RE: Think I have a RAT on my comp - Quintus - 04-01-2011
Quote:I need 10 posts to PM you but I currently have 4 (including this). Is there anyway I can contact you via MSN or AIM? For now, I type in my passwords and username using the on-screen keyboard since I don't think keyloggers record the mouse clicks.
Oh yes, it does not. But I do think you do not have a keylogger. & never mind, just tell me of your reply here.
Quote:And question. If I system restore, wouldn't that bring back all the malware that I already cleaned off earlier?
However I asked you to "clean" your cache and not do a roll back.
Quote:And, I already did a MBAM scan and gave you the log in my last post, so do a scan again?
Yes, after doing the above.
RE: Think I have a RAT on my comp - Brandenx781 - 04-02-2011
Nope. I am not using hacking tools.
Step #1
Problems Encountered:
None
Step #2
Problems Encountered:
None
Step #3
Problems Encountered:
None
Step #4
Problems Encountered:
Found:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe
Checked And Fixed.
Link To Requested Logs:
HJT: (Before Removal) http://pastebin.com/6Xsg0yxS
(After Removal) http://pastebin.com/EGHE2a2Y
DDS: http://pastebin.com/9kV6Zbkw
Attach: http://pastebin.com/RVmNruxQ
ESET: http://img838.imageshack.us/i/esetscan.jpg/
MBAM: http://pastebin.com/J7wtbMT4
RE: Think I have a RAT on my comp - Quintus - 04-02-2011
I do believe you are not infected. Any symptoms? We'll just fix some irregularities.
- Step 5
Besides compromising network security, their association with illegal file-sharing creates legal liabilities for their employers. More often than not, companies aren't aware of software license violations and other infractions their workers commit through file-sharing.
More from 'this' article.
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer. Your system is at risk. Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I strongly recommend that you uninstall the following program(s) present in your system through Add or Remove Programs for Windows XP and Programs and Features for Vista and Windows 7:
-
Note: If you choose not to remove the program(s), please do not use them until this computer is clean.
Here is the list of Safe and Unsafe P2P Programs.
Clean
- Ares
- Azureus 2.5.0.0
- BitComet
- Bittorrent
- E-Mule
- Frostwire
- Limewire
- µTorrent
Unsafe
- Azureus Vuze
- BearShare
- Bitlord
- BittorrentUltra
- iMesh
You can see more of that 'here'.
- Step 6
Your current copy of Java Runtime Environment is outdated. Older versions contain vulnerabilities therefore it is essential that you update it.
- To get the latest version of Java please go 'here'.
- Go to 'Start' > 'Control Panel' > 'Add or Remove Programs'.
- Search in the list for all previous installed versions of Java. You currently have:
- Java 6 Update 13
- Java SE Development Kit 6 Update 7
- Choose 'Uninstall'.
- Now install the version(s) you downloaded earlier.
- Step 7
Viewpoint Manager is considered as foistware (click 'here' for more information) instead of malware since it is installed without users' approval but doesn't spy or do anything labeled as bad.
This changed in 2006:
"Viewpoint will develop a behavioral targeting product in 2006, execs said during the company's Q3 earnings call.
It will work by collecting clickstream data on users who have installed the Viewpoint media player, then using that data to target ads and content on the company's partner sites. Viewpoint claims 120 million users have installed its player."
More from 'this' article.
Your HiJackThis log reveals that you have View Point Manger installed. You are well advised to remove the program now.
- Go to Start > Settings > Control Panel > Add or Remove Programs.
- Remove the following programs if present and then restart your computer:
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Step 8
Internet Explorer
I ask that you do not disregard this step whether you are using Internet Explorer or not as your main browser. Please be advised that though you don't seem to be using this, I can assure you that most of your everyday applications uses this browser's technology to update thereby solidifying the necessity to update it.
Please download the latest version (version 9.00) from 'here' and install it.
- Step 9
Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
- In your next post, please provide the following:
- Deckard's System Scanner (DDS) Logs
- Format of Response
Code: [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]
- Comments:
- You may now uninstall "ESET Online Scanner v3".
RE: Think I have a RAT on my comp - Brandenx781 - 04-02-2011
Nope, no symptoms.
Step #5
Problems Encountered:
None
Step #6
Problems Encountered:
None
Step #7
Problems Encountered:
None
Step #8
Problems Encountered:
Could not download version 9 due to my windows not being upgraded. I use windows XP.
Step #9
Problems Encountered:
Did not find:
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
Link To Requested Logs:
DDS: http://pastebin.com/n9yW0Awt
ATTACH: http://pastebin.com/EMCFLFSN
RE: Think I have a RAT on my comp - Quintus - 04-03-2011
- Step 10
We need to unregister certain services in your system.
- Open Notepad.
- Copy and paste the content below.
Code: @echo off
sc stop EagleXNt
sc delete EagleXNt
sc stop McNaiAnn
sc delete McNaiAnn
sc stop IlvMoneyDRIVER53
sc delete IlvMoneyDRIVER53
sc stop npggsvc
sc delete npggsvc
del %0
- Save it as Fix.bat.
- Run the file as Administrator.
- Reboot.
- Step 11
Please set Windows XP to show both hidden and system files and folders so that you can find specific files to delete.
- Click Start and navigate to My Computer.
- On the Tools menu, click on Folder Options.
- On the View tab, uncheck the following:
- Hide file extensions for known file types
- Hide protected operating system files (Recommended)
- Click Yes on the warning message.
- Under Hidden files and folders, check Show hidden files and folders.
- Click Apply to All Folders.
- Click OK and close My Computer.
Note: I will give you instructions for hiding them again once your system seems clean.
- Step 12
We need to do a quick check.
- Go to 'VirusTotal'.
- Click Choose File.
- Copy and paste the exact file name(s) in bold (if there are more than one file listed, please open multiple tabs):
- c:\windows\Kkexeceweweciqu.bin
- Click Send.
- Copy and paste back the link(s) to the result(s) once VirusTotal has finished scanning the file.
- Step 13
Download SUPERAntiSpyware.- Install it and let it check for updates.
- Perform a complete scan and let it remove everything it finds.
- Once done, post the log here and provide the link to this thread.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- SUPERAntiSpyware Log
- VirusTotal Results
- Format of Response
Code: [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]
- Comments:
- Update your ESET Smart Security 4.2.
- Please check whether you have the following installed, and if you do, please uninstall them.
- McAfee VirusScan
- McAfee Personal Firewall
RE: Think I have a RAT on my comp - Brandenx781 - 04-03-2011
Step #10
Problems Encountered:
None
Step #11
Problems Encountered:
None
Step #12
Problems Encountered:
I uploaded the file, but the page just refreshes without giving me any report. It sends but then the page just refreshes. However, I uploaded other files, and it gave me the reports.
Step #13
Problems Encountered:
None
Link To Requested Logs:
HJT: http://pastebin.com/UPhKCBb6
DDS: http://pastebin.com/QChWeDgJ
ATTACH: http://pastebin.com/NdPR0zHu
SUPERAntiSpyware: http://img823.imageshack.us/i/superanti.jpg/
VirusTotal: See Step 12 problems.
McAfee is uninstalled.
I am unable to update my ESET Security because of the program itself. This is a program I got off HF (Hackforums) which the program is cracked.
http://img851.imageshack.us/i/eset.jpg/
RE: Think I have a RAT on my comp - Quintus - 04-03-2011
I see. Because it has zero bytes. How silly of me. You need to fully uninstall McAfee. You may do that by following this guide.
BTW, would you mind if I ask you to get a new Anti-Virus? If you do not, you may pick from this list. Install this after uninstalling ESET.
- Step 14
"An antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware."
I noticed that you do not have an anti-virus installed in your system presently. Do understand that you are making yourself defenseless against malware. Though it is plausible that caution can somehow prevent infection, it is still advisable to install an anti-virus. An anti-virus and a firewall are crucial to your system's security. Without both, reinfection is imminent after a clean. Here are lists of well-known and proven softwares.
- Free Anti-Viruses
- A-Squared Free
- Emsisoft's A-Squared boasts two scanners: Anti-Spyware + Anti-Virus. It has topped the detection test performed by the Malware Research Group in June 2009. In addition, considerable performance improvement is possible thanks to the integration of the two engines on the lowest level.
- Avast! Free
- Avast! Free anti-virus is perfect for people who send e-mails and surf popular websites. It has a state of the art scanning engine provides reliable protection against viruses, spyware and other forms of malicious software.
- Avira AntiVir - Personal Edition
- Avira AntiVir protects your computer against dangerous viruses, worms, Trojans and costly dialers. It is known to have the highest detection presently and it is from a reputable company.
- BitDefender Free Edition
- BitDefender Free Edition uses the same ICSA Labs certified scanning engines found in other BitDefender products, allowing you to enjoy basic virus protection for no cost at all.
- PC Tools AntiVirus Free
- PC Tools AntiVirus Free provides basic protection against known viruses, worms and Trojans. You are protected against basic cyber threats attempting to gain access to your PC.
- Paid Anti-Viruses
- Avast! Pro Antivirus
- Avast! Pro Antivirus is a full-featured antivirus software. Better than their free anti-virus, especially for web surfing, but without the firewall and anti-spam included in Avast! Internet Security. Also if you wish to customize your security, this is the recommended software.
- Avira AntiVir Premium
- Avira AntiVir Premium contains all the things its free version has plus real-time on-access scanning, profile-based on-demand scans and scheduling of full system scanning and updates, it offers premium protection.
- ESET NOD32 Antivirus
- ESET NOD32 Antivirus 4 sports the fastest, most effective technology available to protect you from viruses and spyware without slowing you down while you work or play.
- Kaspersky Anti-Virus
- Kaspersky Anti-Virus 2010 – the backbone of your PC’s security system - offers protection from a range of IT threats and provides the basic tools needed to protect your PC.
From the list above, choose one, click on the name of the program that suites you best, download it and proceed to the installation. You can either choose the free version or purchase a full version. Regardless, having one is truly an aid to your computer's defense capability. If you are having a hard time choosing, consider looking at 'AV-Comparatives: Anti-Virus Comparative February 2010'. If you'd rather let me pick one for you, please allow me to do so by telling me your Internet usage, computer specifications such as your Operating System, Service Pack version and other relevant details.
RE: Think I have a RAT on my comp - Brandenx781 - 04-03-2011
Should I get the free version, or find a cracked full version on HF? I'd purchase a real full version but I have no money as of now.
Any Suggestions?
And Internet Usage, like browser history or?
System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3
Intel®
Celeron®
2.53 GHz
512 MB of RAM
RE: Think I have a RAT on my comp - Quintus - 04-03-2011
Quote:Should I get the free version, or find a cracked full version on HF? I'd purchase a real full version but I have no money as of now.
I will go against finding a cracked version. The free ones work fine.
Quote:Any Suggestions?
And Internet Usage, like browser history or?
System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3
Intel®
Celeron®
2.53 GHz
512 MB of RAM
Oh, it seems like we have a problem with your computer specifications. I would say, either Avast! or Avira. Please install one of the latter, only after fully uninstalling McAfee and ESET.
RE: Think I have a RAT on my comp - Brandenx781 - 04-03-2011
The Add/Remove program did not detect McAfee
Steps from the guide:
"Step 1 - Uninstall your McAfee consumer products using Add/Remove Programs in the Windows Control Panel
Windows XP
Click Start, Settings, Control Panel.
Double-click Add or Remove Programs.
Select the McAfee SecurityCenter product.
Click Remove and follow the steps provided."
But It's not in the Add or Remove.
http://img153.imageshack.us/i/mcafaee.jpg/
But I do see a folder of it in C:
You mean this?
http://img405.imageshack.us/i/mcafeeee.jpg/
|