SpySentinel

Volunteer Security Advisor
  • Content count

    1,037
  • Joined

  • Last visited

  • Days Won

    19

SpySentinel last won the day on April 6 2015

SpySentinel had the most liked content!

Community Reputation

30 Excellent

About SpySentinel

  • Rank
    Valued Member and HJT Analyst
  • Birthday 06/10/1990

Contact Methods

  • Website URL
    http://www.malwarebytes.org/
  • ICQ
    0

Profile Information

  • Location
    The United States
  • Interests
    Malware Fighting

Recent Profile Visitors

1,942 profile views
  1. SpySentinel

    Trojan-Downloader.Win32.Banker

    These could not be uploaded via the online file submitter so I am posting here if that is ok. [attachment=8627:malware.zip] [b]01.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/01.exe[/code] [b][color="red"]14[/b][/color]/40 [url="http://www.virustotal.com/file-scan/report.html?id=847dc7cb8f9c7b4add09ee4efa01db72515e0eec196e4f0fce005792e0847c50-1301811304"]http://www.virustotal.com/file-scan/report...7c50-1301811304[/url] ------------------------------------------------------------------------------------- [b]02.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/02.exe[/code] [b][color="red"]16[/b][/color]/40 [url="http://www.virustotal.com/file-scan/report.html?id=8de9c95b66842e4126a0e01f3ac23d0657ecb0d1a087d5f52f83c7f5149a387f-1301812020"]http://www.virustotal.com/file-scan/report...387f-1301812020[/url] ------------------------------------------------------------------------------------- [b]03.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/03.exe[/code] [b][color="red"]18[/b][/color]/42 [url="http://www.virustotal.com/file-scan/report.html?id=0df0fa0829e1ab08dfcba9bd7c9fcd632b2e268393834efb55ac73cf33287fd5-1301811835"]http://www.virustotal.com/file-scan/report...7fd5-1301811835[/url] ------------------------------------------------------------------------------------- [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/comprovativo2910002938104.exe[/code]
  2. SpySentinel

    Problem with AdWatch

    Hi Colin Cahill, I would fill out a Vendor Inquiry and submit it to Lavasoft here: [url="http://lavasoft.com/mylavasoft/securitycenter/vendor-inquiries"]http://lavasoft.com/mylavasoft/securitycen...endor-inquiries[/url]
  3. SpySentinel

    United Parcel Service email scam (Malware)

    Thanks Andy
  4. SpySentinel

    United Parcel Service email scam (Malware)

    Thanks Andy, That is one of the reasons that I like posting here, because I get a reply that the samples have actually been dealt with. I have been using the upload site to submit them too, but once I do there is no confirmation that you have received them or done anything to them.
  5. I will use this thread to upload the latest malware that is being distributed via the United Parcel Service email scam. I have an email account set up that receives these almost daily so I will post the malware attached to those emails here in this thread. ------------------------------------------------------------------------------------------------------------------------------------------------------ [quote]United Parcel Service notification #15151370 ... From: United Parcel Service <[email protected]> ... UPS_tracking_number.zip (6KB) Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More information and the tracking number are attached in document below. Thank you. © 1994-2011 United Parcel Service of America, Inc.[/quote] [attachment=8625:UPS_trac...g_number.zip] MD5: 20bce13e437b66ec86d2c2d7b98f410f EntryPoint: 0x13c7 FileSize: 18 kB [b][color="red"]6[/b][/color]/43 [url="http://www.virustotal.com/file-scan/report.html?id=a75e12399ad1c76fd39ebe4e1b2f904d14725857282c9348097c4519805c6355-1301359701"]http://www.virustotal.com/file-scan/report...6355-1301359701[/url]
  6. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  7. Thanks for letting me know. Have a good day as well
  8. Please download [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Malwarebytes' Anti-Malware[/color][/b][/url] Double Click mbam-setup.exe to install the application.[list] [*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b]. [*]The scan may take some time to finish, so please be patient. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b]. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. [*]Copy&Paste the entire report in your next reply. [/list]Extra Note: [color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.[/b][/color] Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan. [list=1] [*]Read through the requirements and privacy statement and click on [b]Accept[/b] button. [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b]. [*]When the downloads have finished, click on [b]Settings[/b]. [*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[/color] [/list] [*]Click on [b]My Computer[/b] under [b]Scan[/b]. [*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b]. [*]You will see a list of infected items there. Click on [b]Save Report As...[/b]. [*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button. [/list]
  9. Sorry for the delay. I will be getting to your log later today.
  10. SpySentinel

    Old License New License Problem

    Hi searchkight, Thank you for the update. Let us know how it goes. Lavasoft should be back in the office later today or early tomorrow.
  11. Hi Originalgum, You're welcome [b]Run OTL.exe[/b][list] [*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following [code]&#58;OTL O4 - HKLM..\Run&#58; &#91;&#93; File not found O4 - HKCU..\RunOnce&#58; &#91;Shockwave Updater&#93; File not found O4 - Startup&#58; C&#58;\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK = File not found @Alternate Data Stream - 127 bytes -> C&#58;\ProgramData\TEMP&#58;FAC5BCF5 @Alternate Data Stream - 121 bytes -> C&#58;\ProgramData\TEMP&#58;522EA216 @Alternate Data Stream - 111 bytes -> C&#58;\ProgramData\TEMP&#58;1CD23587 &#58;Commands &#91;purity&#93; &#91;resethosts&#93; &#91;emptytemp&#93; &#91;EMPTYFLASH&#93; &#91;CREATERESTOREPOINT&#93; &#91;Reboot&#93;[/code] [*]Then click the [color="#FF0000"][b]Run Fix[/b][/color] button at the top [*]Let the program run unhindered, reboot when it is done [/list]
  12. SpySentinel

    Old License New License Problem

    Hi searchkight, Glad we can help! Did you completely uninstall your old version of Ad-Aware before installing the new one and adding in the license?
  13. Hi Originalgum, Welcome to the Lavasoft Support Forums [list] [*]Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="#FF0000"]OTL[/color][/b][/url] to your desktop. [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. [*]When the window appears, underneath [u][b]Output[/b][/u] at the top change it to [b]Minimal Output[/b]. [*]Check the boxes beside [b]LOP Check[/b] and [b]Purity Check[/b]. [*]Click the [u][color="#0000FF"][b]Run Scan[/b][/color][/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list] [*]When the scan completes, it will open two notepad windows. [b]OTL.Txt[/b] and [b]Extras.Txt[/b]. These are saved in the same location as OTL. [*]Please copy [b](Edit->Select All, Edit->Copy)[/b] the contents of these files, one at a time, and post it with your next reply. [/list] [/list]
  14. SpySentinel

    Flase Posative?

    Hi jonslasvegashomes, Please follow the instructions here to learn how to upload the file to your post here, so it can be verified by Lavasoft: [url="http://www.lavasoftsupport.com/index.php?showtopic=18033"]http://www.lavasoftsupport.com/index.php?showtopic=18033[/url]