Att: Essexboy. Worried about malware & keyloggers

Hi!

I think I might have/have had some viruses on my computer. I am especially worried about keyloggers since one of my passwords had been changed and I have had problems with logging in to several sites. The steps I have taken now is;

  • Scanned with AIS and removed the 2 infected files
  • Scanned again and didn’t find any more infected files (just some locked, and uppacked bombs (?))
  • Restored the system to a point when it worked as usual

See my first thread about this: http://forum.avast.com/index.php?topic=97675.0

How can I be COMPLETELY sure that i don’t have any crap left? Can you help?

I would appreciate this A LOT.

Thank you in advance,

Firmafest

tjena grabben :wink:

follow essexboys guide and attach the logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

then he may see if you have anything suspicious

* Scanned with AIS and removed the 2 infected files * Scanned again and didn't find any more infected files (just some locked, and uppacked bombs (?))
what was found.....location and malware name avast gave?

Haha! Här var det någon som förstod mitt screenname :wink:

I have started with the malware-scan now and I’m hoping to do everything right so Essexboy can read my files.

The 2 infected files was named something like “Kleerup.3.am” which I found out is a song by Kleerup that I’ve never heard, and therefore never downloaded. And I don’t know where they where found so that’s strange.

Now the scan I did with Malwarebytes Anti-Malware is finished and it didn’t find anything. Should I still go through with the other steps? Just in case or?

This is a copy of the MBAM-file

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databasversion: v2012.04.26.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ADMIN :: LINNEASDATOR [administratör]

2012-04-26 14:19:50
mbam-log-2012-04-26 (14-19-50).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 242346
Förfluten tid: 8 minut(er), 54 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

Haha! Här var det någon som förstod mitt screenname
yepp..... det er mange blå / gule her inne... og jeg er naboen ;)
Now the scan I did with Malwarebytes Anti-Malware is finished and it didn't find anything. Should I still go through with the other steps? Just in case or?
yes..... aswMBR will show rootkits and OTL is a system diagnostic that will show lots of stuff

Here are my 2 logfiles from the OTL-scanning. I could’t find how to check the encoding on the files.

Had two split them into two posts.

In the middle of the scan with aswMBR the programme stopped working and cancelled the programme and the scan. Why? What to do? Essexboy?

seems to be lots of McAfee files in there…

was your computer delivered with McAfee when new?
did you uninstall it before installing avast?
did you run a removal tool to clear any leftover files that may conflict?

run and reboot - Uninstallers – Security Software
http://singularlabs.com/uninstallers/security-software/

Run aswMBR again, but in the AV Scan: type dropdown list, select None rather than Quickscan. As has been mentioned you appear to have lots of remnants of McAfee so that could be impacting on the scan.

Thanks guys. It worked when i changed the dropmenu to “none”.
Why didn’t it work the way it was suppose work? (Sorry for my stupidity :))
I’m attaching the scanfile.

As I said “you appear to have lots of remnants of McAfee so that could be impacting on the scan.”

Having multiple resident AVs or remnants can bring the two AVs into conflict.

The McAfee removal tool can be found here http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

There is nothing apparent in the logs - are you experiencing any anomolies ?

I’ve already removed all of McAfee before my previous post and it still didn’t work to do the first scan (quick scan). It only worked with "none"scan.
I’m not experiencing anything strange now so I just wan’t to make sure all viruses are gone.
As said, Avast found two infected files and I removed them.
So it’s all ok now?

It appears to be as far as I can see

Now when I looked at a file with mp3s they kind of moved around on their own. So I scanned with avast again and now what seems to be the same two files as I removed previously where back (infected files).

What the h#ll should I do? I can’t take it anymore.
How can it be back when I have a good anti virus program in full function?
Heeeelp! I’m just a girl and I don’t understand this at all. :frowning:

OK lets see what other infected MP3’s there are

Once you have the zip file could you upload it to mediafire and post the sharing link http://www.mediafire.com/

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/avpsettings.gif

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPAnalysis.gif

On completion click the link to locate the zip file to upload to mediafire

http://i1224.photobucket.com/albums/ee362/Essexboy3/AVP%20shots/AVPZiplocation.gif

At the first scan it did’nt find any threats so there wasnt anything to save.
When Im trying to open the zipfile from the analysis a window appears:
““long harddrive name” is refering to a place thats not avalible.
It could be a harddriveon this computer or on a network.
Check that the disk is correctly connected and that the compupter is connected to internet and the network.
Then try again. If the place still can’t be found it may be that the information has been moved to another place.”
What shoud I do now…?

Could you re-run the analysis only scan one more time to see if it can locate it