Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infected with Trojan:Win32/Peals.D!plock among others

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infected with Trojan:Win32/Peals.D!plock among others

Unread postby sn0wy » November 6th, 2015, 10:37 am

first post, so apologies if i missed any forum rules. I did read up but its very late here, so my sleep deprivation may cause me to miss some.

PC
Win7sp1 (genuine)
using MSE (with realtime)
Crome browser
(not sure what might be relevant, will post DDS soon, read below)


What Happened:
went out to dinner (aprox 2 hrs), computer was left on. utorrent was installed but (iirc) not running. (has now been uninstalled/deleted, wont be coming back!). Came home from dinner and found my PC was blaring out adverts (audio only) and microsoft security essentials (MSE) had found a couple of threats, the
Pearls.D!plock
and a backdoor trojan
Backdoor:Win64/Bedep.A
which had been quarantined.
Utorrent was running, as i mentioned i dont think I had left it running, I haven't used it in months.

adds continued even after quitting utorrent and crome.

searching online, i found a few forums with recommendations of TDSSkiller and AdwCleaner
TDSSkiller found nothing.
AdwCleaner was successful in finding some suspicious files, which also killed the adds.
after opening a few more forums (like this one) on the subject i disconnected the infected PC from the internet.

I've since ran a few more scans with MSE and Adwcleaner, a full scan on MSE found
JS/obfuscator.fn
which was successfully quarantined.

Adwcleaner on a subsequent scan (after restart, and after cleaning of Obfuscator) found another dodgy 'web browser' in crome\user data\default\webdata [search provider] which was also successfully cleaned

subsequent scans from both come up clear


What Now?

I haven't run a DDS log yet... I wanted to check first if these torrents are likely to spread to other pc's on my home network, or may have already? the infected PC user did have write privileges on other network PC's. is there anything to watch out for before allowing the infected PC back online to get DDS software? I'll turn off all other PC's and download DDS stuff in a day or so unless you guys advise otherwise...

Do you guys know any more on the parls.D? I couln't find much on this trojan other than it allows lots of bad stuff like remote logins and sending of security info, hence quarantining the PC from the internet as soon as possible.

anything else you guys can recommend is much appreciated. Once again apologies if i've messed something up.
thanks.


edit
ultimately i can re-install my OS if need be, important stuff had been backed up recently. Prefer not to if possible, and also would like advice on other network PC's. I'm not bad with pC's but no pro, as you can probably guess form this post. cheers.
sn0wy
Active Member
 
Posts: 1
Joined: November 6th, 2015, 9:45 am
Advertisement
Register to Remove

Re: infected with Trojan:Win32/Peals.D!plock among others

Unread postby Cypher » November 7th, 2015, 8:36 am

By posting just a description of your problems it is likely that your topic will be passed by and you will not receive the help you're looking for.

We need to know what's running on your computer so we can give you appropriate instructions.

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This topic will now be closed.

If you still need help, please start a new thread with:

  • FRST.txt
  • Addition.txt
  • Details of your problems.

If for any reason you can't run FRST, please let us know in your post.

User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware