Terrible Case of "Stealth Malware" Targeted Spy - PICTURE AT BOTTOM

I have been a victim of Stealth Malware

I've Tried many security tools - Av, Anti trojan, Anti malware, Pervx, Wireshark

YOU NAME IT! I TRIED IT

It appears to me someone has been spying on me? ATX3 HOW DO YOU KNOW THIS>

Someone has logged into my rapidshare account - They have uploaded and downloaded files - But they have not changed the pass

I am not lying - I am religious - I SWEAR TO GOD IT HAPPENED


Now recently i received some advice about explorer.exe and ending it and Restarting it and scanning for something

Here is what i found

I've heard about RATS hiding in ADS STREAM - But the problem is i never found this

I had to go a list of steps to find this thing



This is very bad -As i have no clue how i even got this on my pc - I only use my computer

I am very lucky - That the stupid spy logged into my account - Now i feel good because i was IN THE DARK before.

Thank you Lord for shedding some light


EDIT- i restarted my pc - Scanned again - And i didn't find it - Looks like i have to try those special steps again

I want to Get this piece of **** On my pc -

I take **** from no one - I want to know what this malware is

 

The CLSID came up in a reference to trojan.Gromozon:

http://forum.wininizio.it/lofiversion/index.php/t69784.html
Post by milanforever 13/06/07, 11:33

If the above relates to you, then this reference in the same thread:

Gromozon Rootkit Removal Tool
http://info.prevx.com/gromozon.asp?sessionid=FD6F093B-2156-4D34-86F6-E1CA4668FF5D


----
rich

 

Seconded give the PrevX Gromozon tool a run out because it has a sweet side effect of munching a wide range of trojans that are running in ADS.

BTW atx3 are you Italian as Gromozon has been Italian IP specific for some time.

If the Gromozon tool dose not work then we can import the forensic tools to dig deeper.

If the Gromzon tool rips out the trojan then it is time to change all passwords,both online and on the computer.

All the best!

 

I am From NewYork - United states

It seems to me that this grozmon is being used with other malware - Seems like a combination

Because in my rapidshare ip log - The spier's ip address is Canada

Arin whois traces the ip to - VIDEOTRON - QUEBEC CANADA

They have used my account - uploaded and downloaded but have not changed the password.

Heh so what else can i do.

Those tools aren't working

 

Since Wilders no longer offers one on one cleaning services, I'm afraid we're going to have to refer you to one of the security forums that has active Spyware Cleaning services available.

Read the following thread and choose one of the forums listed in it, join there and they should be able to assist you:

https://www.wilderssecurity.com/showthread.php?t=42148

I would also suggest that if this is you at the DSLreports Security forum that you consider the suggestion made in your thread to post in their Security Cleanup Forum for assistance.

Bubba

 

THIS SUCKS!

No one can help>

Heh looks like you're all simple and cannot hunt advanced malware.

Laterz. This place servers no purpose As you all have no clue or skills at all when it comes to malware

Keep on using lame hijackthis and all those silly foolish tools

And when Stealth malware hits you, you'll be in the dark 100% until someone has stolen and caused identity theft against you

 

Not the case at all but at the end of the day Bubba has directed you to specialized help forums for further assistance(take it or leave it).

At that point if i brought in further diagnostic tools/routines etc it would be going against him and the forum TOS.

Now if you seriously want assistance etc then search out sysinternals forum and post in their malware forum there.I can work my foo from there