Infostealer.gampass infection

[mflynn]

Run MBAM click Logs. Attach back the bottom 2 logs!

Then run ComboFix to be sure!

After this I think we will be clean and any remaining issues should be system and not malware related!

A status report of how computer is running and what we need to address now!


Mike

 

[Poi45iop]

the rootkit revealer service cannot run/install

 

[mflynn]

It could be the Virus scanner or other security protections on your computer.

Try the install in Safe Mode and don't just double click, rt click and chose Run as Administrator.

What are we down to now, what are the remaining issues.

Mike

 

[Poi45iop]

The remaining issues will be stated as soon as i have time to compile them. One major one would be that there is not the slightest garuntee that i have gotten rid of the main virus

 

[Poi45iop]

the other log file is too big

 

[mflynn]

You may have gotten it that time. There were several new ones found and deleted.

You may be getting reinfected, from a website, email, music or video file

These were all related to P2P file sharing!

Update and run both MBAM and SAS quick scans to confirm no more found.

Follow that with a ComboFix scan.

Mike

 

[Poi45iop]

How is it that they are all related, when most are components of programs that have been recently installed?

 

[mflynn]

How?

You apparently downloaded and installed infected programs!

Not saying the programs are bad but the place you got them likely was already infected when you downloaded them.

youtube downloader app (Trojan.Downloader) -> Quarantined and deleted successfully.
psp video 9 (Trojan.Downloader) -> Quarantined and deleted successfully.
videora ipod touch converter (Trojan.Downloader) -> Quarantined and deleted successfully.

Mike

 

[Poi45iop]

I appologize, i meant to say "How do you know they are all related with P2P"

 

[Poi45iop]

It may help me understand the source of the infection

 

[mflynn]

Well these are all P2P related items found in your logs!

(BitTorrent, Inc.) -- C:\Users\Poi45iop\Program Files\DNA\btdna.exe
mIRC"=mIRC
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

But they can come from a bad non p2p site. Some Game and Casino sites are bad for this.

OK I think we need the list of items remaining to fix! Something specific to address.

Mike