We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
What is sbubeper.dll?
Comments
-
OK. I was going to ask if a randomly named file meant it was definitely was bad. Seemed obvious, but computers can be confusing at times. I can get by with a little help from Google. Anyway, doing a full scan now.The View Belongs To Everyone0
-
Seriously, just clean everything that Malwarebytes finds and then post the log after. There is very little chance of a false positive, and at worst you can just restore the file anyway, since Malwarebytes puts them in quarantine.
A 'hosts' file is intended for something else, but it can be used as a webfilter as well to block bad web addresses. Hostsman is just a program that does it all for you - it keeps track of lists of bad web addresses, and inserts those lists into your hosts file. I already gave instructions on how to do it:
1. install hostsman (http://www.abelhadigital.com/hostsman) but uncheck anything it suggests like the hostman server or hosts optimiser
2. Run hostman in administrator mode (it should be in admin mode first time you run it, the buttons appear green when it is)
3. In hostman do Tools > Manage update sources, and add MalwareDomainList to it (http://www.malwaredomainlist.com/hostslist/hosts.txt)
4. Do 'check for updates' and make sure its set to Overwrite the hosts, then update it with MVPS and Malwaredomainlist that you added.
If you do the above, you'll have less chance of getting another infection like this again.
OK, I'll do that.
Is there a way to do the hosts file thingy through Windows? I prefer to do things myself without software if possible. And that way I learn a little bit more computers. I'll install it if I have to tough.The View Belongs To Everyone0 -
OK. I was going to ask if a randomly named file meant it was definitely was bad. Seemed obvious, but computers can be confusing at times.
I understand - I'm not being critical, it's just you have a trojan running on your system and you really need to remove it.
Malwarebytes is a great piece of software that only very rarely has false positives, and it's usually only obscure security software that it'll detect if ever. Pretty much you can remove first with Malwarebytes and investigate what it's removed later - if it's not obvious from the file names.
You don't usually see randomly named memory processes or autoruns made by valid programs, and it's time to worry if you do. The only real time I can think of where a randomly named file is safe is some security programs like SuperAntiSpyware will have a randomly named filename in order to trick active malware (because active malware will try to prevent security software from running if it can recognise it).0 -
OK, I'll do that.
Is there a way to do the hosts file thingy through Windows? I prefer to do things myself without software if possible. And that way I learn a little bit more computers. I'll install it if I have to tough.
Yes of course. You can read all about the Hosts file here:
http://www.mvps.org/winhelp2002/hosts.htm
My purpose was to give you a failsafe and quick way of blocking the trojan, since it's active and could be stealing your personal information while you are reading about hosts files.
The hosts file is stored in:
c:\windows\system32\drivers\etc
Needs to be saved in plain text with no file extension.0 -
I understand - I'm not being critical, it's just you have a trojan running on your system and you really need to remove it.
Don't worry, I appreciate the advice. Tone of voice doesn't come over through text.
I haven't downloaded anything in a while (and rarely download anything), and I'm pretty cautious of what I do. Can Trojans stay dormant then just pop up?
Malwarebytes is still scanning.The View Belongs To Everyone0 -
I haven't downloaded anything in a while (and rarely download anything), and I'm pretty cautious of what I do. Can Trojans stay dormant then just pop up?
Yes, or it might have been running without you realising it until Avira caught one of the processes (but not the whole package, which Malwarebytes has found active).
All it takes is one point of compromise, and anything can be installed on your computer without your knowledge - in this case the trojan will allow the hackers behind it to put other things less easy to detect on.
You still need to do the HijackThis! log referenced in my first post by the way.
Is it Avira Antivir free you use? Do you have it on the default settings, or have you put the heuristics to High on the scanner and on the resident guard? Also have you selected the extended categories such as to find "potentially unwanted programs"?
Antivir is a great product, but really bad defaults. It's automatic for me to go into settings and fix everything - but most users run it out of the box on the default settings which allows a lot of rogue apps that it is more than capable of stopping if set up properly.
Also what browser do you use, and what security do you have for it?0 -
When you have finished all that you might consider updating both Windows XP to SP3 and also IE6 to IE8 as in both cases they are more secure.0
-
Is it Avira Antivir free you use? Do you have it on the default settings, or have you put the heuristics to High on the scanner and on the resident guard? Also have you selected the extended categories such as to find "potentially unwanted programs"?
Antivir is a great product, but really bad defaults. It's automatic for me to go into settings and fix everything - but most users run it out of the box on the default settings which allows a lot of rogue apps that it is more than capable of stopping if set up properly.
Also what browser do you use, and what security do you have for it?
It is the free version without any defaults changed. I'm also one for changing settings for things, but never thought to for anti-virus software.
I'm using Firefox 4.0. (I used the beta Firefox before that and whatever the non-beta Firefox release was before that). Occasionally I have WMP playing whilst connected to the internet, I thought I updated all their security updates tough.
Malwarebytes before any changes (after clean-up will follow):
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6424
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
23/04/2011 16:05:25
mbam-log-2011-04-23 (16-05-21).txt
Scan type: Full scan (G:\|)
Objects scanned: 157469
Time elapsed: 1 hour(s), 3 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
g:\WINDOWS\uzumicunojagiq.dll (Trojan.Hiloti) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyaciviyiyimev (Trojan.Hiloti) -> Value: Jyaciviyiyimev -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qyebapeqikod (Trojan.Hiloti) -> Value: Qyebapeqikod -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
g:\WINDOWS\uzumicunojagiq.dll (Trojan.Hiloti) -> No action taken.
g:\WINDOWS\sbubeper.dll (Trojan.Hiloti) -> No action taken.
g:\documents and settings\pd\local settings\Temp\praljybd.exe (Trojan.Hiloti) -> No action taken.The View Belongs To Everyone0 -
Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org
Database version: 6424
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
23/04/2011 16:17:29
mbam-log-2011-04-23 (16-17-29).txt
Scan type: Full scan (G:\|)
Objects scanned: 157469
Time elapsed: 1 hour(s), 3 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
g:\WINDOWS\uzumicunojagiq.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyaciviyiyimev (Trojan.Hiloti) -> Value: Jyaciviyiyimev -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qyebapeqikod (Trojan.Hiloti) -> Value: Qyebapeqikod -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
g:\WINDOWS\uzumicunojagiq.dll (Trojan.Hiloti) -> Delete on reboot.
g:\WINDOWS\sbubeper.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
g:\documents and settings\pd\local settings\Temp\praljybd.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
It says certain items could not be removed.
Should I restart my computer then do another scan to give an up-to-date log?The View Belongs To Everyone0 -
When you have finished all that you might consider updating both Windows XP to SP3 and also IE6 to IE8 as in both cases they are more secure.
I tried updating to SP3 but it never did. Now the option isn't there anymore. It (apparently) installed all the security files, but I don't know what happened.The View Belongs To Everyone0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards