hello, i tink i got a new Facebook virus
its link to atitta på denna bild hxxp://yuarel.com/facebook-album-10-05-15-JPG
and its a file who i have on desktop look like Facebook app
but no idea how to send it to avast, avast dont see it as virus,
hello, i tink i got a new Facebook virus
its link to atitta på denna bild hxxp://yuarel.com/facebook-album-10-05-15-JPG
and its a file who i have on desktop look like Facebook app
but no idea how to send it to avast, avast dont see it as virus,
I tried to have a look at it through Firefox virtualized but it’s not a pic, it’s a screen saver, and I don’t want to download it for testing
that shit did froze my pc and spam over my msn
Please go to PROFILE then Modify Profile then Forum Profile Information then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.
In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your chli_peppar hotmail.com email address.
hxxp://yuarel.com/facebook-album-10-05-15-JPG is .scr malware!
ok use this:
http://www.malwarebytes.org/mbam.php (although I swore I would never recommend it again, not very friendly guys over there)
run a quick scan with it, post the log here; if anything found follow the instructions and reboot.
Malwarebytes is very friendly to people that have malware and have a malware problem.
It i
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4104
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-05-15 21:39:53
mbam-log-2010-05-15 (21-39-53).txt
Scan type: Full scan (C:|)
Objects scanned: 158779
Time elapsed: 25 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) → Quarantined and deleted successfully.
its still not deleted
I suppose you were prompted for action and reboot no? did you do that?
edit: or is it something else now, your system’s still infected I presume…
Hi lets have a look see - you will need to attach the logs as they are large
Download OTL to your Desktop
[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\drivers*.sys /90
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
Hi forum users,
Be cautious with this website link: http://safeweb.norton.com/reviews/41176
http://www.unmaskparasites.com/security-report/?page=http%3A//yuarel.com/facebook
Suspicious inline script:
var gaJsHost=(("https:"==document.location.protocol)?"https://ssl.":"http://www.");
document.write(...
about what this malicious adcode does:
http://www.google.com/support/forum/p/Webmasters/thread?tid=524385eed6a23eb9&hl=en
and
var pageTracker=_gat._getTracker("UA-3938091-1");
pageTracker._initData();
pageTracker._trackPagevi...
code outside HTML which is suspicious…
Malware description here: http://forum.malekal.com/http-yuarel-com-facebook-jpg-20100511n-t25590.html
and can be found here: http://support.clean-mx.de/clean-mx/viruses.php?sort=satzart%20asc
seems all profiles are being tracked for dubious purposes…
A way that credential theft is being performed: http://evilcodecave.wordpress.com/2009/01/24/msn-credential-theft-httpzopblobcom/
Malware description: http://www.sophos.com/security/analyses/viruses-and-spyware/malvbinjectt.html
http://www.threatexpert.com/report.aspx?md5=ee04ef11df3b09a8235790af3521f520
and this somewhat earlier variant:
http://www.threatexpert.com/report.aspx?md5=39aa7adf2cb4d7b3d9b1cf319b983f5c
For succesful removal one needs:
polonus
Your file is too large. The maximum attachment size allowed is 200 KB.
Could you upload the main txt file to Mediafire and post the sharing link.
Have sendt sample to avast and malwarebytes…
Hi Pondus,
Thank you for forwarding this where this should go,
pol
Hi chabbo,
Pondus and Polonus are both interested in analyzing online malicious website malcoded scripts and help protecting against these. Pondus is a Norwegian and Polonus is Dutch, they are two different persons. But when malicious websites are being reported you may see their nicks here. Essexboy is a trained malware eliminator and to my experience he is one of the best around and whit malware removal you are lucky if he comes to the rescue,
polonus
arent pondus and polonodus same ppl?tjena grabben......hur mår ni.... ;) no i am me, and he is he.......polonus...... ;D
problem solve with Formate pc
but are both polonius working at Avast house there they build and work with avast or are they just sitting home and work for avast?