Return to the Computer Help Forum | Post a Follow-Up

 o
email with infected link

Posted by yabber (My Page) on
Thu, Aug 2, 12 at 21:16

Hi all,

My colleague at work received an email with a link that contained a virus. He opened it, then realised it was probably dodgy and closed out of it before the page finished loading. Was that too late? He does have AVG on his computer and it didn't come up with a warning when he clicked on the link.

He's got the week off now and we need to start his pc up to look at some ordering info but I'm not sure what to expect, thanks for your help!


Follow-Up Postings:

 o
RE: email with infected link

We just ran a scan and all seems fine


 o
RE: email with infected link

Run full updated malwarebytes scan immediately and then run a full superantispyware updated scan, both are free. You might also run an online antivirus scan like eset free.
Let us know if you need to have links or help. And report back what is found.


 o
RE: email with infected link

Could you please send me the link for these scans? Thanks very much!


 o
RE: email with infected link

Malwarebytes' Anti-Malware (Win) - Detecting and Removing Malware FREE version

SUPERAntiSpyware select FREE edition RED button

Free Online Scanner

be sure to update each program prior to running the full scan.

you can keep these and run them weekly or monthly for a good layered protection for your pc. They will not interfere with your Antivirus program since they do not run until you run them.


 o
RE: email with infected link

Thank you very much, I'll let you know what we find, if anything


 o
RE: email with infected link

I haven't run the scans on my colleagues computer yet but decided to try my own first. So the malwarebytes scan came up clean and the SUPERantispyware scan came up with some cookies and 2 trojans? This is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/08/2012 at 12:17 PM

Application Version : 5.5.1012

Core Rules Database Version : 9025
Trace Rules Database Version: 6837

Scan type : Complete Scan
Total Scan Time : 00:25:57

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 70158
Registry threats detected : 0
File items scanned : 42042
File threats detected : 46

Adware.Tracking Cookie
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\T00N465N.txt [ /overture.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\6Q194JQR.txt [ /zedo.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\XXR6FAXF.txt [ /adserver.adtechus.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\CUMN1ZYF.txt [ /invitemedia.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\VCE5GKCO.txt [ /revsci.net ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\BJ4V2VH2.txt [ /mediaplex.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\F1RU0NHR.txt [ /serving-sys.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\53T8TQ0U.txt [ /ad.yieldmanager.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\1YUML058.txt [ /fastclick.net ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\5Q9647X2.txt [ /ads.weatherzone.com.au ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\TKD3MT1H.txt [ /statcounter.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\S5YBX3GR.txt [ /imrworldwide.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\MHNEW4Y2.txt [ /legolas-media.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\V7LCDHTC.txt [ /apmebf.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\IYCTIIIJ.txt [ /msnportal.112.2o7.net ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\0Y20E032.txt [ /accounts.youtube.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\J2C4UZ0Z.txt [ /accounts.google.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\9AO47PXP.txt [ /bs.serving-sys.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\NSMJ2VJ2.txt [ /adxpose.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\BI9QZVIJ.txt [ /atdmt.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\SB87EQKW.txt [ /casalemedia.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\HPN7KZ2W.txt [ /c.atdmt.com ]
C:\Users\Drawing3\AppData\Roaming\Microsoft\Windows\Cookies\UBMIMP3G.txt [ /doubleclick.net ]
C:\USERS\DRAWING3\AppData\Roaming\Microsoft\Windows\Cookies\Q2Z2Q5EK.txt [ Cookie:drawing3@www.google.com.au/accounts ]
C:\USERS\DRAWING3\Cookies\T00N465N.txt [ Cookie:drawing3@overture.com/ ]
C:\USERS\DRAWING3\Cookies\6Q194JQR.txt [ Cookie:drawing3@zedo.com/ ]
C:\USERS\DRAWING3\Cookies\CUMN1ZYF.txt [ Cookie:drawing3@invitemedia.com/ ]
C:\USERS\DRAWING3\Cookies\VCE5GKCO.txt [ Cookie:drawing3@revsci.net/ ]
C:\USERS\DRAWING3\Cookies\BJ4V2VH2.txt [ Cookie:drawing3@mediaplex.com/ ]
C:\USERS\DRAWING3\Cookies\F1RU0NHR.txt [ Cookie:drawing3@serving-sys.com/ ]
C:\USERS\DRAWING3\Cookies\53T8TQ0U.txt [ Cookie:drawing3@ad.yieldmanager.com/ ]
C:\USERS\DRAWING3\Cookies\Q2Z2Q5EK.txt [ Cookie:drawing3@www.google.com.au/accounts ]
C:\USERS\DRAWING3\Cookies\1YUML058.txt [ Cookie:drawing3@fastclick.net/ ]
C:\USERS\DRAWING3\Cookies\TKD3MT1H.txt [ Cookie:drawing3@statcounter.com/ ]
C:\USERS\DRAWING3\Cookies\S5YBX3GR.txt [ Cookie:drawing3@imrworldwide.com/cgi-bin ]
C:\USERS\DRAWING3\Cookies\MHNEW4Y2.txt [ Cookie:drawing3@legolas-media.com/ ]
C:\USERS\DRAWING3\Cookies\V7LCDHTC.txt [ Cookie:drawing3@apmebf.com/ ]
C:\USERS\DRAWING3\Cookies\0Y20E032.txt [ Cookie:drawing3@accounts.youtube.com/accounts ]
C:\USERS\DRAWING3\Cookies\J2C4UZ0Z.txt [ Cookie:drawing3@accounts.google.com/ ]
C:\USERS\DRAWING3\Cookies\9AO47PXP.txt [ Cookie:drawing3@bs.serving-sys.com/ ]
C:\USERS\DRAWING3\Cookies\NSMJ2VJ2.txt [ Cookie:drawing3@adxpose.com/ ]
C:\USERS\DRAWING3\Cookies\SB87EQKW.txt [ Cookie:drawing3@casalemedia.com/ ]
C:\USERS\DRAWING3\Cookies\HPN7KZ2W.txt [ Cookie:drawing3@c.atdmt.com/ ]
C:\USERS\DRAWING3\Cookies\UBMIMP3G.txt [ Cookie:drawing3@doubleclick.net/ ]

Trojan.Agent/Gen-Koobface[Bonkers]
C:\USERS\DRAWING3\LIESBETH\ROOT\PLANIT\WOODWIZARD\WWIZHRI.EXE
C:\USERS\DRAWING3\LIESBETH\ROOT\PLANIT\WOODWIZARD\WWIZSND.EXE

-------------------------------------------
It has removed them from the computer now, so all is good?

I'll try the free online scanner next as well.


 o
RE: email with infected link

The free online scanner cleaned up 1 more file but I'm not sure what that was because I accidentally closed out of it


 o
RE: email with infected link

Oh that's not good you had koobface, facebook backwards, it usually comes from facebook. Is part of a botnet. Very nasty bug, I would use another clean machine and change all your passwords because part of what it does is get all that info. You can google koobface and read the wiki on it.
I think you should go to LzD forum and run some special scans to make sure you are fully clean.
You need to go there, register, and post your own new thread in the malware removal area. The team will help you step by step. Post your logs there as you did here.
I am there also, if you need assistance let me know. With this kind of infection it is best to be overly through.

Here is a link that might be useful: LzD


 o
RE: email with infected link

Will do, see you there.

Just a quick question: we have 4 computers at work; all connected. Is it possible this trojan came from one of the other pc's because it's a network?


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here