InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Trojan windows restore, help me??? |
|
Answer» I´m sorry here comes the content in combifix
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique NAME, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here it comes!! First ESATScan C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application And then log file: [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-22 06:00:47 # local_time=2011-04-22 08:00:47 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 413705 413705 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15544525 0 0 # compatibility_mode=6401 16777214 66 100 429237 1405199 0 0 # compatibility_mode=8192 67108863 100 0 283 283 0 0 # scanned=104932 # found=5 # cleaned=0 # scan_time=2383 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (unable to clean)00000000000000000000000000000000I C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I I didnot let the ESETScan erase the treats. Do you recommend that??Quote from: gripenfighter on April 22, 2011, 12:08:38 PM I didnot let the ESETScan erase the treats. Do you recommend that??Yes. That the reason for running ESET. Please post the log when finished.Here is the log: C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver applicationdeleted - quarantined C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038147.exea variant of Win32/RegistryReviver applicationdeleted - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038148.exea variant of Win32/1AntiVirus applicationdeleted - quarantined And here is the other one: [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-22 06:00:47 # local_time=2011-04-22 08:00:47 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 413705 413705 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15544525 0 0 # compatibility_mode=6401 16777214 66 100 429237 1405199 0 0 # compatibility_mode=8192 67108863 100 0 283 283 0 0 # scanned=104932 # found=5 # cleaned=0 # scan_time=2383 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (unable to clean)00000000000000000000000000000000I C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-23 11:55:43 # local_time=2011-04-23 01:55:43 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 480135 480135 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15610955 0 0 # compatibility_mode=6401 16777214 66 100 495667 1471629 0 0 # compatibility_mode=8192 67108863 100 0 66713 66713 0 0 # scanned=28290 # found=0 # cleaned=0 # scan_time=450 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-24 05:39:49 # local_time=2011-04-24 07:39:49 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 585237 585237 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15716057 0 0 # compatibility_mode=6401 16777214 66 100 600769 1576731 0 0 # compatibility_mode=8192 67108863 100 0 171815 171815 0 0 # scanned=102885 # found=7 # cleaned=7 # scan_time=2393 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (deleted - quarantined)00000000000000000000000000000000C C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (deleted - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038147.exea variant of Win32/RegistryReviver application (deleted - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038148.exea variant of Win32/1AntiVirus application (deleted - quarantined)00000000000000000000000000000000C That looks great. How's your computer running now?Hello again! My computer works fine after I followed your instructions. It appears that you have eliminated viruses / trojans. I'm just wondering over some things. Under the program icon in the start bar, it seems still there are no programs located there except the ones we have installed during the cleanup process. I can nevertheless see all the programs in place under Add or remove program bar in the controlpanel, so it seems like they are still located on my computer but not appears under the program bar. Likewise, I can not FIND any document under for example Christian Documents or Guest Dokument on disk C. In addition, the icons Christian Dokument, Guest dokument located on the C looks like they appears in a brighter tone of colour. Do you know how a can restore this problem? Do you know how to get the programs and datafiles back into the right place ? Christian Ok. There is nothing that we did that would cause that sort of problem with the taskbar. Perhaps you could post this question in the software forum. Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your TEMPORARY internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ********************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you INTERACT with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Hi again, My computer still works after your helpful help thank you. But I have to ask you one question. After we had done all cleanup-sessions on my system suddenly I can find accessories under Start - program. Before we started the cleanup process I couldnot find systemrestore program and we tried to find it with some kind of test but we didnt. Now it seems like I got back the systemrestore program with system restore points all the way back in march. Do you know if there is a good thing to restore my system from an early date in march to get the system back in shape it was before the infection or should I let the computer runs from where it is today??? I mean I dont want to destroy my system after all help I got from you. What do you think about it?? ChristianQuote Now it seems like I got back the systemrestore program with system restore points all the way back in march. Do you know if there is a good thing to restore my system from an early date in march to get the system back in shape it was before the infection or should I let the computer runs from where it is today??? I mean I dont want to destroy my system after all help I got from you. What do you think about it??When you uninstall ComboFix using the method I outline it should have wiped out all the restore points and gave you a new, clean point. |
|