When I open a browser I can hear clicking in the background and when I open my hotmail email account the virus/trojan or whatever it is sends out an email to all of my contacts with a link that I suspect will cause their computers to get infected if they click on it.
I ran Avast and tried deleting the files and tried moving the files to the chest but the alerts keep coming up.
System: Microsoft Windows XP Media Center Edition Version 2002 Service Pack 3
Dell Inspiron I6400 Genuine Intel (R) CPU T2050 @ 1.60GHz 1.60 GHz, 0.99 GB of RAM
Internet Explorer Version 8.0
I run Automatic Updates for Windows, use Avast, Spybot, TeaTimer, Windows Firewall
I think I got infected when someone was checking their hotmail email and clicked on a link in an email send from one of their contacts. I suspect this since they received multiple copies of the same email with the same link. This problem started taking place immdiately after they clicked on that link. Now when opening an Internet Explorer browser, the malware will send out 4-6 emails to their hotmail contacts with the same link. This is the malware’s way to propogate itself and infect other computers.
I ran Malwarebytes yesterday and again just now. Attached are the logs from the 2 scans. I just installed SUPERAntiSpyware ran it and quarantined them. Attached is the scan log.
After running Malwarebytes and SUPERAntiSpyware, I am still getting the virus alerts from AVAST indicating that this file is infected. C:\Program Files\Internet Explorer\pdm2.dll
Please advise thoughts and recommended next steps.
Have a go with this program. I don’t know much about it.Its similar to HijackThis.When its finished, at the bottom choose save log.Then post the log here http://www.freefixer.com/download.html
Attached is the FreeFixer log. Please let me know what you think and next steps.
The alert now indicates that again this files is infected. C:\Program Files\Internet Explorer\ielowutil2.exe
This malware gets into hotmail as soon as a browser is opened and sends out 4 emails to all contacts with a link that I am guessing will install the malware on others computers if they click on it. Note, I am not logged into hotmail or have it opened in the browser when this takes place.
Attached is a screenshot of the email.
This is the URL in the link. DO NOT CLICK ON IT. THIS IS A FYI SO YOU KNOW WHAT IT IS AND TO ASSIST WITH ANALYSIS AND PROBLEM RESOLUTION. I ADDED OBVIOUS SPACES TO PREVENT SOMEONE FROM CLICKING ON IT BY ACCIDENT
http:// julianasv.cwsurf.de/amoreninha/??dermilats?&&d=index02983convite652. doc
More info. I changed the password on the hotmail account to prevent further malicious messages to all contacts. (At least I hope this will prevent it.)
I looked in the SENT folder and found that the malware was sending an email to lasalvia03@gmail.com showing the hotmail username, password, then a list of emails from the address book. Here is one of the subject lines LOG V.1.0.5.5 1549926222 - 03/01/2010 14:33:30 Can’t believe this thing hijacked the computer and email account like this.
Sorry if you run FF again, put a tick in the boxes next to the 3 entries with pdm2.dll and ielowutil2.exe, then choose the fix button, this may require a reboot.However if MBAM cannot delete them, there is probably something else underlying that is not being picked up
Ok… I think I fixed it. I ran FreeFixer again and followed your instructions. The problem continued.
I then tried to install http://www.freedrweb.com/cureit/?lng=en but could not get it to download.
Then installed and ran http://www.surfright.nl/en/hitmanpro this is the key part. On the first scan I forgot to deactivate Avast. HitManPro quarantined ntkrnlp.exe
I then deactivated Avast and ran the scan again. This time it deleted these two files.
c:\Program Files\Internet Explorer\pdm2.dll
c:\Program Files\Internet Explorer\ielowutil2.exe
I rebooted and no more alarms from Avast. I then deactivated Avast, ran Malware Bytes Anti Malware again and it did not find any infected files. I have been surfing the net and no alarms for the moment. So…… my fingers are crossed that the issue is resolved.
Please let me know if there is anything else I should consider or do.
Thank you for your support. I would not have been able to correct this issue without it. I had never heard of these tools and had no clue why Avast and Spybot Search and Destroy and so many other tools could not fix the problem. Thanks again!!
