Thread: HiJackThis Log.....Need whatever help I can get
View Single Post
  #2 (permalink)  
Old 26-07-2006, 01:45 PM
VopThis's Avatar
VopThis VopThis is offline
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,443
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: HiJackThis Log.....Need whatever help I can get
Quote:
O4 - HKCU\..\Run: [SHELL] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
http://www.processlibrary.com/directory/files/ibm00001/

Name: [Shell]
Status: X
File: ibm0000*.exe (* = digit)

Added by the Troj/Torpig-C http://www.sophos.com/virusinfo/anal...ojtorpigc.html and Troj/Torpig-J http://www.sophos.com/virusinfo/anal...ojtorpigj.html TROJANS! - Filenames spotted include ibm00001.exe ibm00002.exe ibm00005.exe and so on.
http://www.castlecops.com/startuplist-11220.html
---------------------------------------------------------------

I'm afraid I have unpleasant news for you. You have a very dangerous infection on this machine. With a serious infection like this, I would recommend that you seriously consider a reformat and reinstall.

If you do not want to do this, do not ever use the computer for anything confidential. Let us know how you wish to proceed.


The infection installs itself primarily in machines that have not had all the Win XP updates installed. It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to anything else present...

My best recommendation is to Disconnect from internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer but we cannot be sure that the files involved didn't do anything to your system to reduce overall system security. Even after removal of the infection, you could be vulnerable to another attack or takeover as soon as you connect to the net again.

You are strongly advised to do the following immediately:
1. Disconnect infected computer from the Internet and from any networked computers until the computer can be cleaned.

2. If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts and/or change all your account numbers.

3. From a clean computer, change *ALL* your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Also take any other steps appropriate for an attempted identity theft.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Reply With Quote