Announcement

Collapse
No announcement yet.

Paypal compromised, virus? HJT log

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cerwin_Vega
    replied
    This will help disable the pop ups.

    http://tinyurl.com/mwb5u8

    Leave a comment:


  • shifty
    replied
    the update cycle is a scheduled thing. Open the Avira console, under the Administration section, choose Scheduler, find the Daily Update item, right-click it, choose Edit Job, and on the "when to schedule this job" section, choose Daily from the dropdown, and set the time for when you are NOT in game, but your computer will DEFINITELY be on. UNcheck "Repeat job if time is expired" so it doesn't just randomly pop up on you later after that time. That way you still get updates, but only at that specific time.

    Leave a comment:


  • Ninjahedge
    replied
    I think it only does that with certain games (I don't know why and what makes one different from the other when they all can be alt-tabbed. Any clue what the callout is to get a program to minimize that would only be used by some proggies?)

    Shift, was that solution listed here in the help section?

    Leave a comment:


  • shifty
    replied
    hehehehe

    there was a thread explaining how to make that 'not happen' a few weeks back.

    Leave a comment:


  • ewok
    replied
    oh, that anti virus minimized my game in a match tonight. >_<

    Leave a comment:


  • shifty
    replied
    Oh and if you have en eBay account check it also to make sure it isn't hijacked and change the password. Just in case =)

    Leave a comment:


  • shifty
    replied
    I would still change your passwords and check your Paypal transaction history.

    Also, go download and run GMER to check for rootkits on both systems.

    Leave a comment:


  • shifty
    replied
    I would still change your passwords and check your Paypal transaction history.

    Also, go download and run GMER to check for rootkits on both systems.

    Leave a comment:


  • ewok
    replied
    nothing found on either computers, not sure how this could have happened. maybe a mistake on paypal's part

    Leave a comment:


  • shifty
    replied
    Also, install, update and run a full scan with MalwareBytes.

    Leave a comment:


  • shifty
    replied
    OK, the big good thing is:

    - 0 Hidden Objects found.

    ALWAYS watch for hidden objects search locating something. This is a huge indicator of rootkits (hidden files).

    It is easy to hijack your HOSTS file and redirect you to another site which LOOKS like Paypal. Always go to https://www.paypal.com (with httpS), and make sure their security cert is legit. This is usually done by double-clicking the gold padlock lock icon in your browser of choice.

    But yeah, check your mom's computer. And check that security certificate for Paypal before entering personal data. Check your bank account too.

    Leave a comment:


  • ewok
    replied
    Avira didn't find anything. It's possible that I logged into my paypal on my mom's laptop(and I have no idea what's on there), running anti virus on that now too.

    Avira AntiVir Personal
    Report file date: Sunday, February 14, 2010 22:42

    Scanning for 1753507 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : KYLE-PC

    Version information:
    BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 19:26:33
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:35:52
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 06:41:11
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 06:41:17
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 06:41:19
    VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 06:41:19
    VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 06:41:19
    VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 06:41:20
    VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 06:41:20
    VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 06:41:20
    VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 06:41:20
    VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 06:41:20
    VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 06:41:20
    VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 06:41:20
    VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 06:41:20
    VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 06:41:21
    VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 06:41:22
    VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 06:41:22
    VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 06:41:23
    VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 06:41:23
    VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 06:41:24
    VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 06:41:24
    VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 06:41:25
    VBASE022.VDF : 7.10.4.31 2048 Bytes 2/11/2010 06:41:25
    VBASE023.VDF : 7.10.4.32 2048 Bytes 2/11/2010 06:41:25
    VBASE024.VDF : 7.10.4.33 2048 Bytes 2/11/2010 06:41:25
    VBASE025.VDF : 7.10.4.34 2048 Bytes 2/11/2010 06:41:25
    VBASE026.VDF : 7.10.4.35 2048 Bytes 2/11/2010 06:41:25
    VBASE027.VDF : 7.10.4.36 2048 Bytes 2/11/2010 06:41:26
    VBASE028.VDF : 7.10.4.37 2048 Bytes 2/11/2010 06:41:26
    VBASE029.VDF : 7.10.4.38 2048 Bytes 2/11/2010 06:41:26
    VBASE030.VDF : 7.10.4.39 2048 Bytes 2/11/2010 06:41:26
    VBASE031.VDF : 7.10.4.46 98816 Bytes 2/14/2010 06:41:26
    Engineversion : 8.2.1.170
    AEVDF.DLL : 8.1.1.3 106868 Bytes 2/15/2010 06:41:34
    AESCRIPT.DLL : 8.1.3.15 827771 Bytes 2/15/2010 06:41:33
    AESCN.DLL : 8.1.4.0 127348 Bytes 2/15/2010 06:41:32
    AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 15:38:44
    AERDL.DLL : 8.1.4.2 479602 Bytes 2/15/2010 06:41:32
    AEPACK.DLL : 8.2.0.8 426357 Bytes 2/15/2010 06:41:31
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 15:38:38
    AEHEUR.DLL : 8.1.1.5 2326901 Bytes 2/15/2010 06:41:31
    AEHELP.DLL : 8.1.10.0 237942 Bytes 2/15/2010 06:41:28
    AEGEN.DLL : 8.1.1.86 369012 Bytes 2/15/2010 06:41:28
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 15:38:26
    AECORE.DLL : 8.1.11.1 184694 Bytes 2/15/2010 06:41:27
    AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 15:38:20
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
    AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 23:14:02
    AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 20:25:47

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:, Z:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Sunday, February 14, 2010 22:42

    Starting search for hidden objects.
    '14023' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
    Scan process 'msiexec.exe' - '1' Module(s) have been scanned
    Scan process 'Xfire.exe' - '1' Module(s) have been scanned
    Scan process 'Wow.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ventrilo.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskhost.exe' - '1' Module(s) have been scanned
    Scan process 'atieclxx.exe' - '1' Module(s) have been scanned
    Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'sppsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    48 processes with 48 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'Z:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '16' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    Begin scan in 'D:\' <Fraps>
    Begin scan in 'E:\' <RECOVERY>
    Begin scan in 'Z:\' <Baracoot>


    End of the scan: Sunday, February 14, 2010 23:22
    Used time: 40:22 Minute(s)

    The scan has been done completely.

    18296 Scanned directories
    172032 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    2 Files cannot be scanned
    172030 Files not concerned
    799 Archives were scanned
    2 Warnings
    2 Notes
    14023 Objects were scanned with rootkit scan
    0 Hidden objects were found

    Leave a comment:


  • ewok
    replied
    I logged into paypal and I get a

    Security Measures

    We are currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and you will now be taken through a series of identity verification pages.

    Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.'

    and it wants me to verify my bank account. I can't seem to access any parts of my account until I verify my bank account.

    I'm pretty sure its not a phish. The mails are coming from service@paypal.com

    Leave a comment:


  • shifty
    replied
    K

    Are you sure those weren't phishing emails?

    Have you changed your Paypal password yet?

    Have you looked at your Paypal history to see if the transaction really happened?

    Leave a comment:


  • ewok
    replied
    I just reformatted the other day, have not downloaded anything besides things like itunes, skype, firefox, and I've never caught a virus before so I wasn't too concerned.

    Ran MalwareBytes, it didn't find anything. Running Avira now and I'll let you know if that finds anything.

    Leave a comment:

Working...
X