I Got Hit By A Virus! An Internet Pulse Robber!

msw7 · 21 May 2013

I am using a Sony VAIO laptop.

The operating system is 64-bit Microsoft Windows 7.

The virus is from the internet while I was in browsing using the Mozilla Firefox browser.

While in browsing, an automatic pop-up message appears on my screen.

I got a message, asking me, do I want to allowing access of a muuxe.exe file?

Then I click allow access.

I am using a chinese-made portable modem called huawei.

It has a small size lcd or led screen, giving me indicator of how much kilobyte, megabyte, and so on, of internet pulse I am using.

At the time I allowed this muuxe.exe file to be accessed, I read my modem screen as 13.14 mb.

How shocked I am when in the next 10 minutes, I read 240.67 mb (two hundreds + forty point sixty seven megabytes) in my portable modem!

I do not download anything when browsing, just read some news, also, no flash video and other video format.

Just a website containing texts and some images.

The automatic update of my laptop also already turned off earlier.

I guess this is a virus from the muuxe.exe file.

Do anyone having same experience as me?

How do I solve this problem such as remove the virus?

Thank you

Jacee · 21 May 2013

Well, you got hit by a password stealing Bot, also known as a "Backdoor Trojan". https://www.virustotal.com/en/file/1...is/1317676706/
Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

What Anti-Virus and Firewall are you using?

msw7 · 21 May 2013

Jacee said:

Well, you got hit by a password stealing Bot, also known as a "Backdoor Trojan". https://www.virustotal.com/en/file/1...is/1317676706/
Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information

What Anti-Virus and Firewall are you using?

I can not open all of the above websites in my computer with my Mozilla Firefox browser.

I did had few online transactions using my credit card before I got infected by this internet-pulse/quote robber virus.

Will the password still be able to being stolen?

This virus is stealing my internet quote/pulse quickly.

It steals approx two hundreds megabytes within 5-to-10 minutes and makes me shocked.

How to detect and trace this suspect of cyberspace world?

Jacee · 21 May 2013

Of course! ... You need to change ALL passwords using a known 'clean' computer, not the infected one. You need to notify your bank/credit card carrier of possible 'fraud' transactions on your current card. Close out the account with them and ask for a new card.

Now, I asked you what Anti-virus and Firewall you're using. Can you give me that information?

cottonball · 21 May 2013

msw7,

The PWS-Zbot.Gen normally installs a Rootkit to protect itself from removal.

After providing Jacee the information she needs, we can start the removal of this malware with Kaspersky's TDSSKiller Download
Select the .exe version

If you cannot download it to the infected computer, download to a clean computer, and then use a USB pendrive to move the program to the Desktop of the infected computer.

If you cannot get this program to run, rename it.
To do so, right-click on the TDSSKiller.exe icon and select: Rename
Edit the name from TDSSKiller.exe to iexplore.exe, and then double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_1.05.2013_15.31.43_log.txt

Please post, or attach, the TDSSKiller log in your reply.

msw7 · 23 May 2013

I realize that this virus is not the muuxe.exe as mentioned earlier.

I can not detect what and where the virus is.

Or maybe someone get my wireless signal, hack its password and using my internet connection.

edee · 23 May 2013

This is a hard lesson to learn, hopefully you have.

If you are surfing the internet and are not downloading anything or installing anything on your pc and a popup box appears asking you for access to something ........ NEVER click ok, either "X" out of the pop up box or close the browser window, if the browser window won't close, force close it using the task manager. But NEVER ,EVER allow something access to your computer on the web unless you know EXACTLY what it is.

First thing I would do is listen to Cottonball's advice above, then on another CLEAN pc, change every single password you have.