Possible Poison Ivy nfection + maybe other rootkits etc

Status
Not open for further replies.
S

sip

Hi

i ahve been the victim of a copy of mcaffe antivirus which has a poison ivy based trojan infecting it.


i have surmised this from the appearance of either iexplore.exe or firefox.exe in the task manager list straight after mcaffe autoruns the installer. after some research it seems that this is a classic example of a hidden process for the poison ivy trojan or similar ones.

i have run HJT and will paste the log file below.

can you please advise what to do next? ie should i just format or continue and clean? also are there any ways of detecting this trojan as it doesnt seem to show up on anti spyware or any antivirus.

HJT log attached
 
I have one question if you say that you are using an infected copy of an antivirus, why are you still using it?

I would unistall it and get some other AV product,

Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
Reboot if it fixed anything.

You should get a firewall as well, either,

follow all the steps HERE and then post back with the three requested logs as attachments
  • AVG antispyware
  • ComboFix
  • Hijackthis (step 15)

Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
 
kritius said:
I have one question if you say that you are using an infected copy of an antivirus, why are you still using it?
Click to expand...

the trojan was loaded from an autorun in the root of the cd whereas the normal antivirus seemed to load with no problems so it got left as is.

and if i am going to need to format the HD then whats the point in sitting here through an uninstall and reinstalling another product just so i can wipe it.

  • AVG antispyware
  • ComboFix
  • Hijackthis (step 15)

Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Click to expand...

ok ill be back shortly with the logs
 
hjt attached

AVG antirootkit said nothing to report.

combofix didnt seem to do anything at all. just had a bar that went across for a moment and then thats it.
 
: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Attach the main.txt and the extra.txt in your reply.
 
Status
Not open for further replies.

Similar threads

DPennington
Report: Banking trojan attacks increased 16 percent YoY; Android attacks up three-fold
Replies
2
Views
1K
toooooot
T
RenaeB
Removed Virus and having multiple issues
Replies
3
Views
1K
Cycloid Torus
Cycloid Torus
DjKraid
Steam: How to spot scams and how to avoid them
Replies
0
Views
18K
DjKraid
DjKraid

Latest posts

Back