No Idea How I Got Infected


Recommended Posts

At my work, i use this computer for very minimal stuff. I mainly just use google docs, google mail, download drivers from reputable websites. I do not ever install anything on this computer. For what it worth, I use firefox for my browsing. I have no idea how I got infected. any insight to the vector of the infection? I am not looking for help on cleaning. Here is my mbam log file.

One big negative, this computer is not fully up to date with microsoft updates(maybe an unpatched vulnerability) . I was not running any AV also. I have not looked at porn on this computer. I do not use any gaming programs. I am convinced this was a pure drive buy install, I do not install anything.

Malwarebytes' Anti-Malware 1.38

Database version: 2369

Windows 5.1.2600 Service Pack 2

7/3/2009 3:20:38 PM

mbam-log-2009-07-03 (15-20-38).txt

Scan type: Quick Scan

Objects scanned: 91584

Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\owner\Local Settings\Temp\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Delete on reboot.

Link to post
Share on other sites

That sounds like a good theory to me, shanenin. It might be a vulnerability because the box needs to be patched. So did malwarebytes successfully remove the weird stuff? I like malwarebytes as well on my XP partition.

Link to post
Share on other sites

Hi shanenin, bad news for you. I would change all passwords and and not use this computer for anything of importance, here is why. Even tho MBAM removed it.

This is a Infostealer.Gampass >>> C:\WINDOWS\system32\olhrwef.exe <<< A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)

Chuck

Link to post
Share on other sites

formatting would be wise. If they have been stealing my info, I am already screwed. I use paypal, and credit cards on this computer all the time. Even though I have no faith in AV, I should start using it as a little extra added protection.

I think I may start running Vista. i ran it for abit when it came out, but since have been using XP at work and OS X(mini) at home. Everything I do is web based, any OS works fine for me.

The crazy thing is we still sell almost all of our new computers with XP. we sold about 36 new computer in the last 12 months, 3 of which were Vista. I don't think Vista is bad, it just seems to be how things have been.

Link to post
Share on other sites
formatting would be wise. If they have been stealing my info, I am already screwed. I use paypal, and credit cards on this computer all the time. Even though I have no faith in AV, I should start using it as a little extra added protection.

I think I may start running Vista. i ran it for abit when it came out, but since have been using XP at work and OS X(mini) at home. Everything I do is web based, any OS works fine for me.

The crazy thing is we still sell almost all of our new computers with XP. we sold about 36 new computer in the last 12 months, 3 of which were Vista. I don't think Vista is bad, it just seems to be how things have been.

Agreed. A format would make sense! I would call all of your credit card companies and cancel your cards, Get them to issue you new cards. Just to be safe. I would bet you're probably fine.

This happened to me a few years ago. A company that I bought CDs from got hacked ( all of my credit card info compromised). I cancelled my credit card and nothing bad happened.

Link to post
Share on other sites

Hey shanenin, you'r welcome, i think hitest said it correct, for future use i would do all he recommended.

A format would make sense! I would call all of your credit card companies and cancel your cards, Get them to issue you new cards. Just to be safe.

More than likely you are safe but in this day and age one never knows.

Good link TT, lets hope they did not get to anything, just shows no matter how safe one thinks they are its no Guarantee.

Chuck

Link to post
Share on other sites
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...