April Fools!??? waled ac.cn TrojanC Registry Value

[HopefulBeliever]

OK, Blade...since the only 'shutdowns' not freezing issues, happen when I try and run spybot/ESET scans... guess I should go ahead and register there at Pitstop...thanks for the help...and I sure hope I get this all resolved soon, since taxes came back, I am gonna add a lil more memory to this machine...

Have a Nice Day

Julia

 

[Blade81]

Ok. Hopefully thing gets sorted out :bigthumb:

 

[HopefulBeliever]

Ut Oh

Hey Blade...I joined the PitStop Forum, like this forum, it has a "Read This" before posting, recommended to run scan first...
Well there was a list of different av scans to run, I chose PC Pitstop Exterminate2, here are those results...

____________________________________________________________________
Bifrost
ThreatID:29428
Type:Malware
Level:2
Category:Backdoor
DescA Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
TracesType:3 Wget -1
CanQuarantine:1
AuthorURL:evileyesoftware.com/ees/request.php?10
__________________________________________________________________
This came from Bifrost a link to get more info about this malware...

Threat Name Bifrost
Summary Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Category BackdoorCategory information
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Level HighLevel information
High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Quarantine
Description Some features of Bifrost: Cam capture, file manager, file search, offline/online keylogger, password list (protected storage, cached passwords, ICQ, CD keys), polymorphic plugin, process list, remote shell, screen capture, system info, and windows list.
Release Date Apr 12 2005
Last Updated Mar 13 2009
File Traces
Show Traces - (Click to Expand)
_______________________________________________________________

Pitstop exterminate says to remove IMMEDIATELY!!!
I will wait a few to see if you log back in, before I do so

Thanks
Julia

 

[HopefulBeliever]

Hmmmm

ok, maybe this Pitstop Exterminate is not a good program???

I just went to the second page of the scan results and it said I have Kazaa on my computer...I do NOT have Kazaa on this comp...now I feel taking any action this scan recommends maybe dangerous???

:spider:

Here's second page info from Pitstop Exterminate...
_______________________________________________________________
remove these files as part of the diagnostic process. If you would like these files removed, check the box below.

Low Level ThreatsKaZaA
ThreatID:7631
Type:Low Risk Software
Level:5
Category2P Program
DescA P2P (or Peer to Peer) Program is software that enables the user to participate in an online file sharing network and trade or share files with other users in the network. P2P Programs often bundle advertising software, but some P2P Programs are adware-free. P2P Programs are typically not harmful in and of themselves, but the user is at risk for infection with adware and/or malware though files downloaded from the file sharing network.
TracesType:3 Kazaa -1
Type:3 LocalContent -1
CanQuarantine:1
AuthorURL:
FunWebProducts
ThreatID:14912
Type:Low Risk Software
Level:5
Categoryotentially Unwanted Program
DescPotentially Unwanted Programs include software that does not fit into another category (such as Low Risk Adware or Potential Privacy Risk) that users might want detected because the software includes some form of potentially objectionable functionality.
TracesType:3 {9AFB8248-617F-460d-9366-D71CDEDA3179} -1
Type:3 TreatAs -1
Type:3 TreatAs 1
CanQuarantine:1
AuthorURL:funwebproducts.com
Cookie: Tracking Cookies
ThreatID:174265
Type:Cookie
Level:5
Category:Cookie (General)
DescCookies are small "data tags" that web sites and services store on users' PCs in order to distinguish and recognize unique visitors. Cookies are used by web sites to identify returning visitors who have registered for special services; to monitor, measure, and analyze visitors' navigation and use of web site features; to count unique visitors to web pages and web sites; and to allow web surfers to use virtual "shopping carts" at e-commerce sites. Online advertising networks use Cookies to track
TracesType:1 ad.yieldmanager[2].txt
CanQuarantine:0
AuthorURL:

wow...I am so unsure what to do...I am gonna find out where to post in the proper place over at pitstop

 

[Blade81]

Hi

Let it remove those That Kazaa related finding seems to be some registry value.

 

[HopefulBeliever]

It just don't seem right to me...

Hey Blade...
I truly am not meaning to be a pest...I am here at Safe Networking because I trust this site and the staff, and when I first read spybot S&D's Terms of use..my Heart Smiled ::heart:

I am curious why we didn't find such a high risk threat...outside of the scans crashing...
It doesn't make sense to Purchase *online* from an infected comp with these high level threats... the software to remove it...seems quite dangerous to me... :wink: (I have checked and keep checking my bank accounts, etc... All is well there )

PCPitstop seems legit to me, and afterall u referred me there...
I don't find a number to purchase by telephone...

I emailed tech support there, for these results and the fact they referred me to use their Optimized2 Overdrive Scan, which crashed and restarted my comp, so he (tech) asked me again to run Overdrive, ( I have also read several posts on their forum of other users having this same problem) it was running (in IE) along fine, than IE warning popped up...had to shut down IE because of an add-on trying to install...and all shut down... when windows restarted; I had some kind of warning on my screen, replacing my desktop background... telling me that either, a recently added desktop icon, a web add-on or shutting comp off w/o shutting it down (I would say all 3 applied) basically made my desktop background not run, I was able to restore desktop.

I guess I will email PS tech guy and let him know...

...Patience is definitely a virtue :halo:

Julia

 

[Blade81]

Hi

PCPitstop seems legit to me, and afterall u referred me there..

I wouldn't recommend any location that was dubious one.

As I stated earlier, those shutdowns are more likely caused by other things than malware. It's better that PCPitstop guys continue from here.