TechSpot

Infostealer.gampass infection

By Poi45iop
Jan 27, 2009
  1. mflynn

    mflynn TS Rookie Posts: 2,793

    Run MBAM click Logs. Attach back the bottom 2 logs!

    Then run ComboFix to be sure!

    After this I think we will be clean and any remaining issues should be system and not malware related!

    A status report of how computer is running and what we need to address now!


    Mike
     
  2. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    the rootkit revealer service cannot run/install
     
  3. mflynn

    mflynn TS Rookie Posts: 2,793

    It could be the Virus scanner or other security protections on your computer.

    Try the install in Safe Mode and don't just double click, rt click and chose Run as Administrator.

    What are we down to now, what are the remaining issues.

    Mike
     
  4. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    The remaining issues will be stated as soon as i have time to compile them. One major one would be that there is not the slightest garuntee that i have gotten rid of the main virus
     
  5. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    the other log file is too big
     
  6. mflynn

    mflynn TS Rookie Posts: 2,793

    You may have gotten it that time. There were several new ones found and deleted.

    You may be getting reinfected, from a website, email, music or video file

    These were all related to P2P file sharing!

    Update and run both MBAM and SAS quick scans to confirm no more found.

    Follow that with a ComboFix scan.

    Mike
     
  7. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    How is it that they are all related, when most are components of programs that have been recently installed?
     
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    How?

    You apparently downloaded and installed infected programs!

    Not saying the programs are bad but the place you got them likely was already infected when you downloaded them.

    youtube downloader app (Trojan.Downloader) -> Quarantined and deleted successfully.
    psp video 9 (Trojan.Downloader) -> Quarantined and deleted successfully.
    videora ipod touch converter (Trojan.Downloader) -> Quarantined and deleted successfully.

    Mike
     
  9. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    I appologize, i meant to say "How do you know they are all related with P2P"
     
  10. Poi45iop

    Poi45iop TS Rookie Topic Starter Posts: 36

    It may help me understand the source of the infection
     
  11. mflynn

    mflynn TS Rookie Posts: 2,793

    Well these are all P2P related items found in your logs!

    (BitTorrent, Inc.) -- C:\Users\Poi45iop\Program Files\DNA\btdna.exe
    mIRC"=mIRC
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent"=BitTorrent
    "BitTorrent DNA"=DNA
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    But they can come from a bad non p2p site. Some Game and Casino sites are bad for this.

    OK I think we need the list of items remaining to fix! Something specific to address.

    Mike
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.