One or more of the identified infections steal information. That includes all passwords, log ins to forums and your email details & other websites and most of all your Bank, Credit card or Paypal details. If this system is used for web based email, online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. It also seems to be able to steal all your emails so anything you have emailed to anybody is no longer confidential.
I suggest that you read
this article too.
---------------------------------------------------------------------------------------------
It appears as though the files which usually contain this info for the badguys to harvest were 0 byte files, meaning they contained no data. It would still be prudent to follow the previous steps.
---------------------------------------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
File::
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache(2).dsk
C:\n.bat
Folder::
C:\VundoFix Backups
C:\WINDOWS\SYSTEM32\mr9
C:\WINDOWS\SYSTEM32\ardCo18
C:\WINDOWS\SYSTEM32\aj2
C:\WINDOWS\SHVnaCBTdHVsbA
C:\temp\cEeer12
|
Save this as
CScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006