- Apr 26, 2011
- 2,779
Earlier today I was infected with what MBAM referred to as "Affiliate.Download". I thought it was a false positive at first. I ran HitMan Pro and it found nothing. Ran DDS and saw nothing out of the ordinary. I ran Dr. Web and it found 3 things as well (forget what they were named). I then ran GMER and it said that it had detected system changes that could be rootkit activity and asked if I wanted a full scan. I opted for a full scan and it found 4 line items that were presented as 4 and 5 digit numbers. They were highlighted red. I started to kill them but MBAM has a quarantine so I ran MBAM instead. MBAM cured it after a reboot. I turned off system restore and ran MBAM again in safe mode. I ran GMER again and all appeared normal.
I had been utilizing Bing and I was looking at celebrity pictures. I clicked on one of Kim Kardashian. When the page opened I saw the classic rogue look of a fake "My Computer" window. I tried to ALT+F4 to exit the page but I was not able. By that time one of those "Binary File" windows popped up wanting to entice me to download fake anti-malware tools for malware that obviously did not exist. At that point, which was within seconds of opening the page, I opened Process Hacker and terminated Firefox with it.
At one point before I ran MBAM, ThreatFire detected a "hidden threat" process. I clicked for the details before I disallowed it. The detailed window showed very odd, random characters.
The whole time I was running scans there were no svchost.exe cpu spikes.
I had been utilizing Bing and I was looking at celebrity pictures. I clicked on one of Kim Kardashian. When the page opened I saw the classic rogue look of a fake "My Computer" window. I tried to ALT+F4 to exit the page but I was not able. By that time one of those "Binary File" windows popped up wanting to entice me to download fake anti-malware tools for malware that obviously did not exist. At that point, which was within seconds of opening the page, I opened Process Hacker and terminated Firefox with it.
At one point before I ran MBAM, ThreatFire detected a "hidden threat" process. I clicked for the details before I disallowed it. The detailed window showed very odd, random characters.
The whole time I was running scans there were no svchost.exe cpu spikes.