SpySentinel

Volunteer Security Advisor
  • Content Count

    1,037
  • Joined

  • Last visited

  • Days Won

    19

Everything posted by SpySentinel

  1. These could not be uploaded via the online file submitter so I am posting here if that is ok. [attachment=8627:malware.zip] [b]01.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/01.exe[/code] [b][color="red"]14[/b][/color]/40 [url="http://www.virustotal.com/file-scan/report.html?id=847dc7cb8f9c7b4add09ee4efa01db72515e0eec196e4f0fce005792e0847c50-1301811304"]http://www.virustotal.com/file-scan/report...7c50-1301811304[/url] ------------------------------------------------------------------------------------- [b]02.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/02.exe[/code] [b][color="red"]16[/b][/color]/40 [url="http://www.virustotal.com/file-scan/report.html?id=8de9c95b66842e4126a0e01f3ac23d0657ecb0d1a087d5f52f83c7f5149a387f-1301812020"]http://www.virustotal.com/file-scan/report...387f-1301812020[/url] ------------------------------------------------------------------------------------- [b]03.exe[/b] [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/03.exe[/code] [b][color="red"]18[/b][/color]/42 [url="http://www.virustotal.com/file-scan/report.html?id=0df0fa0829e1ab08dfcba9bd7c9fcd632b2e268393834efb55ac73cf33287fd5-1301811835"]http://www.virustotal.com/file-scan/report...7fd5-1301811835[/url] ------------------------------------------------------------------------------------- [code]eoficina.e.telefonica.net/sites/1204/Org300690/pwe/pwe/images/comprovativo2910002938104.exe[/code]
  2. Hi Colin Cahill, I would fill out a Vendor Inquiry and submit it to Lavasoft here: [url="http://lavasoft.com/mylavasoft/securitycenter/vendor-inquiries"]http://lavasoft.com/mylavasoft/securitycen...endor-inquiries[/url]
  3. Thanks Andy, That is one of the reasons that I like posting here, because I get a reply that the samples have actually been dealt with. I have been using the upload site to submit them too, but once I do there is no confirmation that you have received them or done anything to them.
  4. I will use this thread to upload the latest malware that is being distributed via the United Parcel Service email scam. I have an email account set up that receives these almost daily so I will post the malware attached to those emails here in this thread. ------------------------------------------------------------------------------------------------------------------------------------------------------ [quote]United Parcel Service notification #15151370 ... From: United Parcel Service <[email protected]> ... UPS_tracking_number.zip (6KB) Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More information and the tracking number are attached in document below. Thank you. © 1994-2011 United Parcel Service of America, Inc.[/quote] [attachment=8625:UPS_trac...g_number.zip] MD5: 20bce13e437b66ec86d2c2d7b98f410f EntryPoint: 0x13c7 FileSize: 18 kB [b][color="red"]6[/b][/color]/43 [url="http://www.virustotal.com/file-scan/report.html?id=a75e12399ad1c76fd39ebe4e1b2f904d14725857282c9348097c4519805c6355-1301359701"]http://www.virustotal.com/file-scan/report...6355-1301359701[/url]
  5. Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You !
  6. Please download [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Malwarebytes' Anti-Malware[/color][/b][/url] Double Click mbam-setup.exe to install the application.[list] [*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b]. [*]The scan may take some time to finish, so please be patient. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b]. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. [*]Copy&Paste the entire report in your next reply. [/list]Extra Note: [color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.[/b][/color] Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan. [list=1] [*]Read through the requirements and privacy statement and click on [b]Accept[/b] button. [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b]. [*]When the downloads have finished, click on [b]Settings[/b]. [*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[/color] [/list] [*]Click on [b]My Computer[/b] under [b]Scan[/b]. [*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b]. [*]You will see a list of infected items there. Click on [b]Save Report As...[/b]. [*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button. [/list]
  7. Sorry for the delay. I will be getting to your log later today.
  8. Hi searchkight, Thank you for the update. Let us know how it goes. Lavasoft should be back in the office later today or early tomorrow.
  9. Hi Originalgum, You're welcome [b]Run OTL.exe[/b][list] [*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following [code]&#58;OTL O4 - HKLM..\Run&#58; &#91;&#93; File not found O4 - HKCU..\RunOnce&#58; &#91;Shockwave Updater&#93; File not found O4 - Startup&#58; C&#58;\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK = File not found @Alternate Data Stream - 127 bytes -> C&#58;\ProgramData\TEMP&#58;FAC5BCF5 @Alternate Data Stream - 121 bytes -> C&#58;\ProgramData\TEMP&#58;522EA216 @Alternate Data Stream - 111 bytes -> C&#58;\ProgramData\TEMP&#58;1CD23587 &#58;Commands &#91;purity&#93; &#91;resethosts&#93; &#91;emptytemp&#93; &#91;EMPTYFLASH&#93; &#91;CREATERESTOREPOINT&#93; &#91;Reboot&#93;[/code] [*]Then click the [color="#FF0000"][b]Run Fix[/b][/color] button at the top [*]Let the program run unhindered, reboot when it is done [/list]
  10. Hi searchkight, Glad we can help! Did you completely uninstall your old version of Ad-Aware before installing the new one and adding in the license?
  11. Hi Originalgum, Welcome to the Lavasoft Support Forums [list] [*]Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="#FF0000"]OTL[/color][/b][/url] to your desktop. [*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. [*]When the window appears, underneath [u][b]Output[/b][/u] at the top change it to [b]Minimal Output[/b]. [*]Check the boxes beside [b]LOP Check[/b] and [b]Purity Check[/b]. [*]Click the [u][color="#0000FF"][b]Run Scan[/b][/color][/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list] [*]When the scan completes, it will open two notepad windows. [b]OTL.Txt[/b] and [b]Extras.Txt[/b]. These are saved in the same location as OTL. [*]Please copy [b](Edit->Select All, Edit->Copy)[/b] the contents of these files, one at a time, and post it with your next reply. [/list] [/list]
  12. Hi jonslasvegashomes, Please follow the instructions here to learn how to upload the file to your post here, so it can be verified by Lavasoft: [url="http://www.lavasoftsupport.com/index.php?showtopic=18033"]http://www.lavasoftsupport.com/index.php?showtopic=18033[/url]
  13. Hi searchkight, Sorry to hear about your issue. Have you tried Revo Uninstaller? Here are instructions on how to use it here: [url="http://www.lavasoftsupport.com/index.php?showtopic=30850"]http://www.lavasoftsupport.com/index.php?showtopic=30850[/url] I'm not sure if this will remedy your situation. Like CeciliaB said, Lavasoft is out of the office until Monday, so not sure if they will be around to check on the issue.
  14. Hi Jim Evans, What Antivirus are you running? Also what Operating system do you have? It could be a false positive.
  15. Please follow the 2 step instructions below so you can post the required logs to receive help in the malware removal forum. Step #1 Scan Your computer with adaware antivirus It is easier to clean up malware when adaware has cleaned up files that are already in detection; and indeed, it is best not to go through manual removal steps, if the up-to-date adaware can do it automatically. Please, run a scan with the latest version of adaware, and ensure that you have the latest definition file by performing an update once adaware is loaded. Step #2 Download FRST and save it to your desktop: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Disable any script blocker (disabling your antivirus protection should be enough), and then double click FRST file to run the tool. Read the disclaimer and click Yes to accept it. Click Scan button. When done, FRST will create two (2) logs: FRST.txt Addition.txt Attach those reports to your post. ------------------------------- Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM nor by email! The way to request help is to post a NEW TOPIC in the appropriate forum. Please be patient. Do not post multiple times for the same problem and do not bump your posts. It is important to keep 0 replies so the Volunteer Security Advisors can easily see who has not yet been helped. If you have not received help after 1 week, send a PM to one of the Staff members. ------------------------------- Please also read these other threads for more information of who is helping you and how you can learn how to fight malware: ONLY *DESIGNATED HELPERS* MAY POST ADVICE HERE! Would you like to learn to fight malware ? Please help fight malware! Submitting files is easy
  16. Hi progresso, Thank you for posting your suggestions. Lavasoft is continually working on improving Ad-Aware to make it a superior anti-malware application.
  17. SpySentinel

    killbit

    Hi proph3t, After double checking, Ad-Aware no longer uses killbits.
  18. [quote]Thanks for being so helpful SpySentinel. Please quote me where in the rules it says I am not permitted to request an adware sample for testing purposes.[/quote] Sure I can quote a few: "We have the ability to remove objectionable messages and we will make every effort to do so, within a reasonable time frame, if we determine that removal is necessary." "You agree, through your use of this service, that you will not use this BB to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, or otherwise in violation of any law." [quote]The volunteer moderators of this board are quite edit happy. I will thank you at least for noting when you've modified my posts, and I'm not 100% sure what happened with the initial one.[/quote] We do not allow you to post active links to malware that can harm our members here. That is why they have been removed. If you have an issue with this, you can send a PM and we can discuss it. Thanks, SpySentinel
  19. SpySentinel

    killbit

    Hi proph3t, Welcome to the Lavasoft Support Forum Killbits are a very old form of real-time protection and way of protecting systems by setting them in the registry. While they can work, they are not 100% effective against today's newer threats. With that being said, as yo whether or not Ad-Aware still uses them, there is a tool called SpywareBlaster that does not bog down system resources with real-time protection, but all it does is set killbits against various malware. It compliments AntiVirus and Ad-Aware very nicely. With regards to if Ad-Aware still uses killbits, I will get an answer for you and post here letting you know. Regards, SpySentinel
  20. Please follow the instructions located here: [url="http://www.lavasoftsupport.com/index.php?showtopic=13639"]IMPORTANT: Before You Post Read This![/url]
  21. Hi Aslan, We do not send out real malware via the PM system to people. If you like to, you can search on google for a way to download mawlare but that is not recommended. It is not a good idea to test using real malware as you can get infected. Thanks, SpySentinel
  22. Please follow the instructions located here: [url="http://www.lavasoftsupport.com/index.php?showtopic=13639"]IMPORTANT: Before You Post Read This![/url]