leander93 Posted March 28, 2013 (edited) Hello there i've seen some resembling issues pass here, so i decided to give it a go Since yesterday i have been experiencing this wininet.dll error. Program cant be started, because wininet.dll is missing At startup i have this for MOM.exe, CCC.exe and when i startup wow64.exe myself Generally i have been expercieing my pc as extremely slow at some moments and programs, but not for everything I havent yet updated my ati driver to beta, i am still runnign on 13.1. I have run malware bytes, and it founded one more infection accompying log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.03.27.09 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Leander-thuis :: LEANDER-THUIS [administrator] 27-3-2013 21:04:55 mbam-log-2013-03-27 (21-04-55).txt Scan type: Volledige scan (C:|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 116284 Verstreken tijd: 2 uur/uren, 40 minuut/minuten, 3 seconde(n) [beëindigd] Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:$Recycle.BinS-1-5-21-88106922-3016794483-3337105248-1000$RFIVHNJ.exe (Backdoor.Bot) -> Succesvol in quarantaine geplaatst en verwijderd. (end) Many thanks in advance for any help i'll recieve Leander Edited March 28, 2013 by leander93 Share this post Link to post Share on other sites
Tomk_ Posted March 28, 2013 MOM.exe and CCC.exe are both part of Catalyst control center which is part the ATI driver package for your video card. The item found by MBAM is a backdoor! Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately: [*]Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use. [*]Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account. [*]Consider what other private information could possibly have been taken from your computer and take appropriate steps This infection might be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.If you wish to reformat then please let me know in your next response. Share this post Link to post Share on other sites
leander93 Posted March 29, 2013 (edited) I think reformatting the system will be the way to go. I just noticed my anti-virus disappeared and was deinstalled. seems to me it is pretty aggresive against other programs Luckily i dont use credit card and banking doens't work with passwords, that saves alot of trouble. I've slowly began to change the passwords for the most important sites i have I'll first need to rescue some important files, but i can reformat the system myself. That isnt a problem for me. Any idea where this virus comes from? to prevent it in the future? Edited March 29, 2013 by leander93 Share this post Link to post Share on other sites
Tomk_ Posted March 29, 2013 I can only hazard a guess. I would need more information to actually identify which one it is... but my guess would be a zero access variant. Therefore I'd guess that the most likely source was an email. Some versions of the contaminated email purport to be from a legitimate company... the better business bureau, the IRS, UPS... something along those lines. They will have a link in them telling you that you need to click it to see what the problem they have with you is... or why your package couldn't get delivered... and the link downloads the infections. This is just one scenario. Other possibilities are infected downloads (typically using P2P sites) . Share this post Link to post Share on other sites
Juliet Posted March 30, 2013 Luckily i dont use credit card and banking doesn't work with passwords, that saves alot of trouble. I've slowly began to change the passwords for the most important sites i haveNeed to change passwords on a known clean computer, as Tom said this one had a backdoor on it. Share this post Link to post Share on other sites
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
