We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
My ebay account was hacked....
Comments
-
Russ is this what you want from the Malware bites? [URL="c:%5CUsers%5CMrsPolkadot%5CAppData%5CRoaming%5CSammsoft%5CARO%5CVersion%202011%5CAROscanlog.xml"]C:\Users\MrsPolkadot\AppData\Roaming\Sammsoft\ARO\Version 2011\AROscanlog.xml[/URL]
Ive only run it-Ive not followed anymore instructions.Its all greek to me but even so it looks scary.
ARO is a dodgy program. Do you know how you got it?
I believe that people may get redirected to it when infected, although it's possible that people might click on an advertisement by mistake (which I wouldn't see, as I block ads).
ARO is not Malwarebytes Anti-Malware at all, which looks like this:
Try this alternative download for Malwarebytes Anti-Malware
http://users.on.net/russ/mb.exe
Then do a QUICK scan, delete anything it finds (we can restore anything important with Malwarebytes if needed), then post the log that comes up in Notepad.0 -
Ignore HitmanPro for the moment. There is a lot wrong with the HijackThis log as Macman pointed out. This program might help spread some light on one of the issues:
Could you run Security Check, and post the log as well:
http://screen317.spywareinfoforum.org/SecurityCheck.exe0 -
So to sum it up, the reason the OP got their Ebay account compromised is entirely of their own making by downloading software from dodgy websites and not taking rudimentary security precautions.0
-
Russ when I clicked your original link I saw something else (I have saved a screen dump
So I guess thats how I got it.0 -
So Ive now definately got the right one (it looks like your image),did a quick scan and let it "remove selected" (There were 12)...and then the log I got was:
Malwarebytes' Anti-Malware 1.51.2.1300
https://www.malwarebytes.org
Database version: 7929
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/10/2011 18:40:38
mbam-log-2011-10-12 (18-40-38).txt
Scan type: Quick scan
Objects scanned: 181799
Time elapsed: 4 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\mrspolkadot\downloads\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\mrspolkadot\downloads\myfuncardssetup2.3.80.2.zufox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.0 -
uninstall adaware, aro, ask toolbar, and get some av on there
http://www.filehippo.com/download_avast_antivirus/
ask DH to make time.!!
> . !!!! ----> .0 -
These are the results of security check:
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
When I finished running the malware I got a notification saying that I need to restart my pc to finish the removing process.I didnt want to go ahead yet until I got an okay from you (thank goodness I didnt do anything with the other programme),can I do that now or is there something else I should do first?0 -
And I can already see my first problen among the rest of the greek-none of the stuff DH has installed is within date...I told you it was like living with a plumber.0
-
You can restart if it was Malwarebytes prompting you to do so
For some reason Microsoft Security Essentials isn't registering properly, and neither is Malwarebytes as both weren't listed where they should be in the security check.
After you restart, could you run TDSSKiller:
http://users.on.net/russ/td.exe
Let me know if it finds anything. Don't post a log, as they are usually very long
Afterwards run aswMBR, and in this case say 'yes' when it asks to download updated definitions. Run the scan, and Save Log and post here. It'll take some time.
http://users.on.net/russ/aswmbr.exe
I'd uninstall Spybot, Ad-aware, ASK Toolbar, Conduit, Gamesbar toolbar, and ARO.
Also update Java, Adobe Reader, and Adobe Flash.
Will have to deal with why MSE isn't registering properly eventually, but all the above will keep you busy all night. I'd ask your DH for some help.0 -
Thanks Russ,he's just got home and has started running one of those that you just linked to-so I'll let him get on with it for now.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards