Tech Support Forum - View Single Post

Katana · 12-29-2007, 06:50 PM

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I'm afraid I have unpleasant news for you. You have evidence of a Very Dangerous infection on this machine.
Your machine is heavily infected, and more than one of the infections is a Password Stealer

It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine,

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.

I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :(

Download and Run ComboFix

Download Combofix from one of the links below :

ComboFix.exe 1
ComboFix.exe 2
ComboFix.exe 3
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

12-29-2007, 06:50 PM	#2 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 969 OS: W2K SP4 + XP SP2 + Vista	Re: Computer infected, please help! Hello and welcome to the forums My name is Katana and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work: 1. If you don't know, stop and ask! Don't keep going on. 2. Please reply to this thread. Do not start a new topic. 3. Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there) If you can do those three things, everything should go smoothly :D I'm afraid I have unpleasant news for you. You have evidence of a Very Dangerous infection on this machine. Your machine is heavily infected, and more than one of the infections is a Password Stealer It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, If the Computer has been used for any important data, you are strongly advised to do the following, immediately: Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned. Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites. If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers. From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information. Take any other steps you think appropriate for an attempted identity theft. I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :( Download and Run ComboFix Download Combofix from one of the links below : ComboFix.exe 1 ComboFix.exe 2 ComboFix.exe 3 You must download it to and run it from your Desktop Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. Double click combofix.exe & follow the prompts. When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log Re-enable all the programs that were disabled during the running of ComboFix.. Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. ComboFix SHOULD NOT be used unless requested by a forum helper __________________