Solved "Recylcer" Malware

Post when you can.

 

hello juliet,

ok so i ran a few scans and it looks pretty good. Interestingly, kaspersky takes forever to scan, seeing as how i have some large zip files. On another interesting note, malwarebytes is working and i ran a scan with that.

so here is the report from kaspersky.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 19, 2009 22:02:23
Records in database: 1934944
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 15597
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 00:18:03


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxofjpthqiqvrjbphqfolwbwuwmexmttap.sys.vir Infected: Trojan.Win32.Tdss.ttk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxtkksccutknnowqlrquuuvxpmtachhhng.sys.vir Infected: Trojan.Win32.Tdss.ttk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxulncrpcfuxdklrlxswnsrigcdrjiwneq.dll.vir Infected: Trojan-Spy.Win32.Small.cbd 1

The selected area was scanned.
----------------------------------------------------------------------------------

THIS IS THE SCAN FROM MALWAREBYTES.


Malwarebytes' Anti-Malware 1.34
Database version: 1874
Windows 5.1.2600 Service Pack 3

19/03/2009 9:08:47 PM
mbam-log-2009-03-19 (21-08-47).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|)
Objects scanned: 98811
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------

PREVXEDGE REPORTS SMITFRAUDFX AS A HIGH RISK WORM.

 

Several scanners report tools we use as malware or suspicious..We're used to it but rather they update their virus bases.

Your scans have come back in good shape now.
What Kaspersky found we take care of in final cleanup.

Post back again and let me know if your malware issues have been resolved, I think we're ready for final cleanup and preventive tips.

 

Hi Juliet,

Here is the rest of the scan,

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 20, 2009 04:08:29
Records in database: 1936351
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
G:\

Scan statistics:
Files scanned: 24869
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:01:48


File name / Threat name / Threats count
G:\ZEESHAN\Zeeshan's Laptop\Program Installation Files\Additional Setup Programs\kramixer setup.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

The selected area was scanned.


I think we are clean. Sorry for the delay. Whats next?

 

We are, just a step or two for final cleanup.

G:\ZEESHAN\Zeeshan's Laptop\Program Installation Files\Additional Setup Programs\kramixer setup.exe<--you can delete this file, empty the recycle bin and reboot.



Next step is important.
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below





Your good to go, good job!

Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

I was using a wireless router, do i need to do anything to that. But otherwise, I think I am set to go.

 

You are probably OK on your wireless connection but since I have little knowledge on this I can suggest you go over to the Networking forum and let those who are "In the Know ", help you with that question.

http://www.windowsbbs.com/networking/

It's possible your already setup with a password protected connection, maybe not.
Would be good to let them help you set it up that way for security.

Other then that your good to go!

Safe Surfing.

 

Thanks for all your help. Computer running smoothly. just one question. Every time i start my comp, it does the windows system file check and scans the c drive. And it also flashes that windows recovery console screen before loading windows. is this normal?

 

thanks so much for all your help. The computer has been running safe and smooth for the last few days. i did have one question though. everytime i start the comp, it runs the windows system file check, with the blue screen where it scans the c drive. and then it briefly flashes the windows recovery console screen (the two options) and then windows loads. is this normal. It never used to happen before. but other than, all is well. thanks again.

 

Good deal!

The Recovery Console part is yes, it's breif and shouldn't have any effect on the computer really.

The part about system file check doesn't sound quite right to me.

Read over the below link and see if the suggestions here help.
http://www.bleepingcomputer.com/forums/topic103206.html

 

I ran CheckDisk through windows GUI (Right click volume > Properties > Tools....). Thats when the problem actually disappeared

how do i do this

 

Go to -> Start --Run - (type) cmd -hit the Enter key.
This will bring up a DOS style box with blinking cursor,

At the blinking cursor, type:
chkdsk /f /r (<--- notice the required space before the "/ "s.) then hit the - Enter key

CHECKDISK will inform you that it cannot be run because files are in use/locked, etc. and will invite you to allow CHECKDISK to run the next time you reboot your machine.

Type "Y" for yes, and then reboot.

The scans will take about 30-40 minutes, after which your machine will complete its boot into Windows.
You may be good-to-go after the CHKDSK, if it finds any bad-clusters and moves files to known good areas of your hard drive. However, if CHKDSK does find bad-clusters and moves files, it may be necessary to run CHKDSK a 2nd and even 3rd time, until all the bad-clusters are found and all of the affected files are safely moved.



Please go to Start -> Run -> type > cmd and press Enter. At the command prompt type
sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested. Then please restart your computer.

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.