Sign In
Create Account
I have an instance of svchost running as USER
And Cookies are constantly being added in "Documents and Settings", with NO browser running (nothing visable)
1
Infected with ?: Cookies constantly added / Zeroaccess malware
Started by imigital, Sep 15 2012 04:44 PM
-
This topic is locked
Back to top
#2
Posted 16 September 2012 - 06:13 PM
-
- Members
-
- 2 posts
New Member
- Gender:Male
I RESOLVED THIS ISSUE
After posting I found this post, "I'm infected - What do I do now?"
Link= http://forums.malwar...owtopic=9573
WISH I WOULD HAVE FOUND THIS FIRST
So In downloaded Malwarebytes Anti-Malware 1.65.0.1400 and ran.
mbam-Quick-scan found and cleaned
Trojan.0Access
Rootkit.0Access
"McAfee Stinger" had failed to completely clean these for me!
THANKS, mbam
imigital
After posting I found this post, "I'm infected - What do I do now?"
Link= http://forums.malwar...owtopic=9573
WISH I WOULD HAVE FOUND THIS FIRST
So In downloaded Malwarebytes Anti-Malware 1.65.0.1400 and ran.
mbam-Quick-scan found and cleaned
Trojan.0Access
Rootkit.0Access
"McAfee Stinger" had failed to completely clean these for me!
THANKS, mbam
imigital
#3
Posted 17 September 2012 - 10:58 AM
-
- Moderators
-
- 13,194 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Quote
Backdoor trojan warning:ZeroAccess / Sirefef
This system has some serious backdoor trojans. ZeroAccess / Sirefef
This is a point where you need to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.
You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While one usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.
Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451
This system has some serious backdoor trojans. ZeroAccess / Sirefef
This is a point where you need to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.
You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While one usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.
Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451
You must take measures noted above for identity theft, and to change all passwords on a clean pc.
You cannot assume this pc is 100% clean.
You must do follow ups.
Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.scr here
or http://download.blee...om/sUBs/dds.com or
http://www.infospyware.net/sUBs/dds
Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop.
DDS.txt
Attach.txt
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.
Next, Click the Update tab. Press the "Check for Updates" button.
If prompted for a Restart, do that.
When done, click the Scanner tab.
Do a FULL Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the resulting MBAM scan log.
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
