Virus

americancritic

americancritic

Vista Guru
Gold Member
Hello

I just ran a full scan with malwarebytes and it says I am infected. this is how it reads..

Trojan.MSIL c:\program files (x86) pc-doctor 5 for windows...

I have let malwarebytes open and have not done anything yet so I am hoping for some help here real quick,,,Thank You


Tom
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
Let MalwareBytes deal with it
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD 1 x 120GB Hitachi 5400rmp 1 x 650GB Western Digital Elements 5400rpm 1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset. Only ever used a laptop. Also use USB Freeview TV Card Lenovo Docking Station External Speakers Other bits a pieces as needed
Hello Again

Now my AV says this:

2/27/2011 suspicious malicious URL fcc842C23c568362
[link removed]

I am hoping again for some help on this one as it seems to be more complicated...

Thank You

Tom
 
Last edited by a moderator:

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
Is that in your AV or MalwareBytes?
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD 1 x 120GB Hitachi 5400rmp 1 x 650GB Western Digital Elements 5400rpm 1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset. Only ever used a laptop. Also use USB Freeview TV Card Lenovo Docking Station External Speakers Other bits a pieces as needed
Hello and yes the second one is in my AV which is Kaspersky Internet security 2011 I have has them since 2008.
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
It should put the file into quarantine where you can delete or restore it if you want.
I would delete it myself if I trusted my AV.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD 1 x 120GB Hitachi 5400rmp 1 x 650GB Western Digital Elements 5400rpm 1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset. Only ever used a laptop. Also use USB Freeview TV Card Lenovo Docking Station External Speakers Other bits a pieces as needed
Hello I am running another full AV before I delete but here is the one from malwarebytes.
 

Attachments

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
If you are uncomfortable, Ill get Jacee. She will know what to do.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Hello Rich the one that I am not sure about is this one. I will upload 2 screenshots and I did send a PM to Jacee but she must sleeping by now.

I am hoping it is not to bad, the only thing i can think of is that I had to uninstall Norton before I could download Kaspersky since I have prepaid for 2 years. It might have been during that time when this got in.

Thank You

Tom
 

Attachments

  • K1.jpg
    K1.jpg
    66.8 KB · Views: 44
  • K2.jpg
    K2.jpg
    26.3 KB · Views: 26

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
Bottom line
If your AV can delete or quaranntine, you are ok.
If not wait for Jacee.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
This is the IP for the suspicious URL:

IP Information for 78.26.187.191
IP Location: Ukraine Odessa Renome-service: Joint Multimedia Cable Network
ASN: AS34187
Resolve Host: vps70-15.elaninet.com
IP Address: 78.26.187.19
NS.ELANINET.COM 195.245.118.2
NS3.ELANINET.COM 195.245.118.35




Trojan.MSIL http://www.microsoft.com/security/p...a/Entry.aspx?Name=Trojan:MSIL/Fakeinstaller.A

Are you 'file sharing'? Or did you just recently download a new program?
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hello after I did the restore I re downloaded logonstudio thats the only thing but from there website not from outside, so what do you recommend at this point I have not deleted it it is still in the AV.

Thank You

Tom
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz) Modem: 56K WinModem/ Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive Menory Card Reader: 15-in-1 Multimedia Card Reader Media Drive
Go ahead and get rid of it. :)
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
You must log in or register to reply here.
Back
Top