Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Hijacked browser, Possibly from mfeed.in

  1. #11
    Junior Member
    Join Date
    May 2010
    Posts
    8

    Default

    MalwareBytes came up clean on 6/07 (see log file : mbam-log-2010-06-07 (14-03-54).txt ).

    Kaspersky (attached) flagged files but those directories scanned negative with MalwareBytes and McAfee.

  2. #12
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Quote Originally Posted by Thinkerer View Post
    MalwareBytes came up clean on 6/07 (see log file : mbam-log-2010-06-07 (14-03-54).txt ).
    Ahh yes, sorry missed that.

    Kaspersky (attached) flagged files but those directories scanned negative with MalwareBytes and McAfee.
    Kaspersky is very thorough, and not every scanner finds every infection. That's why running multiple scans gives us better assurance you're clean.

    Do you still use Eudora for your email? As you can see from the Kaspersky scan you appear to have several infected emails and/or attachments. You will need to go through those and delete anything suspicious if found. If you don't use it then I'd suggest you uninstall it.

    *********************************

    You have some Malware in your Java cache:

    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\ <<< clean your Java cache

    http://support.f-secure.com/enu/home...avacache.shtml

    *********************************

    This one may be a false positive:

    C:\Program Files\Free FLV Converter\FreeFLVConverter.exe

    Please go to http://www.virustotal.com/en/indexf.html
    click on Browse, and upload the following file for analysis:

    C:\Program Files\Free FLV Converter\FreeFLVConverter.exe

    Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.

    **********************************

    Uninstall Combofix
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

    The above procedure will:
    • Delete the following: ComboFix and its associated files and folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.


    ************************************

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Also let me know how it's running.
    IndiGenus

  3. #13
    Junior Member
    Join Date
    May 2010
    Posts
    8

    Default

    Cleaned anything doubtful out of the Eudora mailbox - unfortunately I do still use it.

    I also found that the McAfee on-access scan has exclusions including the Eudora "spool" directory which may be part of the problem - I removed the Eudora exclusions.

    Should I remove the rest?

    Java Cache is cleared, and FreeFLVConverter & ComboFix are gone.

    Security Check log is attached - it indicates that the on-access scan is disabled which isn't the case (up and going according to its "statistics" window).

    Machine has been running flawlessly since last week - thank you!

  4. #14
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Quote Originally Posted by Thinkerer View Post
    Cleaned anything doubtful out of the Eudora mailbox - unfortunately I do still use it.

    I also found that the McAfee on-access scan has exclusions including the Eudora "spool" directory which may be part of the problem - I removed the Eudora exclusions.

    Should I remove the rest?

    Java Cache is cleared, and FreeFLVConverter & ComboFix are gone.
    Outstanding!

    Security Check log is attached - it indicates that the on-access scan is disabled which isn't the case (up and going according to its "statistics" window).
    Could have something to do with the fact it's an enterprise version??? If your system is reporting that all is well then you should be good.

    Machine has been running flawlessly since last week - thank you!
    Another outstanding!!!

    As you can see from the security report you also should update your Adobe Reader.
    http://www.adobe.com/support/downloa...ows&product=10

    Other than that I think you're in pretty good shape.

    In addition to updating and using what you currently have you may want to consider the following:

    Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

    Install Winpatrol -
    Use Winpatrol to take control of your PC and provide another layer of security.
    Help file and tutorial can be found Here

    Block unwanted parasites with a custom hosts file -
    http://www.mvps.org/winhelp2002/hosts.htm

    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

    Keep your applications up to date -
    Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.

    I'll leave the thread open a few days in case you have questions or issues.

    Regards,
    Dave
    IndiGenus

  5. #15
    Junior Member
    Join Date
    May 2010
    Posts
    8

    Default

    I guess the last question would be about the exclusions that are still listed in McAfee On-Access Scan. Is there any reason to delete them? They are of the general form

    %systemroot%\security\**\ etc.

    %systemroot%\SoftwareDistribution\Datastore\ etc.
    Last edited by tashi; 2010-06-14 at 17:55. Reason: Date of archive

  6. #16
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Quote Originally Posted by Thinkerer View Post
    I guess the last question would be about the exclusions that are still listed in McAfee On-Access Scan. Is there any reason to delete them? They are of the general form

    %systemroot%\security\**\ etc.

    %systemroot%\SoftwareDistribution\Datastore\ etc.
    Why those locations would be excluded in McAfee is beyond me??? Those are locations created my windows. One for updates, and the other security. Certainly won't hurt to just remove the exclusion. If issues arise then you could put them back, but I doubt it. Sorry I don't have something a little more concrete.
    IndiGenus

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •