InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 2551. |
Solve : resident shield pop-up and av2009 virus? |
|
Answer» You're very welcome. Just TRY out a few different ONES and I'm sure you'll find one that's APPROPRIATE for them. |
|
| 2552. |
Solve : question about quarantined files/programs? |
|
Answer» Quote from: evilfantasy on January 22, 2009, 06:51:24 PM thanks. will reply tomorrow!Okay... bringing you up to date. I followed the prior steps and found disabled everything including teatimer. only question.. i disabled AviraAntivirus, teatimer S&D, and diabled my firewall. Malewarebytes and SuperAntispy had no options to disable realtime etc.. Well SAspy did but since i have the free version it dosent allow me to enable it for realtime... So thats all i could find to disable while running ComboFix. Also my internet connection dropped during the ComboFix run and it prompted me to reconnect. I did so and it completed. Just throwing that out there. below are my logs from ComboFix. ComboFix 09-01-21.04 - Gary Hamlett 2009-01-23 8:52:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.588 [GMT -5:00] Running from: c:\documents and settings\Gary Hamlett\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-22 09:01 . 2009-01-22 09:03d--------c:\program files\Trend Micro 2009-01-21 23:38 . 2009-01-21 23:38d--------c:\program files\Malwarebytes' Anti-Malware 2009-01-21 23:38 . 2009-01-21 23:38d--------c:\documents and settings\Gary Hamlett\Application Data\Malwarebytes 2009-01-21 23:38 . 2009-01-21 23:38d--------c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-21 23:38 . 2009-01-14 16:1138,496--a------c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-21 23:38 . 2009-01-14 16:1115,504--a------c:\windows\system32\drivers\mbam.sys 2009-01-21 17:51 . 2009-01-21 17:51d--------c:\program files\SUPERAntiSpyware 2009-01-21 17:51 . 2009-01-21 17:51d--------c:\documents and settings\Gary Hamlett\Application Data\SUPERAntiSpyware.com 2009-01-21 17:51 . 2009-01-21 17:51d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-21 17:50 . 2009-01-21 17:50d--------c:\program files\Common Files\Wise Installation Wizard 2009-01-21 17:30 . 2009-01-21 17:30d--------c:\program files\CCleaner 2009-01-21 16:44 . 2009-01-21 16:44d--------c:\program files\Avira 2009-01-21 16:44 . 2009-01-21 16:44d--------c:\documents and settings\All Users\Application Data\Avira 2009-01-19 13:01 . 2009-01-19 13:00410,984--a------c:\windows\system32\deploytk.dll 2009-01-18 22:49 . 2009-01-22 10:45d--------c:\documents and settings\Gary Hamlett\Application Data\HPAppData 2009-01-13 20:00 . 2009-01-13 20:00d--------c:\documents and settings\Gary Hamlett\Application Data\HP 2009-01-10 21:20 . 2009-01-10 21:20d--------c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-01-10 21:19 . 2009-01-10 21:19d--------c:\program files\Hewlett-Packard 2009-01-10 21:19 . 2009-01-10 21:19d--------c:\program files\Common Files\HP 2009-01-10 21:19 . 2009-01-10 21:19d--------c:\program files\Common Files\Hewlett-Packard 2009-01-10 21:19 . 2009-01-10 21:20d--------c:\documents and settings\All Users\Application Data\HP 2009-01-10 21:18 . 2009-01-10 21:18d--------c:\windows\yellowtail 2009-01-10 21:18 . 2009-01-10 21:18d----c---c:\windows\system32\DRVSTORE 2009-01-10 21:18 . 2007-11-06 21:041,373,528-ra------c:\windows\hpzshl01.exe 2009-01-10 21:18 . 2007-11-06 21:151,140,056-ra------c:\windows\hpzmsi01.exe 2009-01-10 21:18 . 2008-01-07 09:1010,563-ra------c:\windows\hpwscr19.dat 2009-01-10 21:17 . 2009-01-10 21:20d--------c:\program files\HP 2009-01-10 21:17 . 2008-04-13 14:4725,856--a------c:\windows\system32\drivers\usbprint.sys 2009-01-10 21:17 . 2008-04-13 14:4725,856--a------c:\windows\system32\dllcache\usbprint.sys 2009-01-10 21:14 . 2009-01-10 21:54176,379--a------c:\windows\hpwins19.dat 2009-01-10 21:14 . 2008-01-07 09:08997-ra------c:\windows\hpwmdl19.dat 2009-01-01 00:27 . 2007-10-17 15:351,299,520--a------c:\windows\system32\drivers\WMP110.sys 2009-01-01 00:27 . 2007-10-29 23:34405,583--a------c:\windows\system32\jswscsup.dll 2009-01-01 00:27 . 2003-10-13 00:3094,208--a------c:\windows\system32\GTW32N50.dll 2009-01-01 00:27 . 2007-08-28 21:4657,344--a------c:\windows\system32\jswscimd.sys 2009-01-01 00:27 . 2007-08-28 21:4657,344--a------c:\windows\system32\drivers\jswscimd.sys 2009-01-01 00:27 . 2003-09-25 08:2831,930--a------c:\windows\system32\GTNDIS3.VXD 2009-01-01 00:27 . 2007-09-21 12:0927,298--a------c:\windows\system32\jswscimdp.cat 2009-01-01 00:27 . 2007-09-21 12:0926,869--a------c:\windows\system32\jswscimd.cat 2009-01-01 00:27 . 2009-01-01 00:2721,035--a------c:\windows\system32\drivers\AegisP.sys 2009-01-01 00:27 . 2003-09-25 07:1515,872--a------c:\windows\system32\GTNDIS5.sys 2009-01-01 00:27 . 2007-08-28 21:455,529--a------c:\windows\system32\jswscimdp.inf 2009-01-01 00:27 . 2007-08-28 21:452,231--a------c:\windows\system32\jswscimd.inf 2009-01-01 00:26 . 2009-01-01 00:26d--------c:\program files\Linksys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 13:12---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-21 21:32---------d-----wc:\program files\Dell 2009-01-21 21:29---------d-----wc:\documents and settings\All Users\Application Data\Viewpoint 2009-01-21 21:03---------d-----wc:\documents and settings\All Users\Application Data\McAfee.com 2009-01-21 19:41---------d-----wc:\documents and settings\All Users\Application Data\Kodak 2009-01-19 18:00---------d-----wc:\program files\Java 2009-01-19 17:30---------d-----wc:\program files\Yahoo! 2009-01-19 17:28---------d-----wc:\program files\Kodak 2009-01-19 17:25---------d-----wc:\program files\Common Files\Corel 2009-01-19 17:12---------d-----wc:\program files\AdvancedEnhancer 2009-01-01 05:26---------d--h--wc:\program files\InstallShield Installation Information 2009-01-01 04:30---------d-----wc:\program files\Common Files\Adobe 2008-12-14 08:08---------d-----wc:\program files\Spybot - Search & Destroy 2008-12-13 06:403,593,216----a-wc:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57333,952----a-wc:\windows\system32\drivers\srv.sys 2008-12-11 10:57333,952------wc:\windows\system32\dllcache\srv.sys 2008-12-01 15:244,184--sha-wc:\windows\system32\KGyGaAvL.sys 2008-10-24 11:21455,296------wc:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36286,720----a-wc:\windows\system32\gdi32.dll 2008-10-23 12:36286,720------wc:\windows\system32\dllcache\gdi32.dll 2006-11-09 20:45251----a-wc:\program files\wt3d.ini 2008-08-30 11:3388--SH--rc:\windows\system32\F35501B0EF.sys 2008-08-31 01:1632,768--sha-wc:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-07 4670968] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "WMP110"="c:\program files\Linksys\WMP110\WMP110.exe" [2008-02-27 962560] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecuteREG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-01-01 57344] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] R3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\WMP110.sys [2009-01-01 1299520] R4 GTWPSService;GTWPSSRV;c:\program files\Linksys\WMP110\gtwpssrv.exe [2009-01-01 34816] R4 WLSng Service;WLSng Service;c:\program files\Linksys\WMP110\WLSngS.exe [2009-01-01 233472] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Linksys\WMP110\jswpsapi.exe [2009-01-01 352338] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e3929e-40ed-11dc-8707-001372233781}] \Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure20.exe . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.wildblue.net mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: partypoker.com\www Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Gary Hamlett\Application Data\Mozilla\Firefox\Profiles\yd6w8dcv.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.wildblue.net/ FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref("network.proxy.type", 2); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 08:53:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-01-23 8:56:22 ComboFix-quarantined-files.txt 2009-01-23 13:56:10 Pre-Run: 217,746,849,792 bytes free Post-Run: 217,732,108,288 bytes free 186--- E O F ---2009-01-18 08:02:13 Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- How is the computer running now?Quote from: evilfantasy on January 23, 2009, 09:46:44 AM Go to Start > Run and type notepad.exe then click OK okay. completed that. will see how everything is running from now on and keep you posted. thanks so far. hopefully this helpsMight as well do some cleanup steps now.
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox. With more than 15,000 improvements, Firefox 3 is faster, safer and smarter than EVER before. For Internet Explorer 7 users there is IE7Pro. IE7Pro is a must have add-on for Internet Explorer, which includes a lot of features and tweaks to make your IE friendlier, more useful, more secure and customizable. To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Quote from: evilfantasy on January 23, 2009, 03:49:14 PM Might as well do some cleanup steps now.okay. i will run these in the morning. Also any particular way i should have my malwarebyte, SuperAntivirusBlock, and ANTIVIRUS should be set up. I made the changes to preferences as suggested when i downloaded them. My antivirus is enabled as my firewall is too.. just wondering. Also how often should I run them all and how often should i update them. just looking for the correct actions to take once i'm back to normal.. thanks for all the help. **edit*** i overlooked you link to keeping safe while on internet...! checking it out now!I usually switch up running either SAS or MBAM. You shouldn't need to do anything to them, just run one or the other every few weeks. Okay i've run the Secunia scan on my system. it keeps bringing up updates that i need. for example Adobe 4x was detected and needs updating.. while i've updated to Adobe 8x and got a check beside that one it keeps SAYING i need to update the 4x. the same thing with Macromedia flash player.. here is a cut and past of the screen below [attachment deleted by admin]Do this to remove all unstable older versions of Flash. Download the Flash Player Uninstaller and save it to your desktop. Run the uninstaller program and then reboot your computer to complete the uninstall. Download and install the latest version of Flash PlayerQuote from: evilfantasy on January 27, 2009, 11:17:09 AM Do this to remove all unstable older versions of Flash.I uninstalled and then downloaded the new version. the adobe flash player is updated but i still get issues with Macromedia flash player. I downloaded that new patch only to see its a adobe file... i dont understand it. see attachment for what i'm looking at. I guess I just dont understand the Secunia web site. Its doing the same thing with Adobe Reader. It keeps bringing up that I need newer versions. Versions that i have. Should I be uninstalling before I download new versions. Update. I removed Adobe Reader. Scanned Secunia and that program didnt come up with errors (or come up at all). Now i'm attempting to upload Adobe Reader again.Update 2 I fixed Adobe Reader. I also downloaded the Macromedia flash player patch and ran it from desktop. After rescanning with Secunia it still shows up as error seen in previous attachments. I cannot figure out how to uninstall it as it does not show up on my ADD/REMOVE tabs. Thoughts. >> [attachment deleted by admin]That is pointing to files in your i386 folder which is you Windows Installation Files. I wouldn't worry about it.Quote from: evilfantasy on January 28, 2009, 10:27:45 AM That is pointing to files in your i386 folder which is you Windows Installation Files. I wouldn't worry about it. okay. yeah i looked in the folders after not able to find it on add/remove in the control panel. everything else seems to be okay now. had issues with my java but i removed an old version (i think) and uploaded the new version again. so far so good. thanks for all of the help. |
|
| 2553. |
Solve : Help on Trojan/Virus Removal: Logs Posted? |
|
Answer» HI guys, Need your help on this one. My pc's always COMING up with alerts of xpack trojans and a few worms besides.. So FAR, I have followed the steps on the pinned thread. Logs attached below. Thanks, I would appreciate any help. --Eve [ATTACHMENT deleted by admin]Help please, anyone? (much much appreciated). You MIGHT be in trouble with you PC, but please don't bump your topic. |
|
| 2554. |
Solve : would a partition defend against virus?? |
|
Answer» Hello and thank you for taking interest. |
|
| 2555. |
Solve : evilfantasy's 3rd topic above ( would you like to learn )? |
|
Answer» how do you reply to this , there is no reply button's on the pageits lockedoh , right ok , , just wanting to know if there is a way i could help at times i'm 63 and have cleaned out 3 stalled pc's ( virus's etc ) for friend's , what would i have to do , or would it be to much to learn for my age , even in another subjectI locked it because most of the questions I expected to be asked were and have answers. |
|
| 2556. |
Solve : Weird problem - can't access antispyware sites? |
|
Answer» Hello everybody, this is my first post here. I found this forum searching for my problem.... |
|
| 2557. |
Solve : Malware. Don't worry, just some kids doing pranks.? |
|
Answer» In the news someone from India lost his job at Fannie Mae. I'm not entirely sure this story relates directly to your post as your story is two lines long.Yes, it is relevant. Even if you read the full story the two lines WOULD be what you come away with. The information you gave has more detail that what the media would report. The point I am looking for is whether on not the public perception of 'malware' is an organizational, institutional problem or just coming from individuals who are are inmature or DERANGED mentally. Many, myself included, believe that a company who indulges and allows malicious software and later makes denials is big part of the problem. I chose "No, the threat is very big" and "Just don't be an idiot". Because.... Yes, the threat of malware is becoming bigger and bigger EVERY year, and yes, the people creating it are getting younger. But, whatever way you look at it, malware is ALSO evolving rapidly, and is able to do uncompromised things to the operating system. And "Just don't be an idiot" is a major issue. It is common sense to never download and/or install anything you don't 100% TRUST. It is also common sense to scan everything before "double-clicking" on. It is the same as chatting to people you don't know - it's a stupid thing to do. |
|
| 2558. |
Solve : download againest new virus? |
|
Answer» can you give me the download which is sweeping the world or were to find it please , i do not have it yetUmmm....What do you want? Sweeping the world? You mean like this: |
|
| 2559. |
Solve : Computer beeps until completely unplugged? |
|
Answer» When ever I turn my computer on it starts to beep and you cant stop it. Its like a siren no windows screen COME up its just blank. |
|
| 2560. |
Solve : Antivirus help needed? |
|
Answer» I need some advice for a good FREE antivirus software PROGRAM. I believe I have installed a "bad" copy of AVG Anti-Virus Free Edition 8.0 that now requires me to manually update on a daily BASIS, since I get the constant message "You may not be PROTECTED!" The older 7.5 version ran automatically. Since I need to change to another antivirus program, I would like some help in choosing a RELIABLE one. What works for you? I use Windows XP Pro and also Windows Vista on my computers. Try having a look at Avira and Avast.Okay, no problem. Safe computing. |
|
| 2561. |
Solve : computer running really really slow```? |
|
Answer» I am using a windows compaq COMPUTER with SP3. Heres the scoop, I got a virus on 1-19, have taken alot of stuff out & added a lot of new stuff trying to get rid of virus. The virus is cinmeng, located in Windows/sony/pctools. I had Norton, it told me I had a vrus & it couldn't get rid of it., so I deleted norton & in F-seure through my ISP. F-secure dosen't detect the virus; however,I know it is still there because Norten told me where it was when they found it, but couldn't remove it and now my computer is running really, really slow. computer won't let me do system recovery, I have done sys retsore so many times I lost count. Am really going crazy now, any advice?? Here are all my logs, I have read many of the other peoples problems on here & think you guys/girls are great at what you do. |
|
| 2562. |
Solve : i was sent here? |
|
Answer» Thank you.
system is still a bit sluggish especially the internet but i havnt run dial-a-fix yet so hopefully it solves it ill be posting soonAlright i ran Dial-a-Fix, no errors at all, and IVE rebooted my computer im still getting huge LAG on browser only now, the pc seems to have sped up quite a bit. Thanks so much for all your helpUse the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use NOTEPAD to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. |
|
| 2563. |
Solve : Browser hijack? |
|
Answer» Hello! |
|
| 2564. |
Solve : im sure i have some type of malware, i have logs posted HELP PLZ?!? |
|
Answer» I definately have malware of sorts, i have attatched logs pleasse PLEASE PLEASE HELP ME! |
|
| 2565. |
Solve : Systems Check? |
|
Answer» So I'm new here and I ended up downloading a virus... |
|
| 2566. |
Solve : Some websites The Page Cannot be Displayed (I gotta HiJackThis Log!)? |
|
Answer» I saw a similar thread to my problem on ANOTHER website http://www.daniweb.com/forums/thread11183.html |
|
| 2567. |
Solve : Help with virus? or not? |
|
Answer» I have a LAPTOP that runs GOOD for about 5 MINUTES and shuts itself down Any ideasAre you able to restart the Latop After the it shuts down? YES I can boot it back up. Then 3-5 minutes it just shuts down |
|
| 2568. |
Solve : computer shutsdown constantly/ virus suspected? |
|
Answer» my computer constantly shutsdown to power safe mode. like 5 to 6 times in an hour. not sure if there is a virus or what. sometimes screen turns watery, like water was thrown on a painting and paint is slowly running down the paper everthing looks like it from start menu to screen. also windows has a icon on the menu bar that states I have no antivirus but I have mcafee, which i will upgrade to something else some day because it sucks. but free only gets u so much right. sorry can't remember if I should do the get started virus removal guide or just wait for advice from u guys. hope u can help like before .A million thanx. |
|
| 2569. |
Solve : Unable to login after trojan removal? |
|
Answer» I'm using a 2003 Dell laptop running WINDOWS XP. |
|
| 2570. |
Solve : Some kind of weasle blocking me from any malware program? |
|
Answer» I can install and scan but not repair. Have TRIED spybot, adware, hyjackthis, spysweeper etc. Even tried the adware in safe mode to no avail. |
|
| 2571. |
Solve : 3 laptops losing internet connections, multiple access points? |
|
Answer» 3 out of the 4 laptops at my home suffer a very particular problem: |
|
| 2572. |
Solve : USB infected? |
|
Answer» Need your help on this one. USB infected with the Malware as mentioned below .The USB has a write protection which is not understood by me |
|
| 2573. |
Solve : superantispyware information? |
|
Answer» on the main page , i clicked preferances , clicked repairs , and there are about 30 items in there that , when you click them it says they have been altered by malware but can be repaired and put back |
|
| 2574. |
Solve : virus crashed my computer help with using sata/usb adaptor? |
|
Answer» Ok, my computer crashed from a virus, it was suggested that I get a SATA to USB adaptor to extract the data on the hard drive prior to restoing the system. Well, when I hook up it up and look through the files I can not find any file with my DOCUMENTS. HELP!!!Do you mean all your documents are gone?well, I don't see a file that says documents, however I'm not sure how to ACCESS all the files. There are program files such as Micrsoft office ect. but no files of saved documents.Are you going to C:\Users\<username>\Documents?It just shows drive E: and recovery E: don't see C:Sorry, maybe not C. What drive is/was everything on?when it was working it was C: but when hooked up to the SATA adaptor and to my laptop it comes up as E:The best thing you can do is read this. |
|
| 2575. |
Solve : Need Help Dont Know What To Do? |
|
Answer» My computer has a virus.I know its a Trojan horse and it downloaded it self as a program called spyware guard 2008 my desktop was gone no ICONS and no task bar i was able to run programs through the task MANGER i did what the guide said and my icons and task bar are back so thats good i still want to make sure i GET ANYTHING that might b left out of the computer so if anybody can help with that id appreciate it. Thanks |
|
| 2576. |
Solve : help with virus/malware? |
|
Answer» Just one last question, I noticed on one of the logs I posted there was a comodo firewall file and a mcafee firewall file. I was using these (not at the same time) but I did uninstall. I do not see them in add/remove programs or under start menu. Could these still be on my machine despite uninstalling them and will this effect my current firewall's capability?
---------- THIS IS NOT MEANT AS A STAND-ALONE UNINSTALLER, IT'S MADE TO DELETE LEFT-OVER FILES AND REGISTRY ENTRIES! Download, unzip and run the attached file to remove the Comodo leftovers. [attachment deleted by admin]McAfee SUCCESSFULLY downloaded ran removed and rebooted. I did not see an attached file for comodo removal. Thanks!Click on the attachment in the above post. [attachment deleted by admin]sorry...everything worked great!!! Thanks again. You are awesome and I appreciate your time!!!GLAD it worked. Let us know if anything else comes up. Safe surfing... |
|
| 2577. |
Solve : Msn Virus...? |
|
Answer» Done scans with my anti virus. i wasn't to sure about ending anti virus programs due to getting trojan warnings every 5 minutes. They aren't doing much good if the malware is already on the system And with TeaTimer running it is sometimes impossible to remove a virus since it resets the registry in many instances. You should always turn off TeaTimer when scanning for or removing malware. Scan Suspicious File(s) Please go to VirusTotal.com (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy the file path in the below Code box: Code: [Select]C:\sinh.exe 2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Next click Send File Your file will possibly be entered into a queue which normally takes less than a minute to clear. This will perform a scan across multiple different virus scanning engines. Important: Wait for all of the scanning engines to complete. 5. Copy and then Paste the link to the results in the next reply. Here we go: File sinh.exe received on 02.02.2009 01:24:36 (CET) Current status: Loading ... QUEUED waiting scanning finished NOT FOUND STOPPED Result: 0/39 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared4.0.0.932009.02.01- AhnLab-V35.0.0.22009.02.01- AntiVir7.9.0.702009.02.01- Authentium5.1.0.42009.02.01- Avast4.8.1281.02009.02.01- AVG8.0.0.2292009.02.01- BitDefender7.22009.02.02- CAT-QuickHeal10.002009.01.31- ClamAV0.94.12009.02.02- Comodo9572009.02.01- DrWeb4.44.0.091702009.02.02- eSafe7.0.17.02009.02.01- eTrust-Vet31.6.63352009.01.29- F-Prot4.4.4.562009.02.01- F-Secure8.0.14470.02009.02.02- Fortinet3.117.0.02009.02.01- GData192009.02.02- IkarusT3.1.1.45.02009.02.01- K7AntiVirus7.10.6122009.01.31- Kaspersky7.0.0.1252009.02.02- McAfee55132009.02.01- McAfee+Artemis55132009.02.01- Microsoft1.43062009.02.02- NOD3238162009.02.01- Norman6.00.022009.01.31- nProtect2009.1.8.02009.01.30- Panda9.5.1.22009.02.01- PCTools4.4.2.02009.02.01- Prevx1V22009.02.02- Rising21.14.61.002009.02.01- SecureWeb-Gateway6.7.62009.02.01- Sophos4.38.02009.02.01- Sunbelt3.2.1835.22009.01.16- Symantec102009.02.02- TheHacker6.3.1.5.2432009.02.01- TrendMicro8.700.0.10042009.01.30- VBA323.12.8.122009.02.01- ViRobot2009.1.31.15832009.01.31- VirusBuster4.5.11.02009.02.01- If thats not what you wanted ^^ Please tell me what information you did want. Tony:) Btw thanks for helping. Webwasher-Gateway - - BlockReason.0 : / I looked on another page , and there was that....That's what I needed. How is the computer running now?I will reinstall msn , and take a look. I had no issue with it slowing down , as soon as i clicked the link , i only relised it was a exe until it said , Image will not load... Then i thought ah ****..... My mate sent it , so i assumed it was a trust worthy source , but turns out shes infected beyond belief ... I caught it all in time i hope. I will post back in 5 minutes.Ok well all seems ok now ^^ Thats 4 hours i wont be getting back lol..... I will full scan with all the anti virus i have tonight , just to be on the safe side... Thanks for all the help , and by the way. What did the reg entry do? Just curious , and the items i delete in hijackthis , what sort of infections where they You might have your friend run these tools on their computer. Or have them come here and do the malware removal guide. http://downloads.malwareremoval.com/MsnVirRem.exe http://www.forospyware.com/Msncleaner/MsnCleaner_eng.zip Quote Just curious , and the items i delete in hijackthis , what sort of infections where they Alcmtr was just bloatware that slows down many computers. Windows UDP Control Center/fxstaller.exe A variant of the IRCBot family of worms and IRC backdoor Trojans http://www.bleepingcomputer.com/startups/Windows_UDP_Control_Center-24046.html cogad.exe Added by the Troj/Dloadr-CEP downloading Trojan http://www.bleepingcomputer.com/startups/cogad.exe-24485.html ---------- Cleanup steps. Download OTCleanIt.exe and save it to your Desktop.
---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide |
|
| 2578. |
Solve : For evilfantasy--c.bell_08? |
|
Answer» Your thanks are plenty!! |
|
| 2579. |
Solve : Are these programs enough?? |
|
Answer» I was wondering if these programs installed on my computer are enough in fighting spyware ad-ware malware viruses ETC.. Ad-Aware by lavasoft free, Malwarebytes' ANTI-Malware, SpywareBlaster, Spybot - Search & Destroy AVG free, spyware terminator.Quote from: alyoob on February 02, 2009, 10:58:46 AM I was wondering if these programs installed on my computer are enough in fighting spyware ad-ware malware viruses etc.. Ad-Aware by lavasoft free, Malwarebytes' Anti-Malware, SpywareBlaster, Spybot - Search & Destroy Avg free, spyware terminator. Why so many anti-spyware and anti malware? Honestly, from my personal experience it is not the amount of software you install,( its good to have some protection,) but it is the users who are behind the computer. I don't know why you have so many antispyware, most antispyware companies have similar if not the same malware defintions installed into their database, their might be one or 2 that differ by just a little. If you get a coorperate, or buisness antimalware you have more protection because it has more malware data then for personal uses. So... what about your firewall? You can't have a virus scanner without a firewall. Also do any of those EVEN have REAL time protection.. no point in having multi cleaners if not one of them is real time protection. My security are: Comodo Security Suite, Webroot Spysweeper, Emisoft(A2 free) Thats all I need, |
|
| 2580. |
Solve : some1 says i am infected? |
|
Answer» yes im on firefox now thx. ok now i just got a bubble that said taking out memory and i tried to download ad-ware ae and said i dont have enough memory. i used defragmenter and said i have 63% storage not used my firewall has been deleted im messed right up. my log files for antivir personal.
--> FIL\\\?\C:\$VAULT$.AVG\00000001.FIL [DETECTION] Contains recognition PATTERN of the WORM/Lovsan.F.1 worm [NOTE] The file was moved to '49a46878.qua'! C:\Documents and Settings\server\Local Settings\Temp\62888679.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ac6a72.qua'! C:\Documents and Settings\server\Local Settings\Temp\63252812.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49a66a7b.qua'! C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\colbact.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comuid.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\es.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\ole32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\txflog.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB833987$\sxs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\browser.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! C:\WINDOWS\Downloaded Program Files\start.INF [DETECTION] Is the TR/Dagonit.INF Trojan [NOTE] The file was moved to '49d57627.qua'! C:\WINDOWS\system32\components\flx1.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b4a.qua'! C:\WINDOWS\system32\components\flx10.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b51.qua'! C:\WINDOWS\system32\components\flx11.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b55.qua'! C:\WINDOWS\system32\components\flx12.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b58.qua'! C:\WINDOWS\system32\components\flx13.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b5b.qua'! C:\WINDOWS\system32\components\flx14.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b5e.qua'! C:\WINDOWS\system32\components\flx15.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b61.qua'! C:\WINDOWS\system32\components\flx16.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b63.qua'! C:\WINDOWS\system32\components\flx17.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b65.qua'! C:\WINDOWS\system32\components\flx18.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b67.qua'! C:\WINDOWS\system32\components\flx19.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b69.qua'! C:\WINDOWS\system32\components\flx2.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b6b.qua'! C:\WINDOWS\system32\components\flx20.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b6e.qua'! C:\WINDOWS\system32\components\flx21.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b6f.qua'! C:\WINDOWS\system32\components\flx22.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b72.qua'! C:\WINDOWS\system32\components\flx23.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b74.qua'! C:\WINDOWS\system32\components\flx24.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b76.qua'! C:\WINDOWS\system32\components\flx25.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b78.qua'! C:\WINDOWS\system32\components\flx26.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b7a.qua'! C:\WINDOWS\system32\components\flx27.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b7c.qua'! C:\WINDOWS\system32\components\flx28.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b7e.qua'! C:\WINDOWS\system32\components\flx29.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b80.qua'! C:\WINDOWS\system32\components\flx3.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b83.qua'! C:\WINDOWS\system32\components\flx30.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b85.qua'! C:\WINDOWS\system32\components\flx32.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b8b.qua'! C:\WINDOWS\system32\components\flx33.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b8c.qua'! C:\WINDOWS\system32\components\flx34.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '48864ecd.qua'! C:\WINDOWS\system32\components\flx35.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b8d.qua'! C:\WINDOWS\system32\components\flx36.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b8e.qua'! C:\WINDOWS\system32\components\flx37.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b8f.qua'! C:\WINDOWS\system32\components\flx38.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b90.qua'! C:\WINDOWS\system32\components\flx39.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '48864ed1.qua'! C:\WINDOWS\system32\components\flx4.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b92.qua'! C:\WINDOWS\system32\components\flx40.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '48864ed3.qua'! C:\WINDOWS\system32\components\flx41.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b93.qua'! C:\WINDOWS\system32\components\flx42.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b94.qua'! C:\WINDOWS\system32\components\flx43.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b95.qua'! C:\WINDOWS\system32\components\flx44.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b96.qua'! C:\WINDOWS\system32\components\flx45.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '48864ed7.qua'! C:\WINDOWS\system32\components\flx46.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b97.qua'! C:\WINDOWS\system32\components\flx47.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b98.qua'! C:\WINDOWS\system32\components\flx48.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b99.qua'! C:\WINDOWS\system32\components\flx49.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9a.qua'! C:\WINDOWS\system32\components\flx5.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9b.qua'! C:\WINDOWS\system32\components\flx57.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9c.qua'! C:\WINDOWS\system32\components\flx59.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9d.qua'! C:\WINDOWS\system32\components\flx61.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9e.qua'! C:\WINDOWS\system32\components\flx63.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7b9f.qua'! C:\WINDOWS\system32\components\flx65.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba0.qua'! C:\WINDOWS\system32\components\flx67.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba1.qua'! C:\WINDOWS\system32\components\flx69.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba2.qua'! C:\WINDOWS\system32\components\flx7.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba3.qua'! C:\WINDOWS\system32\components\flx70.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '48864ee4.qua'! C:\WINDOWS\system32\components\flx72.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba4.qua'! C:\WINDOWS\system32\components\flx73.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba5.qua'! C:\WINDOWS\system32\components\flx74.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba6.qua'! C:\WINDOWS\system32\components\flx8.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba8.qua'! C:\WINDOWS\system32\components\flx9.dll [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49ec7ba9.qua'! End of the scan: Monday, January 19, 2009 05:14 Used time: 1:27:53 Hour(s) The scan has been done completely. 4121 Scanning directories 199174 Files were scanned 62 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 62 files were moved to quarantine 0 files were renamed 39 Files cannot be scanned 199073 Files not concerned 2170 Archives were scanned 39 WARNINGS 62 Notes my log for super anti spy... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/20/2009 at 04:08 PM Application Version : 4.25.1012 Core Rules Database Version : 3718 Trace Rules Database Version: 1692 Scan type : Quick Scan Total Scan Time : 00:22:31 Memory items scanned : 603 Memory threats detected : 0 Registry items scanned : 400 Registry threats detected : 16 File items scanned : 4509 File threats detected : 39 Browser Hijacker.BestSafetyGuide HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4} HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4} HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32 HKCR\CLSID\{873EB32D-AE1A-4183-89BD-45A77F761BE4}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\IXT0.DLL Unclassified.Unknown Origin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2 HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546} HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546} HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InProcServer32 C:\WINDOWS\SYSTEM32\VBSYS2.DLL Trojan.Homepage HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B} HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32 HKCR\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}\InprocServer32#ThreadingModel HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E} HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32 HKCR\CLSID\{EDBF1BC8-39AB-48EB-A0A9-C75078EB7C8E}\InprocServer32#ThreadingModel Unclassified.PC MightyMax HKU\S-1-5-21-1060284298-1078145449-854245398-1003\Software\PC MightyMax C:\Program Files\PC MightyMax\lic.conf C:\Program Files\PC MightyMax\lic.dat C:\Program Files\PC MightyMax\pcdocrx.conf C:\Program Files\PC MightyMax\tmp_res_x_101.tmp C:\Program Files\PC MightyMax\tmp_res_x_102.tmp C:\Program Files\PC MightyMax\tmp_res_x_103.tmp C:\Program Files\PC MightyMax\tmp_res_x_104.tmp C:\Program Files\PC MightyMax\tmp_res_x_105.tmp C:\Program Files\PC MightyMax\tmp_res_x_106.tmp C:\Program Files\PC MightyMax\tmp_res_x_107.tmp C:\Program Files\PC MightyMax\tmp_res_x_108.tmp C:\Program Files\PC MightyMax\tmp_res_x_109.tmp C:\Program Files\PC MightyMax\tmp_res_x_110.tmp C:\Program Files\PC MightyMax\tmp_res_x_111.tmp C:\Program Files\PC MightyMax\tmp_res_x_112.tmp C:\Program Files\PC MightyMax\tmp_res_x_113.tmp C:\Program Files\PC MightyMax\tmp_res_x_114.tmp C:\Program Files\PC MightyMax\tmp_res_x_115.tmp C:\Program Files\PC MightyMax\tmp_res_x_116.tmp C:\Program Files\PC MightyMax\tmp_res_x_117.tmp C:\Program Files\PC MightyMax\tmp_res_x_118.tmp C:\Program Files\PC MightyMax\tmp_res_x_119.tmp C:\Program Files\PC MightyMax\tmp_res_x_120.tmp C:\Program Files\PC MightyMax\tmp_res_x_121.tmp C:\Program Files\PC MightyMax\tmp_res_x_122.tmp C:\Program Files\PC MightyMax\tmp_res_x_123.tmp C:\Program Files\PC MightyMax\tmp_res_x_124.tmp C:\Program Files\PC MightyMax\tmp_res_x_125.tmp C:\Program Files\PC MightyMax\undo C:\Program Files\PC MightyMax Adware.Tracking Cookie C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\server\Local Settings\Temp\Cookies\[emailprotected][2].txt Malware.SpywareQuake C:\WINDOWS\TEMP\SABD.EXE my log for malwarebytes... Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 1/20/2009 5:09:22 PM mbam-log-2009-01-20 (17-09-22).txt Scan type: Quick Scan Objects scanned: 53871 Time elapsed: 13 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1131-1111-1111-611111193428} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64311111-1111-1121-1111-111191113457} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\server\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\server\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\server\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\server\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_21_42 PM_733.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\server\Application Data\AntispywareBot\Log\2009 Jan 19 - 09_58_08 PM_436.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\server\Application Data\AntispywareBot\Settings\ScanResults.pie (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully. i am now stuck on the hijack this wont let me copy past hiany1 can look at filesany1 help me Apologies for this long wait. We are currently a bit short on Malware Specialists. Because of this, they are mainly only looking at topics in the Computer Virus and Spyware Section with 0 replied. I suggest re-posting your problem, along with the logs. (attach them as text files). |
|
| 2581. |
Solve : Can't delete an infected write-protected file...??? |
|
Answer» Hi- |
|
| 2582. |
Solve : Stubborn Rootkit - Need Advice? |
|
Answer» I have Dell Celeron 1.7 PC w/ 512MB, 40GB HDD, running XP SP2. The PC is in pretty bad shape. I usually use the standalone scanner from Kaspersky (available in devbuilds) and Super Antispyware to clean up pretty much every infection on a PC. Not working this time.
|
|
| 2583. |
Solve : virus/trojan keep coming back after been deleted by Nod32 & Spybot? |
|
Answer» GLAD it all WORKED out. Safe SURFING.... |
|
| 2584. |
Solve : Keylogger Help? |
|
Answer» Hi, I FOUND a keylogger called elite keylogger. I know who sent it to me, but I would like proof. Does anyone know how I can find the logs that were sent or a way to figure out which email MESSAGE it was in? thanksTo get something installed through email, you had to perform some action, like opening an attachment. Keyloggers don't install by themselves. Elite Keylogger is a commercial product. Keyloggers, especially commercial one are notoriously hard to remove. We need to be sure this wasn't installed by a parent or employer before advising on it's removal. My first instinct is to SAY contact http://www.widestep.com/ and have them help you. |
|
| 2585. |
Solve : SPYWARE.CYBERLOG-X.SPYWARE? |
|
Answer» HOW CAN I GET THIS OFF MY DELL B130 LAPTOP RUNNING WINDOWS XP. i CANNOT GET INTO THE ADD OR REMOVE PROGRAM OR THE REGISTRY, OR COPY OR LOAD ANYTHING TO MY COMPUTERTurn CAPS off, please... I tried to load it from a thumb drive on to the infected laptop but it will not let me.Please, explain what exactly happens. Try Safe Mode.when I click on the file the hour glass comes up like its loading and nothing happens after that. When I try to drag the file to the desktop it will not drag. I have tried this in the normal mode and in the safe mode. I might have to try to reformat the hard drive but I want that to be my last option. Try Windows repair: http://www.michaelstevenstech.com/XPrepairinstall.htmOkay, I have gotten it to load by using the dos command prompts and COPYING the superantispyware.exe file to the c directory from the d drive.OK. |
|
| 2586. |
Solve : My computer randomly freezes up on me :(? |
|
Answer» still messed up, its guaranteed to freeze while i burn MOVIES only, every now and then it will freeze for the *censored* of it, i have a trojan remover i run that doesnt find anything but SPYBOT s&d finds the same stuff over and overTry burning at lower speed.still no luck, tried burning at the lowest speed/quality possible, this is the 2nd software i've used due to the freezing problem, thinking it ORIGINATED from the first dvd converter tool, so i KNOW it is because of the burner softwareIf I were you, I'd get another 512MB of RAM. |
|
| 2587. |
Solve : Restrictions on computer apeared out of nowhere? |
|
Answer» HI there, |
|
| 2588. |
Solve : Malware Assistance?? |
|
Answer» I apologize. I forgot, you're with Vista. I wonder if these were false positives.Very possible. Quote Avast finds nothing. I may reinstall AVG to find out.I wouldn't do it. Current AVG 8.0 is having numbers of problems. Avast is an excellent AV program. Using it myself. |
|
| 2589. |
Solve : suspected virus help? |
|
Answer» HelloEverybody there was over 100 IP addresses running on my networkYou said, that you secured your network since...Still same problem?Yes it seems to be still increasing. I am wondering if it is because of things set for automatic updates? I have no idea. I am now at 2.96gb up from 2.3 this morning What does netstat command say?Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\User>netstat -an Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1196 0.0.0.0:0 LISTENING TCP 127.0.0.1:1059 0.0.0.0:0 LISTENING TCP 127.0.0.1:1067 0.0.0.0:0 LISTENING TCP 127.0.0.1:1907 127.0.0.1:1067 TIME_WAIT TCP 127.0.0.1:1912 127.0.0.1:1913 ESTABLISHED TCP 127.0.0.1:1913 127.0.0.1:1912 ESTABLISHED TCP 127.0.0.1:1914 127.0.0.1:1915 ESTABLISHED TCP 127.0.0.1:1915 127.0.0.1:1914 ESTABLISHED TCP 192.168.0.100:139 0.0.0.0:0 LISTENING TCP 192.168.0.100:1920 72.5.252.2:80 TIME_WAIT UDP 0.0.0.0:67 *:* UDP 0.0.0.0:68 *:* UDP 0.0.0.0:138 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1043 *:* UDP 0.0.0.0:1085 *:* UDP 0.0.0.0:1127 *:* UDP 0.0.0.0:1144 *:* UDP 0.0.0.0:1145 *:* UDP 0.0.0.0:1146 *:* UDP 0.0.0.0:1147 *:* UDP 0.0.0.0:1148 *:* UDP 0.0.0.0:1196 *:* UDP 0.0.0.0:9370 *:* UDP 127.0.0.1:1084 *:* UDP 192.168.0.100:137 *:* UDP 192.168.0.100:138 *:* C:\Documents and Settings\User>It looks normal. The only established connection is your own COMPUTER (127.0.0.1). I guess, your kids are downloading stuff.Thanks very much for all your help. As I mentioned in an earlier post before I secured the network my isp said there was over 100 IP addresses open. I geuss you live and learn! Again thanks a million for all your time and help it is much appreciated Have a great daySame to you |
|
| 2590. |
Solve : winowl32.dll and file destroying? |
|
Answer» Hi, I wanna destory winowl23.dll because it's messing up my PC. |
|
| 2591. |
Solve : Logs attached, need next step for malware fix? |
|
Answer» OK do you still get the error?
---------- How is the computer running now? ,whaddya know, I think it worked I don't seem to have the problem with accessing the control panel anymore, and the "red X" doesn't appear at the bottom, and the SuperAntiSpyware and Malwarebytes scans come up clean... Anything else I need to do?? Also, how can I make sure a paypal donation goes to you?! thanks
Download Alternate download link Note: Vista users must use Run As Administrator
---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.THis is great, can't thank you enough! Excellent resources at the end, too. I wish everyone would use those! (And I wish malware writing would be illegal...) ANyway, thanks and be on the lookout for a donation--I wish I could afford more. It is illegal, but since they are usually in countries that the US, Europe, Austrailia, Canada and so on don't have any legal resources in they get away with it very easily. Glad it all worked! Safe surfing... |
|
| 2592. |
Solve : Desperately need help! PC is infected with something Nasty!? |
|
Answer» Hello, I am very happy I found this site. I have tried everything I can think of and cannot get RID of this thing. This all started after Xmas. My Gf's daughter got one of those cheap china made MP4 players for Xmas. When we installed the AVI converter that came on it ONTO my GF's computer. I noticed the computer started to be sluggish and act funny. I found out I did not have access to TASK MANAGER or REGEDIT. I then decided, Okay i'll just format. I did a quick format and had task manager back. HOWEVER, by the time I was done loading all of my programs, ( yes I do all of windows updates ) This thing had some how gotten me again. NO taskmanager or regedit. It said Task manager has been disabled by the administrator! I AM THE ADMINISTRATOR!! I've been building pc's since 98 and have NEVER had this happen. I then decided OKAY ill just do a FULL format this time. I then did a full format and loaded everything sequentially like I always do, and guess what? somehow this thing had gotten me AGAIN!!!!!! SO now I have no idea where this thing comes from or if I ever REALLY got rid of it in the first place. Could this thing be getting me Via Internet Explorer? because on this computer, thats is what I am using. I cannot run a virus scan with anti vir because when I click on the button, nothing happens. This virus will not let it run but, when I reboot the anti Vir GUARD itself shows a Sality.32 virus. I cannot go into safe mode because when I do that it flashes a blue error screen at me but its so quick I cant read it. It then proceeds to boot normally. Every TOOL that I use to try to get to this virus gets corrupted within a matter of 30 minutes or so to where the tool will not even run. SO without further delay, I only have so much hair left!! Here are some logs for you guys. and TY |
|
| 2593. |
Solve : rogue Spyware Guard 2008 pop-up - pls help? |
|
Answer» Hello Team |
|
| 2594. |
Solve : Help with Spyware? |
|
Answer» I have run CCcleaner, AVG Free, Super ANTISPYWARE, and Mailwarebyte's Anti-Malware, but I can't SEEM to get rid of this pop up. I tried opening the logs, but every time I do, everything freezes up. |
|
| 2595. |
Solve : DLL error? |
|
Answer» Every time that my computer starts up i get an error message saying that the file containing M3PLUGIN.DLL cannot be located. I FOLLOWED the steps listed on this site of how to diagnose the problem and the results are in the attached logs. I am CURRENTLY running Windows Vista basic 6.0. My computer is a desktop from dell and has 2.0 GB RAM. i also have an Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.4GHz. This issue started occurring about 2 months ago. It could have come from any unprotected website as i am on the internet daily. What should i do from here? are they updated?If you don't have anything useful to say, you're better off saying nothing at all. jh6004, The original error you were getting was related to a MyWebSearch infection, which appears to have been removed successfully. You NEED to get yourself a decent firewall such as ZoneAlarm or Comodo, but aside from that, you look clean now. The error shouldn't come up, but if your symptoms start again, let me know and we can run more scans.Alright, thanks for the HELP! |
|
| 2596. |
Solve : isass.exe, should i delete and how? |
|
Answer» hi there not sure it's called Isass.exe or Lsass.exe, hard to tellThis is very important, because isass.exe is OPTIX PRO trojan, while lsass.exe is legit Windows file. We'll sort it out. You used outdated HJT version, so let's do it again... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll SEE "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log. thanks broni have not gone through those steps yet, have been a bit busy but i just came back becuase i had an idea to use my web browser and search the word 'Lsass.exe' on this page and Lsass apears in my HJT log so i'm guessing it's all legit and fine like you say although i don't understand HJT logs, so i was just wondering if there was anything there that shouldn't be there the computer is new to me like i say. but it used(before i reformated) to have a lot of problems and was infected with a virus or two. i'm guessing all is fine now? sorry for sounding a bit like a time waster. it's just this computer is on a network with anouther so was just wondering if this one was STILL had it's virus. if someone doesn't mind giving my HJT log a quick look over that would be good, if not no prob. P.S. are the logs just a matter of copying and pasting each part into a search engine? or is there more to it? i understand the running processes part, but not the rest of it. would be better if could do it.. thanksI can't comment, or ADVICE, unless I see those three logs.Hi there, I wish everyone a happy new year. I am experiencing something rather very strange, and I was wondering if anyone can help me. I really do not know what to do. I have windows XP. and I am experiencing the virus (virus.win32.xorer.ee) which has three files which are critical. (Isass.exe) + (smss.exe) + (ckvol.dll). I can not install or run any anti-virus programs. My PC wont let me. I can not run in safe mode. I can not delete those items. so basically, this thing is in total control of my PC. So please. if anyone can help me here i would really aperciate it. Thank you.crazysoccerboy Please, start your own topic. |
|
| 2597. |
Solve : i got a serous malware problem? |
|
Answer» i got a problem |
|
| 2598. |
Solve : Multiple Sypware/Malware? |
|
Answer» This might be a challenging problem.... I am unable to install any new anti-virus software (especially HijackThis, that will not even start the installation process. What part of that did you NOT get?oh srry didnot read full heres another idea do you have a frend that has a computer if so get a jump drive or a cd go to him and get on his computer get hijack this and install onto jumpdrive or cd then tell if worksI managed to install AVG, it fixed most problems. This is the HJT LOG, how does it look? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:30 PM, on 1/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe c:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscript.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = copy.its.yale.edu:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [fimininane] Rundll32.exe "C:\WINDOWS\system32\dowurumi.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [fimininane] Rundll32.exe "C:\WINDOWS\system32\dowurumi.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Microsoft FIND Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Windows Live Search - RES://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/stanford/support/plugins/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB54B59-2114-49C1-8FDF-AD2A7BA36631}: Domain = stanford.edu O17 - HKLM\System\CS2\Services\Tcpip\..\{1EB54B59-2114-49C1-8FDF-AD2A7BA36631}: Domain = stanford.edu O17 - HKLM\System\CS3\Services\Tcpip\..\{1EB54B59-2114-49C1-8FDF-AD2A7BA36631}: Domain = stanford.edu O17 - HKLM\System\CS4\Services\Tcpip\..\{1EB54B59-2114-49C1-8FDF-AD2A7BA36631}: Domain = stanford.edu O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - UNKNOWN owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10150 bytes Thank you for your help!!! |
|
| 2599. |
Solve : Friends suck? |
|
Answer» A friend of mine tried to download a keygen for call of duty: world at war, and gave me one nasty virus. AVG PRO can do nothing about it, nor could any of the programs you recommended. Upon boot-up, it gives me the following error: |
|
| 2600. |
Solve : EEEEK. Help??? |
|
Answer» Hello! I desperately need some computer help as I'm a 3rd year university student and my laptop just recently suffered a heart attack. |
|