Sign In
Create Account
1
Hi, today I mistakenly installed this one on my laptop. I restarted the computer and looked at each running processes and did not see anything particularly suspicious but I might be wrong. Now my question is how do I know where I installed it and how to get rid of it?
Thanks a lot.
-
This topic is locked
Back to top
#2
Posted 23 October 2009 - 09:44 PM
-
- Moderators
-
- 16,158 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Hi galaxyforce and welcome to the MBAM forums 
If thats the same malware as reported here>>>
http://www.malwareby...showtopic=28545
by the same name then it was a Zeus trojan which is a password stealer with rootkit stealthing incorperated(This might explain why your not seeing any suspicious process as it is hidden).
MBAM should be unloading the Zeus trojan if it is installed so run MBAM quick scan with updated databases,allow it to remove what it finds and then reboot immediately.
If thats the same malware as reported here>>>
http://www.malwareby...showtopic=28545
by the same name then it was a Zeus trojan which is a password stealer with rootkit stealthing incorperated(This might explain why your not seeing any suspicious process as it is hidden).
MBAM should be unloading the Zeus trojan if it is installed so run MBAM quick scan with updated databases,allow it to remove what it finds and then reboot immediately.
#3
Posted 24 October 2009 - 02:53 AM
-
- Members
-
- 2 posts
New Member
Hi, Ade,
Thanks for the quick response. I downloaded MBAM and it indeed got rid of several infected files/programs. Thanks a lot for your help. If you don't mind, may I ask what does "rootkit stealthing" mean? Does this kind of virus still need to save a file on a computer and get called when the system starts? I saw in my startup menu there are two DLLs called "idakuladol.dll". I tried to disable them during startup but for one of them I could not. Sounds suspicious to me. I googled and could not find any match to that word. MBAM did not think that dll is bad, though.
Best,
John
Thanks for the quick response. I downloaded MBAM and it indeed got rid of several infected files/programs. Thanks a lot for your help. If you don't mind, may I ask what does "rootkit stealthing" mean? Does this kind of virus still need to save a file on a computer and get called when the system starts? I saw in my startup menu there are two DLLs called "idakuladol.dll". I tried to disable them during startup but for one of them I could not. Sounds suspicious to me. I googled and could not find any match to that word. MBAM did not think that dll is bad, though.
Best,
John
#4
Posted 24 October 2009 - 10:34 AM
-
- Moderators
-
- 16,158 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Hi John,
Rootkits can perform many different functions,they can hide their own active process,files and registry keys/data inorder to mask their presence on an infected computer.
Most advanced rootkits requires specialised anti-rootkit tools inorder to expose their presence or activities so as malware goes they operate on a whole new level above conventional malware.
Right for now i will direct you down to our HJT help forum just to get a second opinion that all active malware has been removed from your PC.
Rootkits can perform many different functions,they can hide their own active process,files and registry keys/data inorder to mask their presence on an infected computer.
Most advanced rootkits requires specialised anti-rootkit tools inorder to expose their presence or activities so as malware goes they operate on a whole new level above conventional malware.
Right for now i will direct you down to our HJT help forum just to get a second opinion that all active malware has been removed from your PC.
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
- NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
