|
|
|
|
#1 |
|
Registered User
|
Caution! Your computer contains a variety of suspicious programs..
Ok it looks like i have some malware.
When i open the odd hyperlink, i get redirected to a page that has an ip in the address bar, and it pretends to do a scan on my computer. I can't cancel out and have to End Task on iexplorer.exe It's exactly like this: http://www.youtube.com/watch?v=VxJlCkX7Spc Funny thing is, so far its happened exclusively to Guardian (news site) links. Anyway, i have Malwarebytes Anti-Malware and it only returns some false positives (log file below) I also use SpyBot S&D, it finds a few things. I also use Avast (free version, updated) and it finds nothing. My DNS isn't being redirected and there's nothing in hosts file. What do you think? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5202 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28/11/2010 05:12:18 mbam-log-2010-11-28 (05-12-18).txt Scan type: Full scan (C:\|) Objects scanned: 605811 Time elapsed: 1 hour(s), 21 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\BACKUP\Software - Applications\Adobe Photoshop CS3 Extended\Adobe Photoshop CS3 Extended\Crack\Crack\Keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\BACKUP\Software - Applications\AdobePremiereCS3\AdobePremiereCS3\Crack\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\BACKUP\Software - Applications\Microsoft Office 2007\Office 2007 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. |
|
|
|
|
Advertisement
|
|
|
|
|
#2 |
|
Registered User
|
Can you first try all those tests again (especially the Malwarebytes bit) in 'Safe Mode with Networking' if you haven't already? Do you think Avast was running and up-to-date when this infection started?
|
|
|
|
|
|
#3 | ||
|
Registered User
|
Quote:
Quote:
So my computer would have been unprotected for a narrow window of time. |
||
|
|
|
|
|
#4 |
|
Registered User
|
Nothing found in SAFE mode:
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5202 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 28/11/2010 21:13:28 mbam-log-2010-11-28 (21-13-28).txt Scan type: Full scan (C:\|) Objects scanned: 453218 Time elapsed: 48 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
|
#6 | |
|
Registered User
|
Quote:
The 2nd Malware Bytes scan didn't detect anything. |
|
|
|
|
|
|
#7 |
|
Registered User
|
A common way to get rid of some of the more stubborn viruses is to use the rkill program first to terminate any infected processes before running Malwarebytes again. This gives Malwarebytes (and other virus checkers) a better chance of detecting some viruses that might otherwise stay hidden. Can you try that? Rkill will produce a log in C:\rkill.log so post that too.
Last edited by bhickey; 29-11-2010 at 08:40. |
|
|
|
|
|
#8 |
|
Moderator
|
Do a scan with super anti spyware the free one.
|
|
|
|
|
|
|
|
|
|