Thread: MSN virus
View Single Post
Old 11-27-2006, 06:19 AM   #11 (permalink)
Susan528
Analyst, Security Team
 
Join Date: Nov 2006
Posts: 215
OS: WinXP Pro


Hi foricer,

Quote:
luckily, i have not used it for anything with finances
Thank Goodness!

This one is also known as the torpig Trojan which steals information like keystrokes, passwords, etc.
http://research.sunbelt-software.com...threatid=91084
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Infected: Trojan-PSW.Win32.Sinowal.bh skipped
When I see this infection, I give the warning about possible Identity Theft.
=============================
I urge you to protect your personal information

Do not use this system for any transactions until you are clean.

Here are a couple of links which may provide you with additional valuable information:
When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451


If You do any online banking, ebay/paypal purchases, any other sensitive online transactions...:

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

=======================

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Documents and Settings\Zahner Family\loadadv642.exe<=file
C:\Documents and Settings\Zahner Family\Local Settings\Temp\installer.exe<=file
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll<=file

Exit Explorer, and reboot as normal afterwards.
Empty your recycle bin.

Please run Kapersky again and post the results with another hijackthis log please.
__________________



Proud member of ASAP since 2005

If you feel we've helped you, Please donate to the forum
Susan528 is offline