Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I Got Hit By A Virus! An Internet Pulse Robber!

21 May 2013   #1
msw7

64-bit Microsoft Windows 7
 
 
I Got Hit By A Virus! An Internet Pulse Robber!

I am using a Sony VAIO laptop.

The operating system is 64-bit Microsoft Windows 7.

The virus is from the internet while I was in browsing using the Mozilla Firefox browser.

While in browsing, an automatic pop-up message appears on my screen.

I got a message, asking me, do I want to allowing access of a muuxe.exe file?

Then I click allow access.

I am using a chinese-made portable modem called huawei.

It has a small size lcd or led screen, giving me indicator of how much kilobyte, megabyte, and so on, of internet pulse I am using.

At the time I allowed this muuxe.exe file to be accessed, I read my modem screen as 13.14 mb.

How shocked I am when in the next 10 minutes, I read 240.67 mb (two hundreds + forty point sixty seven megabytes) in my portable modem!

I do not download anything when browsing, just read some news, also, no flash video and other video format.

Just a website containing texts and some images.

The automatic update of my laptop also already turned off earlier.

I guess this is a virus from the muuxe.exe file.

Do anyone having same experience as me?

How do I solve this problem such as remove the virus?

Thank you


My System SpecsSystem Spec
.
21 May 2013   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Well, you got hit by a password stealing Bot, also known as a "Backdoor Trojan". https://www.virustotal.com/en/file/1...is/1317676706/
Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

What Anti-Virus and Firewall are you using?
My System SpecsSystem Spec
21 May 2013   #3
msw7

64-bit Microsoft Windows 7
 
 

Quote   Quote: Originally Posted by Jacee View Post
Well, you got hit by a password stealing Bot, also known as a "Backdoor Trojan". https://www.virustotal.com/en/file/1...is/1317676706/
Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

What Anti-Virus and Firewall are you using?
I can not open all of the above websites in my computer with my Mozilla Firefox browser.

I did had few online transactions using my credit card before I got infected by this internet-pulse/quote robber virus.

Will the password still be able to being stolen?

This virus is stealing my internet quote/pulse quickly.

It steals approx two hundreds megabytes within 5-to-10 minutes and makes me shocked.

How to detect and trace this suspect of cyberspace world?
My System SpecsSystem Spec
.

21 May 2013   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Of course! ... You need to change ALL passwords using a known 'clean' computer, not the infected one. You need to notify your bank/credit card carrier of possible 'fraud' transactions on your current card. Close out the account with them and ask for a new card.

Now, I asked you what Anti-virus and Firewall you're using. Can you give me that information?
My System SpecsSystem Spec
21 May 2013   #5
cottonball

Windows 7 Home Premium
 
 

msw7,

The PWS-Zbot.Gen normally installs a Rootkit to protect itself from removal.

After providing Jacee the information she needs, we can start the removal of this malware with Kaspersky's TDSSKiller Download
Select the .exe version

If you cannot download it to the infected computer, download to a clean computer, and then use a USB pendrive to move the program to the Desktop of the infected computer.

If you cannot get this program to run, rename it.
To do so, right-click on the TDSSKiller.exe icon and select: Rename
Edit the name from TDSSKiller.exe to iexplore.exe, and then double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan


•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_1.05.2013_15.31.43_log.txt

Please post, or attach, the TDSSKiller log in your reply.
My System SpecsSystem Spec
23 May 2013   #6
msw7

64-bit Microsoft Windows 7
 
 

I realize that this virus is not the muuxe.exe as mentioned earlier.

I can not detect what and where the virus is.

Or maybe someone get my wireless signal, hack its password and using my internet connection.
My System SpecsSystem Spec
23 May 2013   #7
edee

Windows 8 Pro / Windows 7 Home Premium x64 dual boot
 
 

This is a hard lesson to learn, hopefully you have.

If you are surfing the internet and are not downloading anything or installing anything on your pc and a popup box appears asking you for access to something ........ NEVER click ok, either "X" out of the pop up box or close the browser window, if the browser window won't close, force close it using the task manager. But NEVER ,EVER allow something access to your computer on the web unless you know EXACTLY what it is.

First thing I would do is listen to Cottonball's advice above, then on another CLEAN pc, change every single password you have.
My System SpecsSystem Spec
Reply

 I Got Hit By A Virus! An Internet Pulse Robber!




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD Random, While Surfing Internet. Virus from Searches??
Was just surfing the internet and bam got a BSOD, at the time of BSOD I was overclocked, I just recently set my system back to default timings, with no overclock. Wondering if this is a Virus of somesort. Thank you all.
BSOD Help and Support
no internet after virus removal
I removed a virus from my friends e machine net book a week or so ago it was the system tool 2012 virus.it was removed fully and have checked this via AV and malwarebytes etc.but since then the internet always finds wifif points and connects but always says limited connection.problem is he lost his...
Network & Sharing
Geek creates DIY pulse laser pistol that can burn plastic
Well, here's an idea to spend some time on. This DIY Pulse Laser Gun was built by Patrick Priebe who you might remember from the Iron Man Repulsor Light Laser Glove Project. This is what you get when you convert a ton of energy into light energy in a fraction of a second. Looks fun enough to...
Chillout Room
Virus Or Malware Affect Internet Connection
Can Malware or any viruses affect your internet speed or internet connection in anyway?:shock:
Network & Sharing
Best anti virus or internet security for windows 7?
i use to use kaspersky internet security with vista, anybody know the best one for windows 7?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App