sc302 Veteran Posted November 18, 2012 Veteran Share Posted November 18, 2012 I don't make it a habbit to self infect. I get enough examples that I don't need to search. here is a sample file from 2011. http://www.ziddu.com...4/TDL4.rar.html Password : infected another http://download.soft...rootkit+sample/ do a search for rootkit sample file download This guys site has a bunch but you need to contact him/her for the password http://contagiodump....paj-sample.html MilaParkour@gmail.com You should know that there are many different sample files that you can get with all sorts of infections in them to see if your av/antimalware software can detect them. This is how many companies test the softwares capabilities as well as many third party companies rate new softwares, but they usually have internal lists and usually are pretty large. Like I said google it and pick any, not my fault you don't know the search terms. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 18, 2012 Veteran Share Posted November 18, 2012 Yeah Malwarebytes doesn't get Rootkits at all, I use TDSSKiller for that.. Along with Malwarebytes and Combofix to clean the rest. tdsskiller is pretty good, I use that with a quick scan of gmer afterwards (tdsskiller isn't 100% neither is gmer, the two together make a good team). Link to comment Share on other sites More sharing options...
redvamp128 Posted November 18, 2012 Share Posted November 18, 2012 Sounds like it had this- http://youtu.be/_gILhDFqm4I Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted November 19, 2012 Supervisor Share Posted November 19, 2012 Hello, Is the message similar to the one mentioned here on the anti-malware vendor's support web site? Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
smith.s Posted November 19, 2012 Share Posted November 19, 2012 Windows Malicious Software Removal Tool would be ideal for removing malware from windows based systems. Link to comment Share on other sites More sharing options...
Royalty Posted November 19, 2012 Share Posted November 19, 2012 It may be this virus? http://www.techrumors.org/topic/65-how-to-remove-the-fbi-moneypak-ransomware-or-the-reveton-trojan/ Link to comment Share on other sites More sharing options...
Haggis Veteran Posted November 19, 2012 Veteran Share Posted November 19, 2012 OP: did you manage to run Avast and get a hijack this log? Link to comment Share on other sites More sharing options...
(Account no longer active) Posted November 19, 2012 Share Posted November 19, 2012 I would personally recommend Avira Free Antivirus: http://www.avira.com...-free-antivirus Link to comment Share on other sites More sharing options...
Mystic Mungis Posted November 19, 2012 Share Posted November 19, 2012 Try running TDSSKiller, whenever I've run into a bad infection that Malwarebytes won't remove this always does the trick http://support.kaspe.../?qid=208283363 Link to comment Share on other sites More sharing options...
Royalty Posted November 19, 2012 Share Posted November 19, 2012 Or you can try and watch my video :) Link to comment Share on other sites More sharing options...
jerzdawg Posted November 19, 2012 Author Share Posted November 19, 2012 AVast scan completed both in windows and boot time, removed some items. The FBI scam thing appears to be gone but this happened last time too. Also ran malwarebytes and that also found a few entries. I told my friend they are on their own if it shows up again. I did everything I could - I ran out of time on the hijack this report as I had to have it packed up last night. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 19, 2012 Veteran Share Posted November 19, 2012 Could of brought it up to me. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 19, 2012 MVC Share Posted November 19, 2012 This malware is pretty easy to remove Just boot to safe mode and tell it to show all hidden files and folders and system files. There are 3 main folders the ransom malware always hides. c:\programdata c:\users\(username)\Appdata\local c:\users\(useranme)\appdata\roaming You'll find a weird exe in the root of those folders. Check to make sure the malware didn't remove any of your program shortcuts (Start / all programs). if your program folders appear to be empty go to c:\users\(username)\local\temp and look for a folder called smtp. Inside that folder (if you have it) you will find folders numbered 1 through 4. One folder contains desktop icons, another folder contains your program shortcuts it deleted. Remember to restore those before you run ccleaner, other wise it will delete them. if all of your files appear to be hidden then download and run this application. http://www.bleepingc...ownload/unhide/ This will go through and remove the hidden file attribute from all of your files. if your files are not hidden then skip to the next step. Now run the following apps ccleaner tdsskiller hitman pro malwarebytes and then make yourself a Kaspersky Rescue disc, and boot from it, update it and and do a full scan http://support.kaspersky.com/viruses/rescuedisk Then download and run patchmypc from www.patchmypc.net which will check to make sure all of your 3rd party software is up top date, such as Adobe reader, flash, java and a bunch of others. it will then update all of the software with 1 click. Link to comment Share on other sites More sharing options...
Recommended Posts