Malware Infection

[Jack&Jill]

Hello RFAKNO ,

Your computer has/had some serious infections with rootkit/backdoor capabilities.
Sorry for the bad news. Backdoors provide outsiders full access to your computer, enabling them to record key strokes, steal passwords, spread malwares, and even using it for other illegal activities.

If your computer has been used for important or sensitive data such as online banking, shopping or any other financial transactions, I strongly recommend you to do the following:

• Disconnect from the Internet and any network immediately.
• Inform your financial institutions that you may be a victim of identity theft and to put a watch on all your accounts or change them.
• Change all your online passwords from a clean computer.
• Take any other steps that you may think is necessary to prevent financial distress due to identity theft.

Due to the backdoor functionality, your computer is compromised and can no longer be fully trusted. Many experts in the security community believe that once tainted with this type of infections, the best course of action would be a reformat and reinstall of the OS. I too strongly recommend you to format your computer. We can still attempt to clean it if you wish, but due to the severity of the infections, I cannot guarantee it will be safe or clean afterwards. It is up to you to decide. Please let me know which course of action you wish to take.

Here are some read to help you decide:
How to respond to possible ID theft and Internet fraud
When should I reformat?

--------------------

If you like to proceed, please continue below.

Please delete the ComboFix copy that you have and download a new copy. Save it as RFAKNOcf.exe to the desktop, then try running it. If it does not work, please move it to C:\ and try running from there.

Try DDS again too and post back its logs.

--------------------

Please post back:
1. how do you want to proceed
2. if you want to continue, the ComboFix log
3. DDS logs (DDS.txt and Attach.txt)

[RFAKNO]

Hi Jack&Jill,

Bad news indeed. The problem is it's a laptop with preinstalled software that I no longer (if ever) have the Windows CD. Consequently I would like to continue with the attempt to clean.

I've tried running Combofix as per your instructions but it always hangs the system about 2-3 minutes after the scan starts. Similarly DDS still hangs the system (with the same symptons as Combofix) at the 52nd #.

Regards

Roy

[Jack&Jill]

Hello RFAKNO ,

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 - 32-bit version
Link 2 - 32-bit version

• Double click on SystemLook.exe to run it.
• Copy and paste the following text into the main textfield:
  
  Code:

  :filefind 
  redbook.*
  wuauclt.*

• Click the Look button to start the scan. This might take a while.
• When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
  Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Run ComboFix via command line

• Go to Start > Run.... Copy and paste the following text into the white box:
  
  Code:

  RFAKNOcf.exe /nombr

• Click OK.

ComboFix will now run a scan. If it still hangs, please let me know.

--------------------

Please post back:
1. SystemLook result
2. ComboFix log

[RFAKNO]

Hi Jack&Jill,

Since my last post I've done some more research and found the hidden partition on the hard drive containing the original setup.

In view of your earlier recommendation I have decided to reformat.

One concern I have remaining is how the infection occurred. I'm very cautious about what I do and have always had Avira running. How did it get past Avira? Is Avira OK or should I adopt Avast or could you recommend another.

Your thoughts would be appreciated.

Thanks for your help.

Regards

Roy

[Jack&Jill]

Hello RFAKNO ,

A good decision. I would have done so myself.

One concern I have remaining is how the infection occurred. I'm very cautious about what I do and have always had Avira running. How did it get past Avira? Is Avira OK or should I adopt Avast or could you recommend another.

Nowadays, malware is so advanced that any vulnerabilities will be exploited.

As for the details, please take a look at the articles after the security recommendations below. These recommendations will help you configure your computer after reformat to be in a better shape to stand against any infection attempts.

--------------------

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials and Avast are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with MCShield, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

10. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Your donation helps in improving Spybot-S&D!

[RFAKNO]

Hi Jack&Jill,

Thanks for the follow up information, help and guidance.

Regards

Roy

[Jack&Jill]

Hello RFAKNO ,

You are most welcome. I will keep this topic open for another day in case you have any questions.

[Jack&Jill]

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!