Solve : Re-appearing Trojans?

1.	Solve : Re-appearing Trojans?
Answer» I couldn't get any password prompt on either website, they both showed a 'could not display' page. I COPY and pasted both links and clicked on the hyperlink which was just http://192.168/ and got the same result.Go to Start > Run, type in CMD and hit OK. Type in the following, then post the log from it. ipconfig /all > log.txt && log.txt Windows IP Configuration Host Name . . . . . . . . . . . . : Erickson-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0) Physical Address. . . . . . . . . : 00-1A-80-7A-36-7F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-1D-E0-4D-91-E9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::685d:2900:e3ea:3d68%8(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, October 07, 2010 9:12:07 PM Lease Expires . . . . . . . . . . : Monday, October 11, 2010 9:01:44 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 218108904 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-0D-65-5B-00-1A-80-7A-36-7F DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 30: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{EC35506C-B677-4D18-B600-6F2E65C71A93} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 15: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 16: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 20: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 21: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{58B02553-AABA-4F26-8771-44087050ACBA} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 23: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 24: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Please run the F-Secure Online Scanner Follow the Instruction Here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply. I've ran it three times now and everytime I've had to leave while it was running and it restarts the computer before I get back to it so I haven't been able to see the log file. We did get to the automatic cleanup and let it run from there though, so the stuff got fixed I just don't know what it is. This won't save the log file anywhere on the computer will it?Did it say it removed anything? It may not post a log, if it didn't remove anything.I know the second one found 5 Malware but I'm not sure other than that. Please use Internet Explorer and run a BitDefender Online scan Please check I agree with the Terms and Conditions and click Start Here You will need to allow an Active X install for the scan to run. Leave the scanning options at default and click Start Scan Please post the results in your next reply.When I click on Start Scan, it brings up another window that asks to agree with terms and conditions and I click on it. Then it asks to allow Active X (which never is prompted) and then to click 'Install' to install the program (which is prompted). I click on Install, it refreshes it back to asking to agree with the terms and conditions. I'm not sure if that's a problem with my server or the site.Arghhhhhhhh ESET Online Scan Please run a free online scan with the ESET Online Scanner Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the OPTION Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Sorry it took so long to get back to you, crazy couple of weeks. I finall got the scanner to download and it didn't end up finding anything. Some things I've tried in the meantime is downloading Norton 360, which doesn't find the two trojans that are still periodically being found by SAS. I also updated to IE9 Beta, I'm not sure if this is goofy to start with but it LIKES to stop working a lot and it'll flash back to a previous page while loading a new one. I don't think that has anything to do with it but I figured I'd mention it to make sure. I think my computer was accessed again a few days ago, there were web sites that neither my wife or myself has visited and some settings in Norton that had changed. We started to disconnect the internet while we're not using it and put a password on Norton. If you know of anything else we could do to make it more secure, it would be a huge help. ThanksThis topic has GONE on long enough. Please start a new topic.

Answer»

I couldn't get any password prompt on either website, they both showed a 'could not display' page. I COPY and pasted both links and clicked on the hyperlink which was just http://192.168/ and got the same result.Go to Start > Run, type in CMD and hit OK.

Type in the following, then post the log from it.

ipconfig /all > log.txt && log.txt
Windows IP Configuration

Host Name . . . . . . . . . . . . : Erickson-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1A-80-7A-36-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-4D-91-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::685d:2900:e3ea:3d68%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, October 07, 2010 9:12:07 PM
Lease Expires . . . . . . . . . . : Monday, October 11, 2010 9:01:44 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218108904
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-0D-65-5B-00-1A-80-7A-36-7F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EC35506C-B677-4D18-B600-6F2E65C71A93}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{58B02553-AABA-4F26-8771-44087050ACBA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please run the F-Secure Online Scanner

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

I've ran it three times now and everytime I've had to leave while it was running and it restarts the computer before I get back to it so I haven't been able to see the log file. We did get to the automatic cleanup and let it run from there though, so the stuff got fixed I just don't know what it is. This won't save the log file anywhere on the computer will it?Did it say it removed anything?

It may not post a log, if it didn't remove anything.I know the second one found 5 Malware but I'm not sure other than that. Please use Internet Explorer and run a BitDefender Online scan

Please check I agree with the Terms and Conditions and click Start Here
You will need to allow an Active X install for the scan to run.
Leave the scanning options at default and click Start Scan

Please post the results in your next reply.When I click on Start Scan, it brings up another window that asks to agree with terms and conditions and I click on it. Then it asks to allow Active X (which never is prompted) and then to click 'Install' to install the program (which is prompted). I click on Install, it refreshes it back to asking to agree with the terms and conditions. I'm not sure if that's a problem with my server or the site.Arghhhhhhhh

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the OPTION Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Sorry it took so long to get back to you, crazy couple of weeks. I finall got the scanner to download and it didn't end up finding anything. Some things I've tried in the meantime is downloading Norton 360, which doesn't find the two trojans that are still periodically being found by SAS. I also updated to IE9 Beta, I'm not sure if this is goofy to start with but it LIKES to stop working a lot and it'll flash back to a previous page while loading a new one. I don't think that has anything to do with it but I figured I'd mention it to make sure.

I think my computer was accessed again a few days ago, there were web sites that neither my wife or myself has visited and some settings in Norton that had changed. We started to disconnect the internet while we're not using it and put a password on Norton. If you know of anything else we could do to make it more secure, it would be a huge help. ThanksThis topic has GONE on long enough. Please start a new topic.

Solve : Re-appearing Trojans?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment