3 replies to this topic

[RoyBoy]

Wanted to start by saying Malwarebytes kicks ass, it found the a registry entry which led me to the exe in the recycle bin that was hijacking browsers. I had to do Safe Mode with Command Prompt to remove it manually (I saved a sample if needed) so now the affected computers, USB sticks are fine.

My question involves the task(ignore brackets)man registry entry as it is being recreated upon boot; and I'd like to track that down.
Is this the correct section to ask this? As I'm technically no longer infected.

I have extensive notes, samples, and a ComboFix report, but I'm paranoid of posting them on an open forum,
lest the virus authors come across this and change things. I had all the details written here,
but then made my post supremely vague and short.

I just want to help Malwarebytes track down all strategies of this (possibly) new variant as it helped a great deal with my I.T. work,
without tipping off the bad guys. I suppose I can attach everything into a file and upload that, but I'll await advice.

The .zip of my notes and samples is 109k,
including every file from from my task(ignore brackets)man search of the C: is 773k;
they are mostly inf's.

[miekiemoes]

Hi,

If you rather don't want to post logs etc on this forum, then contact me via PM and send the logs (combofix log and Mbam log) via PM to me.

Thanks

[RoyBoy]

There you go, appreciated.

Regards,

RoyBoy

[RoyBoy]

Here are samples of the virus, and the files that appeared in the Recycler after manual removal.
Hopefully this can help track down what file is creating the task(blank)man registry entry,
that is now pointing to a deleted exe.

<< attachement deleted >>

Edited by miekiemoes, 10 May 2009 - 11:09 PM.