2 replies to this topic

[williams89]

Late last night I posted an image in an open conversation on Skype, this followed by someone telling me my IP address and threatening to "launch" a DoS/DDoS attack against me. They then showed a picture of my IP address loaded up in LOIC and proceeded to ask me if my internet was "running smooth".

I wasn't too bothered at the time as nothing appeared wrong, surely if he was successful I'd have no connection at all, so all I did was switch my router off and went to bed, woke up this morning and turned my router back on in hope that I would have been assigned a new IP. (which I was)

Like I said, had no problems at the time, but today I've noticed a couple of DNS errors when trying to load websites and my whole system seems more sluggish than usual.

I ran a quick scan on Malwarebytes but nothing came back, so proceeded in running a full scan (results below in a handy spoiler tag) and it came back with 2 casino spyware things (wasn't too worried) and "Backdoor.Cycbot.Gen". I quarantined all, deleted all, restarted computer, and for some reason had to re-install Malwarebytes (found rather peculiar).

I then ran another quick scan, to which nothing came back. But am still experiencing things rather sluggishness.

Other things to note:

Couple of months ago had a "xp security 2012" virus, assumed it was fully removed.

Last week my mother answared the phone to one of them scam artists claiming to be working with Microsoft and that they would help her remove some malware (she isn't very tech savy, the had got her to install the remote access software before she could tell me what was going on, I quickly took the phone off her, told them "politely" I knew what they were doing and hung up. I then restored her laptop to factory settings (as it was pritty new anyway) and re-installed Malwarebytes on her system, scans came back clean, ran scans on my laptop and the two other computers on the network and they were all clean. (all were off at the time off the phone call so i assumed they would be)

Logs as required in sticky post attached and full scan results.

Full scan results:

Spoiler

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.31.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
luke :: LUKE-PC [administrator]

Protection: Enabled

31/01/2012 20:32:01
mbam-log-2012-01-31 (20-32-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418443
Time elapsed: 4 hour(s), 39 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CelebPoker (PUP.Casino) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Poker\CelebPoker\_SetupPoker_ef1d26.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Users\luke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\560d5e64-5899d630 (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

(end)

Any help would be much appreciated. Thank you in advance.

Attached Files

•  Attach.txt   10.08K   9 downloads
•  DDS.txt   22.24K   10 downloads

[Maurice Naggar]

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!