a trojan virus and a hacker

[gib65]

Hello,

I have reason to believe that someone is trying to hack into my computer with the help of a virus I seem to have contracted.

It all started with WinPC Antivirus being inadvertently installed on my computer. I was able to get rid of it (found the executable and deleted it and was no longer bothered by anything to do with WinPC Antivirus), but since then my real antivirus software has been detecting a couple malicious things:

1) Every time I boot my computer (and at random moments on occasion) it tells me it detected the virus Trojan.Win32.TDSS.adzx. It is unable to disinfect or delete the file, but seems to be able to quarantine it successfully (although the warning keeps coming back).

2) Once in a while it tells me that my firewall has successfully blocked an intrusion attempt (called "Nmap TCP scan"), and it gives me the details:

remote address: 220.191.241.2
remote port: http(80)
local address: 192.168.1.101
local port: 43293
DNS name: 189.43.134.140.digi.com.br

Is there anything I can do about either of these problems?

 

[Celegorm]

View this post. I've used this program a lot recently and it's given me great results.

http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=229402&view=findpost&p=1278885

 

[gib65]

Hi celegorm,

I'll have a look at that site and report back.

 

[Spec]

I think you stole that link from me posting it everywhere but alright...

 

[gib65]

Well, I gave that ComboFix a shot and the virus is still there.

I post the log anyhow - it's at http://www.shahspace.com/combofix.txt. Maybe someone can gleen something from it.

 

[Net_Surfer]

View this post. I've used this program a lot recently and it's given me great results.

http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=229402&view=findpost&p=1278885

Hi Guys,
my ears were ringing, so I have to come here and see what was all about

Just kidding.

I am Net_Surfer from BleepingComputer and the one helping the victim with a virus problem in that link that you suggested.

gib65 invited me here to view his problem with a virus, So I send a PM and I hope gib65 will reply back and follow my advise.

I can help the member's here if you will like, but it will be better if they go to bleepingcomputer and open a topic there so they can get help with malware.

gib65, I will add a little note about using ComboFix:

Hello gib65,
ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.

Combofix is a very complex and dangerous tool. It is not a one fit all tool and it is not automatically removing what needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.

Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing.

ComboFix SHOULD NOT be used unless requested by a forum helper


Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

If you need help with malware removal, then please create a topic at Bleepingcomputer and ask for help. Please note that the forum has policies, so please be sure to read any pinned topics and rules for the forum about how you should go about receiving help. there you will find the instructions about how to use DDS scan tool.
You will need to run DDS scan tool and post the logs in your new topic then send me the link of your thread via PM so I can analyze them and after that I will be able start your fix.

Please note that ComboFix Tool gets updated every few days and the copy that you have will be an old one that I can not use, but I will need to see the log it created "IF" you ran it, if you did not ran it then please wait until I advise you to use it, the log will be here if you did run it : "C:\ComboFix.txt" so post that log alone with the DDS logs.

A clean up would not happen in one evening, volunteers are in different time zones and have their own life too, however I will try to help you as fastest I can.

Kind regards
Net_Surfer