InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2001. |
Solve : Strange Behavior? |
|
Answer» Who are you speaking to, Fed?Fed was TALKING to me. I don't know for sure that I am logged in as the administrator. I have my computer set up with me as an Admin. account. When I start the computer I get the welcome screen with my Screen name for the admin. account. I also have it set up, so I have to enter a password when the welcome screen comes on. Why didn't someone tell me I had to extract the hijackthis.exe file from the zipped folder? I began to think you could have been mistaken. Being unable to access your 'Users' makes it hard to check your Admin rights haven't been removed or altered too? I wonder if there's a prize for the longest RUNNING thread What I get out of it is the Admin. account is the only account that can download and install programs. I have been able to download and install stuff.From my computer (w2k) I'm not sure for xp... Quote Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applicationsMy computer says the same thing.do you have important FILES on this pc.......i recommend a re-install.......while disconnected from the net......and this may help you in the future>>tweak>>http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx.........dont touch comet cursor?/What would be considered important? I have some audio, and video files that I wouldn't want to lose. I have no way of saving the video files. Re-install what? Windows XP? How do I do that?I'm not sure that being able to download & install programs is any proof of being logged in as Admin with unrestricted access to your computer. Does anyone else have access to your computer who may have altered things in Users & Passwords? Can you remember if this problem started at the same time as the comet download or auto update thing or could these 3 things be totally unrelated? Re-installing xp is a sure fire way of fixing it but we will nevr know what the problem was, it's a matter for you.Nope, I'm the only person who touches this computer. I downloaded the Comet Cursor, but it wasn't working. So I decided to uninstall it. They have a special uninstall page to do that. I was able to install, using Netscape, so I chose to uninstall using Netscape. I was instructed to download the uninstaller, and that's when this problem occured. |
|
| 2002. |
Solve : Desk top icon not responding? |
|
Answer» Mouse is working, but nothing else is responding. Any ideas?Ummm, can you by any chance access anything in your CONTROL panel?Indy More Mouse is working, but nothing else is responding. Any ideas? Boot into safe MODE and do the following:
|
|
| 2003. |
Solve : Help me please!!!! unreadable EXE files? |
|
Answer» about an hour ago...completely randomly most of the programs on my computer stopped working. For some REASON almost all of the .exe files have become unreadable. For some reason none of these files can be opened |
|
| 2004. |
Solve : Update On Strange Behavior? |
|
Answer» Hey everybody! Just wanted to let you all know, my computer is fixed, and operating normally now. |
|
| 2005. |
Solve : file ext. changed!!? |
|
Answer» Please help! Most of the file ext. on my computer have changed to the .lnk ext. |
|
| 2006. |
Solve : horrible virus/spyware? |
|
Answer» You guys are my last hope! My dad's pc had SPYWARE so i run Bullguard which detected the following but cannot help me any further. |
|
| 2007. |
Solve : Firewall & AV tests? |
|
Answer» These are oldies but goodies, how do you rate? . It found my REAL Ip... I use the Micrsoft Sp2 Firewall... Is that a hazard?! That depends on what you would consider a hazard. If you mean using the SP 2 firewall. Yes, it is. If you mean that it could see your real IP adress, no. http://downloads.designtechnica.com/Internet/Web+browsers+and+tools/Anonymous+surfing/363454/Invisible+Browsing.html antir/personal edition free.........and sygate personal edition........and hidden in the armoury is sub-sevenQuote So confusing! lol See my sig...that's your Public IP. No...it's not being "hacked". If you didn't have a Public IP, how would all the bits, bytes, words and packets (i.e. 1's and 0's), find their way to you? It's like having your address on your mailbox so the mailman can find you and deliver your mail to you. Any help? Lookout Flame! Now everyone has got your IP address! ROTFLMAO!I just soiled myself! lol (Not for real. but I better check... lol ) [glb]Flame[/glb] |
|
| 2008. |
Solve : Re: very urgently needs help? |
|
Answer» Get your sister to telephone her friend & tell him someone has taken control of his account.Here's what to do... Get your "sis" to get on Yahoo! (the website), and change her password (if it has been changed). You can use the password recovery tool to reset it... Also, I would be interested to know if you can get this person's IP address for me... Such deeds can not go unnoticed you know... Such deeds can not go unnoticed you know... Actually, there is no cure for stupidity yet, so most deeds as described above are bound to go unnoticed. Quote Whoever it is needs to reset the password... I'm also still interested in the IP of the hacker/cracker if possible... Someone's feeling chivalrous today. thanks for ur replies.but flame and fed is there any other solution beside changing password.as my sis has already changed her password but things are same.she couldnt receive her friend messages nor her friend gets any. and for U raptor,if the same thing happened to u...then u would better know that such things are to be notice or note.but anyway ...i dont wish anything wrong for u. thanksQuote And for u raptor,if the same thing happened to u... When *censored* freezes over and pigs decide to fly, my friend... I'm feeling generous. Install the following applications and configure them properly. Pay particular attention to installing and configuring the firewall as it may be able to put a halt to the intruder his/her activities: AVG Free -- Anti virus scanner Adaware SE Personal -- Anti spyware scanner Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner ZoneAlarm Free -- Free firewall - more user friendly Sygate Personal -- Free firewall - more configuration options Quote
Not while I'm around... Quote Someone's feeling chivalrous today. WAIT now... I'm getting the impression that you THINK I'm doing something very different with that IP... I have a friend who's a cop in the Cybercrime field... I give the numbers to him, he investigates, and has the option to take actions.. What did you thought I did? [glb]Flame[/glb]Boasting, actually. I suggest that you do not ASK novice to relay through IP adresses as the IP adress used may not belong to the intruder. It may belong to a MACHINE also used by the intruder and you would most likely get someone in trouble that fell victim to ignorance.How did you come up with that? Seriously... My father's a judge... You meet people in the law system that way. I met the guy, and now when I see Cybercrime, why not report it? Could save another person from facing the same problem... [glb]Flame[/glb]thanks for both flame and raptor.fortunaltly enough...my sis found out her friend's old msn address,hope it will work out.but if there would be still any problem ...then i would like to contact for ur help. thanks againOk then! Come back for help if you have any more questions! [glb]Flame[/glb] |
|
| 2009. |
Solve : NEC.EXE? |
|
Answer» I have got a NEC.EXE PROGRAM running into my Win XP as soon as it finishis to boot. It TRUNS my antivirus off and don't let me to open the Task MANAGER to kill it's process. My Proxi (Zone Alarm) has AVOIDED it to contact external remote servers. So I think that I am still safe if I can remove the executable file. I would like to avoid reinstal de OS and all my stuff BACK. I format a disket with a DOS boot but I can only see A:/ drive after it.You my friend have a computer worm... :-/ See if this helps you... http://securityresponse.symantec.com/avcenter/venc/data/[emailprotected] ... |
|
| 2010. |
Solve : System shuts off during AV scan? |
|
Answer» check events log......control panel admin tools......run a virus scan in ......safe mode HOLD down the F8 on boot...it>YET! i WOULD advise to take the STRAIN of components.......alt+f4.......keys........and hibernate the laptop...... |
|
| 2011. |
Solve : Virus Issue?? |
|
Answer» I believe I have a virus on my laptop (win2000) and it appears my fonts have either been wiped out or changed. My fonts folder via Control Panel is empty so switching fonts isn't an option. It seems the default FONT is Windings and I cdan't change it. You need to reinstall your fonts then... The virus might be gone, but you need to restore your fonts, etc. now... thanks for the response Flame. The problem is the laptop was given to me and I don't have any of the discs. Is there anyway around this issue without the discs?Well, the easy thing to do would to just go buy a new OS, but that's not at ALL practical, so we'll save that for a last resort... Try running a Windows Update... [glb]Flame[/glb]not sure if this related, but i'm also receiving the following error msg when i boot up - Visal C++ Runtime Library Error! Program: C:\WINNT\system32\Psof1.exe 'This application has requested the Runtime to terminate it in an UNUSUAL way.' Can you download some fonts from the net to give you access to the computer, then download Hijackthis from http://www.hijackthis.de/index.php?langselect=english Run a scan then save the logfile and return to the above SITE to get your scan analysed. I expect you will be then DELETING the Psof1.exe entry among other things. |
|
| 2012. |
Solve : Hi guys, cant downlaod javascrpit?!:S? |
|
Answer» Hey, quick description of my problem OK! i want to be able to check an email but it wont ALLOW me to download java script because my securtiy settings wont let me, ive went to it and disabled my firewalls and it still wont let me, i dont know what else to do!?Enable COOKIES .... In IE: Click on Tools -> Internet Options -> Privacy -> and adjust your cookie settings... What is it on now? |
|
| 2013. |
Solve : How to determine if I have AVG anti-virus? |
|
Answer» I thot my brother installed AVG free, but I can't locate it. |
|
| 2014. |
Solve : Bad DHL scam. Banker.C virus? |
|
Answer» Quote A message to our customers about new virus Infostealer.Banker.C http://www.dhl-usa.com/custserv/servicealert.asp?id=1 Even tho DHL posted this awhile BACK, I just now received it in my OE mailbox wish today's date. If you get it, do not open it. |
|
| 2015. |
Solve : Can you explain this?? |
|
Answer» ok me and my friend were on our computer when suddenly everything just went crazy. Firefox kept reopening itself until i had 124 windows, the taskbar kept opening and closing, i clicked on the start menu and it kept typing (..)..(..)..(..)..(..).. ETC. and then it opened firefox and searched that. I NOTICED that it kept reopening everything else i opened (NORTON, my computer). it is a virus attack... have you noticed any files missing on your PC? how do you know ? what makes you think that ? let us all know "Virus attack" is what people call a Virus infection when they don't understand the concepts involved.I think the computer is broken. Quote from: Geek-9pm on October 20, 2009, 09:26:12 PM I think the computer is broken. great post geek , very helpful to delibrete Quote from: harry 48 on October 21, 2009, 12:28:16 PM great post geek , very helpful to delibrete Well, now that we got that far, we can start to eliminate things. Let's ask the OP to try and boot the system with a bootabel CD. Prfeferable a 'live' Linux, like Knoppix Ubuntu or Puppy. http://www.knoppix.net/ http://www.ubuntu.com/ http://www.puppylinux.org/ If it fails to boot, we have a hardware problem. Otherwise, Windows is messed up. (He needs a working system to load and burn the CD.) |
|
| 2016. |
Solve : Task mngr wont work. Logs are long so had to do in more than 1 post.? |
|
Answer» Hi guys. I am getting redirected all the time when surfing the web. Im afraid to use my pc for any banking or anything. The problem started as a problem with my McAfee security. i removed it and it all went downhill from there. I have a teenager and a younger CHILD using this pc so I am not sure what may have started the trouble. I am a novice so if I mess anything up let me know and I will try to correct it. |
|
| 2017. |
Solve : Trojan.Agent? |
|
Answer» Dear SD |
|
| 2018. |
Solve : Blue Screen of Death: Invalid work queue item? |
|
Answer» I posted yesterday about my spyware problems and today when I turned on my computer I got a blue screen of death that said Invalid_Work_Queue_Item. it then began dumping my physical memory which I then turned off my computer. Technical info said 0x00000096. I'm not sure what to do NEXT so if ANYONE could HELP I'd appreciate it.http://msdn.microsoft.com/en-us/library/ms795529.aspx |
|
| 2019. |
Solve : Help removing Trojan-spy.win32.agent.bahu? |
|
Answer» I am running windows 7 ultimate and my firefox 3.5.4 browser got hijacked apparently. I have tried all the usual things but I can not get any of them to run as the trojan is shutting them down before I can get any log files. I did USE Kapersky online and was able to determine what it was but now I can't get rid of it. Attached is the log file any HELP on how to proceed would be much appreciated. |
|
| 2020. |
Solve : Virus and spyware? |
|
Answer» Hey I'm sort of new to this so I could USE some advice as to how to clean my computer. I keep getting popups on the toolbar saying my AVG, Malware Anti-Bytes, and Superantispyware. exe are corrupt. Does this mean a virus has infected my anti-virus programs? If so, how do I fix this problem as every time I TRY to download them again, the webpage can't continue because it says my computer isn't protected. PLEASE HELP!!!!!Try to download any other ANTIVIRUS from a different computer and make a cd of it. Now uninstall the previous antivirus and install the new antivirus scanner and scan the entire system. If you were unable to install in noraml MODE then restart and switch to safemode and install there...... |
|
| 2021. |
Solve : Visited website, worms rootkits and trojans everywhere? |
|
Answer» I'm USING Bitdefender Total Security 2009. I'm using Bitdefender since 2006 with maintaining updates. I put aggressive protection to my system that no intruder can't attack my system.Quote from: ghelm23 on OCTOBER 23, 2009, 01:35:09 AM can you recommend a good antivirus that i can use together with Avira?Quote from: urbnchic on October 22, 2009, 10:26:26 PM I wasn't hijacking...I was trying to get help! please start your own topic you are not helping msu715 and you will get answers ============================================================== |
|
| 2022. |
Solve : On-demand virus scanner.? |
|
Answer» I'm looking for a On-demand (meaning it only RUNS when launched) that is moderatly fast. It also needs to be WINDOWS 98 compatible. |
|
| 2023. |
Solve : can't use hijack this and MBAM?? |
|
Answer» How is the computer running now?
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop CERTAIN cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the IMMUNIZE feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 2025. |
Solve : Gamevance program? |
|
Answer» This program, that I wish I'd never heard of is causing numberous popups and when I TRY to delete the program I get the message "Cannot delete gamevance32.exe. Access denied. Make sure the disk is not full or write-protected and that the file is not currently in USE" |
|
| 2026. |
Solve : Yahoo.com question? |
|
Answer» within the past few weeks sometimes my browser gets re-routed to http://m.www.yahoo.com/ when I type in and try going to http://www.yahoo.com/ |
|
| 2027. |
Solve : malwarebytes software? |
|
Answer» I have tried to down load malwarebytes to a computer. When I do and the INSTALATION is complete it says I have MISSING exe files. I have downloaded the malwarebytes to TWO other COMPUTERS and had no problem. Any suggestions.rename the MBAM .exe file and try to run it |
|
| 2028. |
Solve : Windows Police Pro removal attempt caused computer not to boot in normal mode? |
|
Answer» I ran Combo-Fix. I stepped away from the computer for a few minutes and when I came back it appeared to have rebooted in Normal mode! Progress! The bad news is that I didn't get the log. How should I proceed? Should I run Combo-Fix again to try to get the log? I see that when I logged in I got some messages about "bad boy" dll's not found (e. g. kukolare.dll) so I know I'm not out of the woods yet by any means. Also, would it be a good thing for me to create a boot.ini file? No! Please don't do anything until we get this sorted out. Look in C:\Combofix.txt and see if the log is there. If not, run Combo-Fix again. It should produce a log this time.Here is the log!! Keep in mind that as this is the 2nd execution of ComboFix you might not see some things you were expecting or hoping to see deleted. In particular I didn't see stuff being deleted from c:\windows\system32\schtml . In fact the reason I walked away from the computer last night was to go to another computer to find out what schtml was. Thanks for your help and for bearing with me. [SAVING space, attachment deleted by admin]Delete Combo-Fix from your desktop and download a new copy. BUT don not rename it this time! Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and CLICK OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: c:\program files\AskBarDis Registry:: [-HKEY_LOCAL_MACHINE\~\Browser HELPER Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=- [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeHere is the log. [Saving space, attachment deleted by admin]Ok we are looking good now. Let's do some cleanup and a final scan to make sure nothing was missed. * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- ESET Online Scan Scan your computer with the ESET FREE Online Virus Scan * Click the ESET Online Scanner button. * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop * Double click on the esetsmartinstaller_enu.exe icon on your desktop. * Place a check mark next to YES, I accept the Terms of Use. * Click the Start button. * Accept any security warnings from your browser. * Leave the check mark next to Remove found threats and place a check next to Scan archives. * Click the Start button. * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time. * When the scan completes, click List of found threats. * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply. * Click the <<Back button then click Finish. In your next reply please include the ESET Online Scan LogHere is the ESET scan log [Saving space, attachment deleted by admin]Looks good. How is the computer running now?It comes up in Normal mode OK and I don't think I'm getting any errors when I log in. I think my Norton Internet Security is seriously compromised as the icon is not in the startup tray or whatever that thing is called on the bottom right corner. When I select it from the menu or the desktop nothing happens. When I select Norton SystemWorks a box comes up that says something to the effect that the installation is corrupted and that I should uninstall it. I also notice that my screen saver isn't running, that is, my desktop is still showing after the computer has been sitting for several hours. I DISCONNECTED the network cable as soon as I was done with your instructions as I am concerned about not having a good antivirus installation (even though it didn't exactly come through in the clutch for me before). I have been out since very early this morning and so I haven't looked at my computer today. I am thinking that I will try reconfiguring my screen saver to see if that makes it work. I will then try to uninstall my Norton SystemWorks as it says to do. I will then DISCONNECT from the network if I am connected and uninstall my Norton Internet Security. I will then reinstall these products. Does this sound reasonable? Also, is there a product you would recommend if someone wants to do a one-time scan for viruses and malware when they are not seeing any symptoms of infection? Thanks you very very much for your help. Is there something I could do like making a token donation or something? Regards, Paul Karsh Yes reinstall Norton. Any other computer problems (non-malware) will need to be addressed in the Windows forum. Here are a few more suggestions.. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. OK. Thanks again for your help! I think I'm pretty much up-to-date on Windows updates (SP3+). I assume that after I reinstall Norton I'm good to go and can then work with the other products you suggested. Paul K. |
|
| 2029. |
Solve : Internet/videos keep hanging up? |
|
Answer» Hello, I am having problems with my internet constantly hanging up and freezing every few seconds. I download Sysprot but when I try to do that scan I get an error saying "Failed to start services. Needs to be run with admin privileges." I checked the security properties and it says I have full permission and I ran it as administrator but I keep getting that error. Did you run OTL?OTL [Saving space, attachment deleted by admin] |
|
| 2030. |
Solve : I got this Virus and Problem? |
|
Answer» I got a virus and did a scan with malwarebytes and Avast and came out with around 800, I Know that's alot. I got them cleaned out as far as malwarebytes and Avast can find. Now everytime I turn on pc i get a virus found by Avast in the location of C:\WINDOWS\system32\8.tmp. Everytime I remove it, it comes back as a different letter or number but its always has .tmp and its in the same location. |
|
| 2031. |
Solve : can't crack this virus/trojan/whatever it is!? |
|
Answer» I read the guidelines and stuff you're supposed to do BEFORE asking this question but I can't perform any. whenever I download an antivirus/antispyware/etc and try to run it I get a: "system file not suitable for running MS-DOS" thing. |
|
| 2032. |
Solve : Running better so far. Please help me complete this process? |
|
Answer» Hello, |
|
| 2033. |
Solve : Internet Explorer and Windows Messenger load slow.? |
|
Answer» Problem: IE and Windows Messenger took 30 minutes to load. When turn off computer got a number of "Program Not RESPONDING" messages including ccSvcHst. |
|
| 2034. |
Solve : multiple infections - tdss, braviax, antivirus pro 2010? |
|
Answer» I have a computer that when booted in NORMAL mode would only boot to a black screen with the mouse curser. I rebooted into safe mode and all icons and task bar loaded. I RAN msconfig to see what was running. Braviax and antivirus pro 2010 were listed. The internet will not work in regular or safe mode. I downloaded malwarebytes, spybot, and superantivirus on another computer, put them on a memory stick and put it in the infected computer. None of the programs would run without changing the SETUP file name. After I finally get the programs installed, I had to also change the name of the executable file to get the programs to run. Each program would run for about 5 seconds and then the window would close. When i tried to reopen the file I was told I didn't have permission to open the file. I looked online how to remode tdss. Everything that I could find about showing hidden devices, no tdss listed. I looked in windows\system and windows\system32 and no tdss files FOUND. I did a search for tdss and it found nothing. Then explorer.exe stopped loading EVEN in safe mode. I had to reboot and then in normal and safe mode I was getting BSOD when I clicked on the user name to load. Then I logged in as admin and ran SDFix. That got rid of the BSOD but explorer.exe still doesn't load. I ran combofix. Explorer.exe still doesn't work and internet still doesn't work in normal or safe mode. THe computer will now let me run malwarebytes and spybot. I ran both and malwarebytes found 0 infections and spybot found 1 infection for vurtuomond. I have Avira Antivir rescue cd and the only thing it is finding is SDFix. Does anyone have any idea how I can get the computer clean and operating normal? Any help would be greatly appreciated. |
|
| 2035. |
Solve : Can't run any anti-virus/spyware? |
|
Answer» Hello one and all, i left my girlfriend alone for 3 hours and the result is i can't run any antivirus or spyware programs and i get pop-ups from IE. I am RUNNING: |
|
| 2036. |
Solve : Blue Screen Dilemma? |
|
Answer» I have encountered a problem on my home computer....a blue screen that has shut my windows xp down. I have tried to find a solution on the internet but as i am not a computer wizard i wondered if anybody can help me? I would be so so grateful.What is the EXACT blue screen error?tells me windows has closed down to prevent my computer from damage....then goes on to say about a driver being identified in the stop message, disable driver or check for update. asks if i want to go to SAFE MODE....i have tried this but my computer will not let me. then says Technical Information: |
|
| 2037. |
Solve : Trojan. Agent? |
|
Answer» Hello, Sometime ago i was attacked with a trojan.agent. after scanning it with MBAM and deleted the File. It always returns after Deletion.. Am new to this, so i just followed the steps and will hopefully hear from you soon. |
|
| 2038. |
Solve : Trojan.Packed.NsAnti virus - please help? |
|
Answer» Hi
Important: Close all open windows EXCEPT for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- If you already have ComboFix be sure to delete it and download a new copy. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it) When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixHi I have done all this now, but because my Symantec AV is an enterprise one I couldn't disable the realtime scanner before doing the combofix scan. Here's the log: ComboFix 09-10-28.08 - pwesthuiz 29/10/2009 15:54.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1140 [GMT 0:00] Running from: c:\documents and settings\pwesthuiz\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\3n8awsyg.exe C:\autorun.inf C:\b00ijwpu.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\hjvjte.exe c:\temp\cvasds0.dll c:\temp\cvasds1.dll c:\windows\AegisP.inf ----- BITS: Possible infected sites ----- hxxp://as-ifh01 . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 ))))))))))))))))))))))))))))))) . 2009-10-29 16:01 . 2009-10-29 16:0153248----a-w-c:\temp\catchme.dll 2009-10-29 15:54 . 2009-10-29 15:54--------d-----w-c:\temp\WPDNSE 2009-10-28 21:22 . 2009-10-28 21:22--------d-----w-c:\program files\Trend Micro 2009-10-28 21:17 . 2009-10-29 12:14--------d-----w-c:\temp\hsperfdata_pwesthuiz 2009-10-28 21:17 . 2009-10-28 21:16411368----a-w-c:\windows\system32\deploytk.dll 2009-10-28 20:47 . 2009-10-28 20:47--------d-----w-c:\documents and settings\pwesthuiz\Application Data\Malwarebytes 2009-10-28 20:47 . 2009-09-10 14:5438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-28 20:47 . 2009-10-28 20:47--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-28 20:47 . 2009-10-28 20:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-10-28 20:47 . 2009-09-10 14:5319160----a-w-c:\windows\system32\drivers\mbam.sys 2009-10-28 19:14 . 2009-10-28 19:14--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-28 19:14 . 2009-10-28 19:14--------d-----w-c:\program files\SUPERAntiSpyware 2009-10-28 19:14 . 2009-10-28 19:14--------d-----w-c:\documents and settings\pwesthuiz\Application Data\SUPERAntiSpyware.com 2009-10-28 19:14 . 2009-10-28 19:14--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-10-28 19:00 . 2009-10-28 19:00--------d-----w-c:\temp\Google Toolbar 2009-10-28 18:53 . 2009-10-28 18:53--------d-----w-c:\program files\CCleaner 2009-10-27 04:14 . 2009-10-27 04:14--------d-----w-c:\documents and settings\pwesthuiz.Q16296.000\Local Settings\Application Data\Apple Computer 2009-10-27 04:14 . 2009-10-27 04:14--------d-----w-c:\documents and settings\pwesthuiz.Q16296.000\Application Data\FaxCtr 2009-10-27 04:14 . 2009-10-27 04:14--------d-----w-c:\documents and settings\pwesthuiz.Q16296.000\Application Data\Vodafone 2009-10-27 04:13 . 2008-01-30 14:2767480----a-w-c:\documents and settings\pwesthuiz.Q16296.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-13 20:14 . 2009-10-13 20:15--------d-----w-c:\program files\QuickTime 2009-10-13 20:12 . 2009-10-13 20:1232441648----a-w-C:\QuickTimeInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-29 04:38 . 2009-04-10 11:16--------d-----w-c:\documents and settings\pwesthuiz\Application Data\Chief Architect X1 2009-10-29 04:36 . 2008-01-29 14:33--------d-----w-c:\program files\Common Files\Symantec Shared 2009-10-28 22:10 . 2008-05-08 14:3340----a-w-c:\windows\system32\profile.dat 2009-10-28 21:16 . 2008-05-16 21:39--------d-----w-c:\program files\Java 2009-10-28 15:58 . 2008-05-10 21:14--------d-----w-c:\documents and settings\All Users\Application Data\Google Updater 2009-10-20 12:36 . 2008-06-08 06:42--------d-----w-c:\program files\TomTom HOME 2 2009-10-13 20:14 . 2008-09-28 15:43--------d-----w-c:\program files\Common Files\Apple 2009-09-25 14:42 . 2009-03-02 14:58103720----a-w-c:\documents and settings\pwesthuiz\GoToAssistDownloadHelper.exe 2009-09-14 18:11 . 2009-09-14 18:11--------d-----w-c:\program files\PrintKey2000 2009-09-01 03:57 . 2009-09-01 03:57--------d-----w-c:\documents and settings\pwesthuiz\Application Data\FaxCtr 2009-08-31 16:36 . 2009-08-31 14:50--------d-----w-c:\program files\Lexmark Toolbar 2009-08-31 16:02 . 2009-08-31 14:53--------d-----w-c:\program files\Abbyy FineReader 6.0 Sprint 2009-08-31 15:05 . 2009-08-31 14:49--------d-----w-c:\program files\Lexmark 3600-4600 Series 2009-08-31 14:59 . 2009-08-31 14:59--------d-----w-c:\documents and settings\pwesthuiz\Application Data\Lexmark Productivity Studio 2009-08-31 14:55 . 2009-08-31 14:53--------d-----w-c:\program files\Lexmark Fax Solutions 2009-08-31 14:54 . 2009-08-31 14:54--------d-----w-c:\documents and settings\All Users\Application Data\FaxCtr 2009-08-24 20:21 . 2009-08-24 20:218278155----a-w-C:\MameUI32_0.133.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-10 68856] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-07-31 65536] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-7-30 2158592] NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2008-5-8 73780] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-9-14 869376] Shortcut to Bginfo.lnk - c:\program files\BGinfo\Bginfo.exe [2008-1-29 290816] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 15:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-261903793-839522115-16738\Scripts\Logon\0\0] "Script"=creations_drive.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\lxdxcfg.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"= "c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"= "c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog "c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp "c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15/02/2007 17:00 26624] R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [08/05/2008 14:35 136760] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480] R2 BT Common Client;BT Common Client;c:\program files\BT Common Client\btomosrv.exe [01/07/2005 13:36 57344] R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [08/05/2008 14:35 536634] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [31/08/2009 14:56 98984] R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [27/09/2006 19:33 116464] R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [08/05/2008 14:34 36188] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [07/02/2007 17:00 3712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31/08/2009 16:54 102448] S3 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\drivers\btwsp50.sys [07/09/2004 14:42 17664] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [02/11/2004 17:33 17536] S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/03/2006 14:55 39424] S3 Lotus Domino Server (LotusDominoData);Lotus Domino Server (LotusDominoData);c:\lotus\Domino\nservice.exe =c:\lotus\Domino\NOTES.ini --> c:\lotus\Domino\nservice.exe =c:\lotus\Domino\notes.ini [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 00:28 47128] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 06:01 2799808] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 01:49 242712] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *NewlyCreated* - MBR *NewlyCreated* - PCIIDEX_2 *Deregistered* - CLASSPNP_2 *Deregistered* - mbr *Deregistered* - PCIIDEX_2 . Contents of the 'Scheduled Tasks' folder 2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-10-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 14:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.gmail.com/ mStart Page = hxxp://unicom uInternet Settings,ProxyServer = ukisa01:8080 uInternet Settings,ProxyOverride = 88.96.69.213;hxxp://88.96.69.213;http://147.2.*;147.2*;http://147.2*;unicom.uniquk.local; IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-29 16:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net disk.sys @ 0xBA158000 0x8E00 bytes \Driver\disk [ IRP_MJ_POWER ] 0xCD3F7EF3 != 0xA7EDBE21 aksfridge.sys \Driver\disk IRP hooks detected ! ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1276) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\netprovcredman.dll c:\windows\system32\igfxdev.dll . Completion time: 2009-10-29 16:03 ComboFix-quarantined-files.txt 2009-10-29 16:03 Pre-Run: 17,157,853,184 bytes free Post-Run: 17,206,132,736 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 7A5A6D09526018F22951FCF620ED672D Oh, and the problem that triggered me to write to you seems to be gone. Is this the end of the process? RegardsQuote from: Peedo on October 29, 2009, 10:16:31 AM Is this the end of the process? No. You had some pretty bad malware and we should make sure it is completely gone especially since this is a work computer. Is this yours? Quote [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-261903793-839522115-16738\Scripts\Logon\0\0] Download Rooter.exe to your desktop * Double click Rooter.exe to start the TOOL. * A DOS window will appear and show the scan progress. * Once complete a notepad file containing the report will open. * Copy & paste the results in your next reply. * Close notepad and Rooter will close. A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed). Hi Not sure what you mean by Quote Is this yours?. I do have a lotus notes application installed called Creations. I'll do what is best for the computer. Here is the Latest log: Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 2 [32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel . [wscsvc] STOPPED (state:1) : Security Center -> Disabled ! [SharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 7.0.5730.13 . C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:16 Go ) D:\ [CD_Rom] H:\ [Network] .. ( Total:74 Go - Free:16 Go ) N:\ [Network] .. ( Total:0 Go - Free:0 Go ) P:\ [Network] .. ( Total:0 Go - Free:0 Go ) V:\ [Network] .. ( Total:0 Go - Free:0 Go ) W:\ [Network] .. ( Total:0 Go - Free:0 Go ) Y:\ [Network] .. ( Total:0 Go - Free:0 Go ) . Scan : 17:39.40 Path : C:\Documents and Settings\pwesthuiz\Desktop\Rooter.exe User : pwesthuiz ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (1196) ______ \??\C:\WINDOWS\system32\csrss.exe (1248) ______ \??\C:\WINDOWS\system32\winlogon.exe (1276) ______ C:\WINDOWS\system32\services.exe (1320) ______ C:\WINDOWS\system32\lsass.exe (1332) ______ C:\WINDOWS\system32\svchost.exe (1492) ______ C:\WINDOWS\system32\svchost.exe (1592) ______ C:\WINDOWS\System32\svchost.exe (1640) ______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1820) ______ C:\WINDOWS\system32\svchost.exe (1908) ______ C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe (1924) ______ C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe (1996) ______ C:\WINDOWS\system32\svchost.exe (2024) ______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (420) ______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (452) ______ C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (864) ______ C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (908) ______ C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (1048) ______ C:\WINDOWS\system32\spoolsv.exe (1488) ______ C:\WINDOWS\System32\SCardSvr.exe (1536) ______ C:\WINDOWS\system32\svchost.exe (1744) ______ C:\Program Files\Citrix\ICA Client\ssonsvr.exe (1896) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (568) ______ C:\Program Files\Bonjour\mDNSResponder.exe (596) ______ C:\WINDOWS\Explorer.EXE (584) ______ C:\Program Files\BT Common Client\btomosrv.exe (640) ______ C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (652) ______ C:\WINDOWS\system32\DWRCS.EXE (792) ______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (984) ______ C:\WINDOWS\system32\hasplms.exe (2148) ______ C:\Program Files\Java\jre6\bin\jqs.exe (2236) ______ C:\WINDOWS\system32\taskswitch.exe (2260) ______ C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (2284) ______ C:\Program Files\DellTPad\Apoint.exe (2300) ______ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe (2332) ______ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (2356) ______ C:\WINDOWS\system32\lxdxcoms.exe (2368) ______ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (2388) ______ C:\Program Files\DellTPad\ApMsgFwd.exe (2440) ______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2484) ______ C:\Program Files\DellTPad\Apntex.exe (2508) ______ C:\Program Files\DellTPad\HidFind.exe (2516) ______ C:\WINDOWS\system32\hkcmd.exe (2544) ______ c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (2580) ______ C:\WINDOWS\system32\igfxpers.exe (2584) ______ C:\WINDOWS\system32\igfxsrvc.exe (2588) ______ C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (2668) ______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (2712) ______ C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe (2720) ______ C:\Program Files\Java\jre6\bin\jusched.exe (2820) ______ C:\Program Files\iTunes\iTunesHelper.exe (2888) ______ C:\Program Files\Winamp\winampa.exe (2904) ______ C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (2952) ______ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe (2980) ______ C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe (3004) ______ C:\WINDOWS\system32\DWRCST.exe (3088) ______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3128) ______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (3144) ______ C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (3200) ______ C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (3216) ______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (3384) ______ C:\WINDOWS\system32\StacSV.exe (3412) ______ C:\WINDOWS\system32\svchost.exe (3436) ______ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (3480) ______ C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe (3540) ______ C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (3608) ______ C:\Program Files\PrintKey2000\Printkey2000.exe (3628) ______ C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (3844) ______ C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (3896) ______ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (3932) ______ C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (3960) ______ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (4020) ______ C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (4080) ______ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (1984) ______ C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (2732) ______ C:\Program Files\iPod\bin\iPodService.exe (3044) ______ C:\WINDOWS\System32\alg.exe (4528) ______ C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (5572) ______ C:\WINDOWS\system32\ctfmon.exe (4900) ______ C:\Documents and Settings\pwesthuiz\Desktop\Rooter.exe (5680) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:98671104) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:99614720 | Length:79925608448) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\Google Software Updater.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 17:39.44 . H:\Rooter$\Rooter_1.txt - (29/10/2009 | 17:39.44) Everything looks OK now but I would suggest running the Kaspersky Lab Online Scanner just to be 100% sure.
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest IMMUNIZATIONS always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks a lot. I have reccommended your service to both my IT departments. Cheers PietYour welcome. Safe surfing... |
|
| 2039. |
Solve : i need a keylogger removed? |
|
Answer» i need a KEYLOGGER removed i d/load 6 /9 months ago , it is safe by the way i have had no problems and my pc is very clean i no longer need it but cannot find it to remove it , this is the web site , iwantsoft.com , or a link to it is below |
|
| 2040. |
Solve : computer won't boot: Can this be a virus?? |
|
Answer» Hello: I use an XP system and all was well. I shut down the computer properly, came back, turned it on, and the power button practically pops back out. Then, when it does turn on it stalls on the bios page and then goes to the black and white page and says it can't boot from disk, and can't boot from DVD |
|
| 2041. |
Solve : Norton 360 is being a *******? |
|
Answer» No, really: every time I try to extract this harmless .zip file, some program deletes the newly-extracted contents. I know it's safe, because I created the .vbp/.bas file on my desktop and I'm trying to get it to my netbook via email. I could download the .zip file fine, but extracting it is a *****. |
|
| 2042. |
Solve : My HiJackThis? |
|
Answer» I fear I need to use the HJT tool, and while I read your post about using the one within CH I have one already. It's on my desk top and when I use it I absolutely cannot highlight the results to show them here. I used the tool once before with CH's help but have forgotten the PATH to posting the results.
Thank you EF...I'll get back to this another day. Wait...you SAID to do a SCAN...okay do you mean click the scan button at the bottom of the page because I did a scan and save logfile to begin the plunge.Save the log to your desktop and attach it. How to attach logs in a post |
|
| 2043. |
Solve : Viruses preventing internet access? |
|
Answer» I recently started using a laptop that had not accessed the internet for a number of years and now have multiple viruses and malware. |
|
| 2044. |
Solve : When is it OK to execute the procedure in "Malware Help"?? |
|
Answer» Is it OK to execute the procedure described in "Read This Before Requesting Malware Help" when one does not have outward symptoms of a malware infection? I think one of my computers was attacked by malware but I may have foiled it by not executing any of the stuff it wanted to execute, turning the computer off, then booting it up under a recovery disk and doing a full system restore to a point before all this occurred. Sorry Harry, but ccleaner does nothing to "keep you pc clean". It is a personal choice, but not malware protection. quote from ccleaner ; CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans TRACES of your online activities such as your Internet history. Additionally it CONTAINS a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! quote from evils page Step 2: House Cleaning Download CCleaner Slim and save it to your Desktop - Alternate download link When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. * Double-click the CCleaner shortcut on the desktop to start the program. * Click on the Options block on the left, then choose Cookies. * Under Cookies to Delete, highlight any cookies you would like to retain permanently * Click the right arrow > to move them to the Cookies to Keep window. * Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours * Click Cleaner on the left then Run Cleaner on the right to run the program. * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner Caution: Only use the Registry feature if you are very familiar with the registry. Always back up your registry before making any changes. EXIT CCleaner after it has completed it's process. ================================================================================= it cleans out rubbish from your pc that is not needed harry . Harry - with all DUE respect to you and whoever posted that - I completely disagree. Ccleaner is fine if you want to use it (other than the registry cleaner module) , but serves no real purpose other than deleting Internet history - and that doesn't really serve any purpose either (unless you're trying to hide something from someone ). In any event, as I said above - it has nothing to do with malware.quote; In any event, as I said above - it has nothing to do with malware. yes i agree with this statement |
|
| 2045. |
Solve : Explorer.exe is not opening Period, probably a virus, more things not working...? |
|
Answer» This started happening about around Sunday morning, because Saturday night it was fine. When I turned my computer on (Gateway 503GR Windows XP SP2) the next morning (Sunday), there were no Icons, Taskbar/Startbar, nothing else except my wallpaper. I have seen this around the internet, but I feel like mine is different, one because I can't open explorer.exe through the task manager (which is the only thing that is a "workaround"), also I can't open any virus related programs...AVG, Malwarebytes, Hijackthis, etc. I am starting to get really concerned...I do not want to have to restart my computer to a point long ago and I feel like I will have to soon if I don't get this fixed the right way...The biggest thing is that I want to get AVG working. SOOoo how can I get this fixed...?Can you boot to safe mode? If so, run your malware scans from there (both with your AV and with MalwareBytes). If you cannot boot to safe mode, download a boot time av scanner from the web, BURN it to disc, and run a scan at boot.i'm having the same problem...but i can't even get a reading that says i can HOOK to the internet either,,i can't do system restore because it says it cannot protect my computor at this time,,i can't drop and drag pics,,my mouse still works...i have tried several different things suggested to me but none of them work,,,,,,don't know if the hardrive crashed or have a virus...the first thing i did notice is that my toolbar change and doesn't have any color anymore either...by that i mean the start button is now gray and used to be green,,and when i open my pics...will not let me minimize the window...it just disappears.....hope we can get some help on this...thanksWell, since you have the same problem and decided to post in this thread, perhaps you should follow the same advice I GAVE the original poster.thanks Allen...could you suggest a good one to download? |
|
| 2046. |
Solve : redirected? |
|
Answer» I get redirected when I OPEN a new tab in IE 7. Fir example if I search for "welding equipment" on google, then right CLICK the links to open in a neew tab, it will redirect to a differentr site. Either a scanning site or a shopping site for weldiong equipment. After a few attempts it will open to the correct site. This will happen about 3 of every 5 sites I try to open. I ran norton, SAS, Malwarebytes and HiJack this, and it still happens. I tried to RESTART in safe mode and I cant! O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 2) Perform a full scan with Malwarebyte as follows.Make sure it is updated before performing a scan. * Open Malwarebyte Antimalware.Under the "Scanner" tab, select "Perform Full Scan" and click "Scan".In the dialog box select all your drives except CD/DVD drives. * Now click "Start Scan". * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply. PLEASE NOTE: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. 3) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it * Double click RootRepeal.exe to start the program * Click on the Report tab at the bottom of the program window * Click the Scan button * In the Select Scan dialog, check: o Drivers o Files o Processes o SSDT o Stealth Objects o Hidden Services * Click the OK button * In the next dialog, select all drives showing * Click OK to start the scan The scan can take some time. DO NOT run any other programs while the scan is running * When the scan is complete, the Save Report button will become available * Click this and save the report to your Desktop as RootRepeal.txt * Go to File, then Exit to close the program *Attach this log in your next post. 4) Download DDS by sUBs to your desktop. Your antivirus software might question the file. If it does, allow it. * Double click DDS.scr to run it and wait for the scan to finish * When finished DDS.txt will open * A small while later, a prompt will open. Answer Yes * DDS will continue scanning * When done, Attach.txt will open Copy and paste the DDS.txt and attach Attach.txt |
|
| 2047. |
Solve : Re: SPAM? |
|
Answer» Quote from: harry 48 on November 01, 2009, 12:08:27 PM delete if you want to EVIL , if its OK with alan allanEvilfantasy was JOKING harry - he wants this thread up for OTHERS to see.Quote from: Allan on November 01, 2009, 12:14:59 PM Evilfantasy was joking harry - he wants this thread up for others to see. ok |
|
| 2048. |
Solve : Viruses and stupidity have killed my computer? |
|
Answer» Ok, my boyfriend is going to kill me. I was told to download bootsafe, and now I can't even get the computer to turn on. And I keep getting a floppy disk 40 error. You can't turn on the computer but you get an error? Do you have the install CD? |
|
| 2049. |
Solve : Blue Screen then comp restarts!? |
|
Answer» Ok, probably in wrong SECTION, but when I turn on my comp normally it gets to the loading windows xp screen then a blue screen appears for about a sec and the comp restarts. I can open comp in safe mode, but what can I do now? I've done a system restore back like 5 days ago when it wasn't happening, but that didn't work! |
|
| 2050. |
Solve : Banner virus? |
|
Answer» I removed this virus w/malwarebytes and it works when i restart but comes back. |
|