Solved infostealer.gamepass ssqpo.exe

You can just email it to me here and I'll post the relevant parts tomorrow. Put RE: smitRem in the subject line.

 

heya sent you an e-mail hope you got it....

catch you later!

regards,

T

 

Here's the guts of those scan results.

===== Details =====

Number of items = 32
Number of viruses found: 7
Number of infected objects: 32
Number of suspicious objects: 0

C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__fakeup1x_leecher.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__fakeup1x_leecher_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__fakeup1x_seeder.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__fakeup1x_seeder_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__mult10_leecher.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__mult10_leecher_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__mult10_seeder.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__mult10_seeder_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__noreport.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__noreport_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__org.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__org_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__report.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__report_emu15.exe --> Monitor.Win32.KaGB.a
C:\Program Files\seba14mods\utorrent 1.6.1. build 490 Leecher Pack\utorrent 1.6.1 (490)__stealth.exe --> Monitor.Win32.KaGB.a
C:\Program Files\uTorrent\utorrent 1.6.1 (490)__mult10_leecher.exe --> Monitor.Win32.KaGB.a
C:\WINDOWS\system32\btwebcontrol.dll --> Dialer.Win32.BT.g

===== Viruses quarantined by other scanners: =====

Number of items = 15
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine
Exploit.Java.ByteVerify
Trojan-Dropper.VBS.Inor.cz
Trojan.Java.ClassLoader.d
Trojan.Java.ClassLoader.Dummy.d
Trojan.Java.ClassLoader.h

As you see, quite a number of the uTorrent modules are flagged as malware ...... it's due to their behavior. More info below in regards to P2P apps in general.

btwebcontrol.dll is generally associated with BTopenworld, a UK based broadband provider, hence the Dialer tag. Likely to be legit if you use BT. Check the properties of that file and see if it does indeed belong to BT.

Which leaves infections quarantined by Norton. You can remove those via the Norton interface.


Now, you are another lucky recipient of my standard speech for P2P users

P2P - I see you have P2P software ([color= "Red"]uTorrent[/color]) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


Everything appear to working as it should?

 

hello! thanks for the reply!

yes will get rid of the P2P stuff... your wish is my command...


everything seems to running fine...

regards,

tom

ps
Norton scan still shows up the virus... but its ok as its in the quarantine... right?

 

Lets clean up now. If you haven't already done so, remove all items in quarantine by Norton.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


Now, download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot



That should wrap things up. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

Hey,

Thanks again for all the time & help you have given me. If there is anything I can for you confused:) please dont hesitate to contact me.

THANKS A BUNCH!!!

Best Regards.

Tom

 

I was happy to have helped, Tom. You're quite welcome.