OK, so it all started yesterday, when someone, somehow managed to hack into my electronic bitcoin wallet and relieve me of every last Bitcoin practically before my very eyes.
I then scanned my computer and external storage devices using Avast, which revealed the win32:malware-gen virus.
I removed the virus to the virus chest.
I then explicitly followed this guide to removing the malware:
http://www.im-infected.com/trojan/win32malware-gen.html
However, after removing the virus to the chest all the scans failed to find any malicious items.
Since then I have completed a full secure erase of my Samsung SSD drive using Parted Magic, then a full clean install of windows 8, using my win8 boot USB.
(note: the win8 boot usb was one of the external devices discovered to have the win32:malware-gen on it. The malware was removed to the virus chest and subsequent scans detailed in the iminfected.com guide failed to find any malicious items.)
After the clean win8 install, I rescanned all drives using avast and Malwarebytes. Up to this point both programs report no malicious items.
BUT...
I then began to reinstall my basic programs, browser and drivers. After installing Utorrent 2.2.1, Malwarebytes began to report multiple 'blocked access to a potentially harmful site' messages.
I panicked, uninstalled Utorrent, did a full scan with avast and Malwarebytes, and was relieved to find no malicious items.
I then reinstalled utorrent 2.2.1 and again began to recieve the 'blocked access to a potentially harmful site' messages. They seem to be linked to Avast and Utorrent.
Here is a copy/paste of my Malwarebytes log:
2013/09/22 01:33:54 +0930 INSPIRON15RSE James IP-BLOCK 109.236.82.166 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:35:22 +0930 INSPIRON15RSE James IP-BLOCK 31.133.45.210 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:55:31 +0930 INSPIRON15RSE James IP-BLOCK 213.186.115.236 (Type: outgoing, Port: 49729, Process: utorrent.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52795, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52796, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52798, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52799, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52801, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52802, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52805, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52804, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52807, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52808, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52810, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52811, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52813, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52812, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52815, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52816, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52822, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52823, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52827, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52828, Process: avastsvc.exe)
After money was stolen from my online wallet yesterday. I have become extremely worried. I have frozen my online banking accounts and tried everything in my limited technological power to solve the problem.
In my desperate search for info online, I found this forum which seems to have numerous examples of people with technological expertise assisting other people like myself experiencing this very same problem. I am humbly hoping someone can do the same for me.
I am willing to do anything at this point to ensure my system is secure, if anyone can assist me I would be immensely grateful.
Regards
meljamisl
I then scanned my computer and external storage devices using Avast, which revealed the win32:malware-gen virus.
I removed the virus to the virus chest.
I then explicitly followed this guide to removing the malware:
http://www.im-infected.com/trojan/win32malware-gen.html
However, after removing the virus to the chest all the scans failed to find any malicious items.
Since then I have completed a full secure erase of my Samsung SSD drive using Parted Magic, then a full clean install of windows 8, using my win8 boot USB.
(note: the win8 boot usb was one of the external devices discovered to have the win32:malware-gen on it. The malware was removed to the virus chest and subsequent scans detailed in the iminfected.com guide failed to find any malicious items.)
After the clean win8 install, I rescanned all drives using avast and Malwarebytes. Up to this point both programs report no malicious items.
BUT...
I then began to reinstall my basic programs, browser and drivers. After installing Utorrent 2.2.1, Malwarebytes began to report multiple 'blocked access to a potentially harmful site' messages.
I panicked, uninstalled Utorrent, did a full scan with avast and Malwarebytes, and was relieved to find no malicious items.
I then reinstalled utorrent 2.2.1 and again began to recieve the 'blocked access to a potentially harmful site' messages. They seem to be linked to Avast and Utorrent.
Here is a copy/paste of my Malwarebytes log:
2013/09/22 01:33:54 +0930 INSPIRON15RSE James IP-BLOCK 109.236.82.166 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:35:22 +0930 INSPIRON15RSE James IP-BLOCK 31.133.45.210 (Type: outgoing, Port: 25334, Process: utorrent.exe)
2013/09/22 01:55:31 +0930 INSPIRON15RSE James IP-BLOCK 213.186.115.236 (Type: outgoing, Port: 49729, Process: utorrent.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52795, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52796, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52798, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52799, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52801, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52802, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52805, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52804, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52807, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52808, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52810, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52811, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52813, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 217.23.9.122 (Type: outgoing, Port: 52812, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52815, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52816, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52822, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 195.3.147.99 (Type: outgoing, Port: 52823, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52827, Process: avastsvc.exe)
2013/09/22 07:39:09 +0930 INSPIRON15RSE James IP-BLOCK 109.163.227.73 (Type: outgoing, Port: 52828, Process: avastsvc.exe)
After money was stolen from my online wallet yesterday. I have become extremely worried. I have frozen my online banking accounts and tried everything in my limited technological power to solve the problem.
In my desperate search for info online, I found this forum which seems to have numerous examples of people with technological expertise assisting other people like myself experiencing this very same problem. I am humbly hoping someone can do the same for me.
I am willing to do anything at this point to ensure my system is secure, if anyone can assist me I would be immensely grateful.
Regards
meljamisl