Zombie or not

Custom / CUSTOM
March 14, 2010 at 07:19:12
Specs: Windows Vista, Intel pentium/4 GB
Early this week I received an e-mail with attachment forwarded by my brother in law and I opened the e-mail, not the attachment. Yesterday we met and he complained that he was suddenly receiving a lot of unwanted mail. When I asked him if he had forwarded anything to me told me he had NOT FORWARDED anything.

My question is threefold.

1. Is my brother in law's computer infected and has it become a ZOMBIE ?
2. How can I detect whether his machine is infected and has become a Zombie ?
3. If his machine is infected how can the infection be removed ?

Thank you for an answer.


See More: Zombie or not

Report •


#1
March 14, 2010 at 10:47:41
This is a good free spyware/virus removal tool, run it on the suspect computer and post the log in this thread.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
March 14, 2010 at 19:27:28
malwarebytes is great. If for some reason it doesn't work, run hijack this & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#3
March 17, 2010 at 03:28:58
Malwarebytes' Anti-Malware 1.44
Database version: 3872
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

16.03.2010 08:23:06
mbam-log-2010-03-16 (08-23-06).txt

Scan type: Quick Scan
Objects scanned: 115767
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ains (Trojan.FakeAlert) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{049652c3-55ae-4a6e-
84ce-0c5b733e8f82} (Trojan.BHO) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\Interface\{c1d4354e-c81a-4c16-
9c41-d6fb49aa31a8} (Trojan.BHO) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\CLSID\{f73dbd9e-5f1b-4bca-8604-
a911dce08b37} (Trojan.FakeAlert) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-
637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-
1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-
cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Ext\Stats\{f73dbd9e-5f1b-4bca-8604-
a911dce08b37} (Trojan.FakeAlert) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob)
-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind
(Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

Related Solutions

#4
March 17, 2010 at 06:00:36
I meant to post the hijack this log if anti malware didn't clear the problem. Was anti malware a success?

How do you know when a politician is lying? His mouth is moving.


Report •

#5
March 17, 2010 at 10:56:03
Success was reached in both computers. My brother's
machine yielded 17 infections, not strange for Ethiopia where
internet access is so slow that updating is a costly and
tedious affair. .The whole office of my brother in law received
"his" mail without it having been forwarded. So the whole
office is now using Malwarbytes.

Thanks for all the help

W.


Report •

#6
March 17, 2010 at 13:27:48
I'm glad it worked. Don't think that 17 infections are alot. I've seen machines with over 100 & it wasn't in Ethiopia.

How do you know when a politician is lying? His mouth is moving.


Report •

Ask Question