Infected!

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0
Help! Currently I'm writing this on my laptop which is clean. My main computer has had a RAT on it for a few days now I think. But I only found out last night. As soon as I found out I disconnected it from the internet and ran a Norton virus scan. Nothing came up in the results. After that I turned it off. What should my next step be?
Thanks.
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0
Ping said:
Sup harry

Click to expand...

LOLOLOLOLOLOL.
Not MR Team, gtfo.

Jonathan said:
MBAM seems to of caught it.

Post a HJT log.
Click to expand...

I ran a scan, but it didn;t save a log :S

I'm hoping Bytes got it.
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0
Thank you so much for your helping Automatic Coding, maybe you should get accepted for MR Team

How do I delete:

Code: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java (Backdoor.Bot) -> Value: Java -> No action taken.
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0
Chris said:
!--Only Malware Removal Team are to post in here except the OP--!
Click to expand...

Am I allowed to make an exception for this post?
Automatic Coding helped me successfully remove it within 1 hour of posting, while a MR member hasn't even been online yet.
 

Tha Sneak

Member
Joined
Mar 19, 2011
Posts
229
Reacts
0
Reputation
0
Credits
0
Jonathan said:
I'm in HJT.
I'm active.
I'm not stupid.
You're not active.
Click to expand...

You're not a HJT helper.
I'm active.
I'm not stupid.
You're not trained.
 

Techno

User is banned.
Joined
Mar 19, 2011
Posts
978
Reacts
0
Reputation
0
Credits
0
Jonathan said:
"Time Spent Online: 3 Days, 4 Hours, 47 Minutes, 51 Seconds"

In 9 months.
Really?
Click to expand...

People quit and come back. He came back to be MR Team. Get over it Jonathan.
 

Tha Sneak

Member
Joined
Mar 19, 2011
Posts
229
Reacts
0
Reputation
0
Credits
0
Hi,

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop

  • Copy and paste the contents of aswMBR.txt back here for review
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0

I just ran that, then when I clicked 'Scan' I got bluescreened.

Code: 
Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	2057

Additional information about the problem:
  BCCode:	1000007e
  BCP1:	FFFFFFFFC0000094
  BCP2:	FFFFF88001058C23
  BCP3:	FFFFF88003B62788
  BCP4:	FFFFF88003B61FE0
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\082811-30186-01.dmp
  C:\Users\Harry\AppData\Local\Temp\WER-48578-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\windows\system32\en-US\erofflps.txt

Then I had to restart my computer.
 

Tha Sneak

Member
Joined
Mar 19, 2011
Posts
229
Reacts
0
Reputation
0
Credits
0
Hi,

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0

Scan Log:
http://pastebin.com/J1EKi3xh
 

Tha Sneak

Member
Joined
Mar 19, 2011
Posts
229
Reacts
0
Reputation
0
Credits
0
Hi,

Please download ComboFix
from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
 

Multiply

Onyx user!
Joined
Mar 19, 2011
Posts
1,489
Reacts
0
Reputation
0
Credits
0
Ok, just before I run Combo fix. Why does my AV not like it?
 

Tha Sneak

Member
Joined
Mar 19, 2011
Posts
229
Reacts
0
Reputation
0
Credits
0
Drhu said:
Just want to say one thing here. Why would you ask him to download TDSSKiller if you had already seen the log? You knew all along that combofix was the best tool for the job. You wasted his time running TDSSKiller.
Click to expand...

TDSSKiller is for a specific infection that I was looking for. ComboFix doesn't remove it. I know what I'm doing and you have no room to tell me otherwise. Don't post here again.
 

All Day Win

Onyx user!
Joined
Mar 19, 2011
Posts
4,418
Reacts
0
Reputation
0
Credits
0
If you're not part of the MR team don't post here this is your final warning.
 
You must log in or register to reply here.
Menu
Log in
Register