget: Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1993962763-287218729-725345543-1003\Software\Wget

    Fake.Wget: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Wget

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    GraveDigga Hi
    Please go here and follow instructions.
    http://forums.spybot.info/showthread.php?t=288
    Post A Hijackthis log and an online scan report here in this thread.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  4. #4
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Default

    the online scand was made with panda

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Start Hijackthis and place a check next to these items If there.
    O4 - HKLM\..\Run: [startkey] D:\WINDOWS\system32\systemhosts.exe
    O4 - HKCU\..\Run: [startkey] D:\WINDOWS\system32\systemhosts.exe

    ====================================
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Manualy delete
    D:\WINDOWS\system32\systemhosts.exe
    Your antivirus might offer to delete it when you get close, thats fine.

    Check for problems with SpyBot and fix everything found, then do so a second time and let me know what was there.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  6. #6
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Default

    searched with hijackthis and i didn't find that.searched in system32 and also nothing.searchd with spybot and nothing ).i guess i resolved it with Trend Micro.it found something and disinfected.well tnx a lot :D

  7. #7
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Good

    Think Prevention: Put in place a good hosts file
    http://www.mvps.org/winhelp2002/hosts.htm
    How To Download and Extract the HOSTS file:
    http://www.mvps.org/winhelp2002/hosts2.htm
    Repeat that proccess about once or twice a month

    To help avoid reinfection see "So how did I get infected in the first place?"
    http://forums.spybot.info/showthread.php?t=279
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  8. #8
    Junior Member
    Join Date
    Sep 2006
    Posts
    6

    Default

    done.ok thanks a bunch man

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im Glad we could help
    Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

    If you should need to post another log for the same PC let one of us know via a PM (personal message).
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •