Infostealer.gampass {VERY NERVOUS} please help

Status
Not open for further replies.
S

smitnlit

Posts: 24   +0
This morning I logged on my system and got a High Risk alert from Norton that WON'T even come off my desktop that there is Infostealer.gampass in my
C:\windows\system32\mpps.dll file
I followed the tech guidelines and nothing came up in spybot and nothing came up in Antirootkit. I've attached my Hijackthis Log. I have no idea how this got on my system other than an email attachment and suddenly my private email was made public somewhere.
If anyone could help, I would GREATLY GREATLY appreciate it.
I'm running Windows XP.
Maryann
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Also, let me know the results of the AVG Antirootkit scan;
Hi Howard!

The Antirootkit scan came back with nothing and The AVG scan I stopped because the estimated time was 9 hours and I want to try to get this fixed today if possible. What is the combo kit? I don't see that listed in the intructions?
Did you look at the Hijack logo
Maryann

sorry --- "Did you look at the Hijack log?"

Can you tell I'm panicking?
 
Yes, I did look at your HJT log and your system is infected with several nasties, including the Trojan.Downloader-Gen/Win.Process.

You need to follow the instructions I gave you and post the requested logfiles.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Wait all 9 hours if you need to. Then howard will be able to help you better... and howard is the master of malware removal ;)
 
I`m sorry it`s going to take a while, but we really need to make sure we don`t miss anything.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard,
I started the AVG scan yesteday at 2:00 pm. It's now 8:15 am and still seems to be going. I don't want to touch it because it says that it will interrupt it if you touch the keyboard but this is quite a while. Do you think it's idling? It did pick up Win32 Adware Gen in the Startup menu. I'm not sure what that is. Maybe that's what caused the Norton message when I start the computer. Anyways, how long does this scan typically run? It doesn't seem to be doing anything new. It's at the same place it was when I went to sleep yesterday. Nothing new picked up.
What are your suggestions?
Maryann
 
Something`s not right. Stop it and follow the rest of the instructions. Post a fresh HJT log as well as a Combofix log.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok - Here are the logs
The message from AVG was
c:\Documents and settings\maryann\start menu\programs\startup\powereg\schedule.exe\ is infeced by Win32: adware-gen[adw]
(not sure if I did powerreg correct or if it is power reg)
Maryann
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
PowerReg Scheduler.exe
mppds.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts: 218.64.72.238 www.jjjjyyyy.com

O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.
C:\WINDOWS\mppds.exe
PowerReg Scheduler.exe<Search your system for this file and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as an AVG Antispyware log(if you can).

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howard,
In case I haven't said it, THANK YOU VERY MUCH!! I really appreciate all your help. :giddy:
Here is the new log for HJT. I couldn't find
01 Hosts: 218
04 - HKLM\... Run [mppds}
but was able to delete the other three
Also, I could not find mppds.exe
I did find Power Register on an EXTERNAL hard drive I have connected, and I deleted it.

I think this came in in the past week. I had a private email that suddenly became public this past week and I got email from EVERYWHERE. I'm going to have to make some changes to my email accounts. Unfortunately, I get attachments all day long that I have to open. Do you have any recommendations?

Here is my HJT log.
Maryann

By the way. AVG is finding the adware WITHIN Hijack This??? Anyways, when it detected it, I deleted it. Not sure if that was the corect thing to do. It says Current Scannter Status: Infected
Once it found the adware INSIDE Hijack this.

Howard I finally got a scan of my whole system for you with the antivirus program. I don'tknow where to find the .log file to post though. It did find 24 adware things and deleted all of them.
Maryann
 
I`m sorry for the delay in getting back to you.

Please can you post a fresh HJT log and an AVG antispyware log.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard,
I did get the AVG to work-BOY that's good software. I am going to have to pay to keep it. It blows NOrton away.
I THINK this is what you are looking for (WARNING.log)
It said it was able to DELETE all the infected files 24 to be exact.
Maryann
 
What programme did you use to get the log file you posted, because that`s not an AVG Antispyware log. See the instructions HERE.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
lol, I see now.

Don`t forget to attach a fresh HJT log after you`ve finished the AVG Antispyware scan.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Wow, I think i need to switch over to all these recommended programs for good.
Here are the reports you asked for. It did pick up stuff. Two HIGH alert things.
 
All items in your AVG Antispyware log say "No Action Taken". That`s because you didn`t tell AVG Antispyware to quarantine the results. See HERE for instructions.

Your HJT log is clean.

However, it appears you`re still running some bits of Symantec/Norton. See this post HERE for instuctions on how to remove Symantec/Norton.

Post a fresh HJT log as well as another AVG Antispyware log, once done.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ahhh...ok. So you think I should get rid of ALL of Norton? It does other things too though other than the virus protection. Here are my logs.
I'm sooo impressed with the virus program though that was recommended here.
Maryann
 
Delete the following bold File.

J:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp

Then, delete all files in AVG Antispyware quarantine.

Yes, I think you should get rid of Norton, It`s a real resource hog and isn`t that good at killing viruses either. Post a fresh HJT log once you`ve got rid of Norton.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Then, delete all files in AVG Antispyware quarantine.
I thought I did that already. All actions have already been applied.
If not, How do I delete them. I'm getting more confused.
Maryann
 
Run AVG Antispyware and click on the infections button. Click the select all button, followed by the finally remove button.

Regards Howard :)

This thread is for the use of smitnlit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
G
  • Locked
Inactive Major loser hacker with no life
Replies
1
Views
2K
Broni
Broni
Uncle Al
Uplay Lack of Support
Replies
4
Views
1K
Selena Anderson
Selena Anderson

Latest posts

Back