 |
 | Infected plz help |  |
|
johnathan
Guest
|
|
I was infected with either a virus or spyware earlier today. I was able to use system restore to get to where I am functioning again but I do not believe all is well. I ran adaware, Norton and spybot. Spybot had some artifacts that it could not remove. Norton found two entries. I have yet to reboot for fear that the malware will reappear. I need desperate help. Thanks in advance for any help.
|
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Since it appears that you might have some tough malware on your computer, I suggest that you go to CastleCops which has a nice forum with expert assistance for people needing help with malware at
https://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html CastleCops also has a routine for you to follow to do some self-cleaning. In fact, they ask that you do this before posting anything to their forum, so try it. The self cleaning information is at: https://wiki.castlecops.com/MRP Good luck. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
robart.hendory
Guest
|
|
---EDIT---
The link to "free" anti-spyware program referred in this post has been removed, because the software is not free. We do not allow promoting commercial software in our forum disguised as free. I will have to ban the poster's account should this happen again. Forum Admin ---EDIT--- |
|||||||||||
|
|||||||||||||
|
| |
|
Sean
|
|
I think I have a virus which is quite new as I couldnt find any information about that file name on the net, it is certainly not a vaild windows file.
File name: l6GM0JnQ.exe Location: system32 directory windows: XP service pack 2 I have a firewall, Comodo Firewall Pro... which gave me a few reports... "l6GM0JnQ.exe is an invisible application that has altered wmplayer.exe in the memory and is trying to access the internet"..... I denied access, and a few minutes later I get another report "l6GM0JnQ.exe is an invisible application that has altered jusched.exe in the memory and is trying to connect to the internet" .... denied again.... downloaded clamwin + the virus definations.... and I scanned that file... it comes up negative.... then... I get a report that "utorrent has modified clamwin.exe in the memory and is trying to access the internet"... that really got me... utorrent already has access to the net, cos im downloading stuff... and why whould utorrent do anything to clamwin!? or any other application for that matter..... Hence.. I think Its a virus which is hijacking apps which are running in the memory in an attempt to access the net under a different file name  .... I sent a report online.... any advices on what I can do about it now? Im pretty sure deleting that file wont do any good.... and since I dint find any info on the file, I have no clue about what it does... |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Upload the file in question to VirusTotal for a free scan with about 30 antivirus programs. Go to https://www.virustotal.com/en/indexf.html to upload. They also have a free script you can download to use in the future to automate the process.
I'm no expert, but let me suggest you try this: make sure Windows is fully patched and your security software is up-to-date. Then boot into Windows Safe Mode and run your antispyware and then your antivirus. If that doesn't help, you might reboot Windows and run an antirootkit. You can download Sophos' (free) at https://www.sophos.com/pressoffice/news/articles/2006/08/sophos-anti-rootkit.html and run it. Have it look at everything. When finished, it will tell you whether or not a file/process can be removed and if you should remove it. Follow the advice. If that doesn't help, you might download a trial copy of A Squared or Prevyx and try one of them. Finally, if nothing works, at https://www.bleepingcomputer.com/forums/forum25.html you can get free help with malware removal. It is an involved process, but they will help you until it's gone. Good luck! Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Sean
|
|
thanks Bob... but that virus turned out to be more of a pain really... what it did first was.... alter an exe (for example A.exe) which is running in the memory and use that A.exe's name to try and gain access to the net.. but as comodo(firewall) gives you the application thats trying to connect to the net, as well the parent application, I could see its name in the parent application... once I denied it access... it moved on the next exe... but what comodo said was that A.exe has altered B.exe in the memory and is trying to access the net. and it kept jumping through all the exes running in the memory. I got really fed up, deleted that file, and restarted the comp... might not have gotten rid of it, but yeah... so far so good......
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
It sounds like the malware may ahve been in memory only, which is somewhat unusual. Watch it for a while, however--keep your signatures updated, and scan more often than usual.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Infected plz help | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.