Spammers use Angelina, Britney gossip as lures > Email Security > Messaging > News > SC Magazine Australia/NZ
Quote:
|
“We believe the trojan is identity theft malware,” Ryan Sherstobitoff, chief corporate evangelist of Panda Security told SCMagazineUS.com on Friday.
|
Quote:
|
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
|
Just so you know - you likely have acquired a backdoor/often password stealing capable Trojan that
COULD create serious compromises and concerns (passwords, banking, identity theft, etc.).
PLEASE CONSIDER THE FOLLOWING ISSUES CAREFULLY: Your system has likely been compromised to a point where even cleaning it does not promise you a trustworthy machine. There is a lot of serious concern about the
SDBOT infection family which your PC has presently encountered and its known updateable/installable capabilities whether currently in use or not - SEE:
(20K hits for inclusive search terms SDBOT, banking, password, and keylogger).
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
If you do online banking or have passwords that would be a serious concern in the hands of others (identity theft or compromise of confidential information), then more serious action is likely advisable and potentially warranted (contacting and alerting bank(s), backup user files, do a clean re-install, and change all user passwords while off-line). More often than not they want your PC as a compromised zombie (a botnet/spambot member to do evil deeds) – but who is to know.
Nevertheless, initial and further cleaning may still be warranted to give you some renewed degree of control and then time to more fully consider your options. Let us know how you wish to proceed.
Download
SDFix and save it to your Desktop.
Double click
SDFix.exe and choose
Install to extract it to its own folder on the Desktop. Please then reboot your computer in
Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract All,
- Open the extracted folder and double click RunThis.bat to start the script.
- Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool will be running and removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.
Please also provide any new current observations.