Jump to content

jabberwockdb

Members
  • Posts

    16
  • Joined

  • Last visited

Posts posted by jabberwockdb

  1. Hi MrC

    Sorry for the confusion...

    Yes, McAfee was disabled during the scan, but when I performed the uninstall of Combofix, McAfee was enabled again. As the uninstall was proceeding, McAfee detected 3 Tool-Nircmd threats: firefox.exe, iexplore.exe, and n.pif. It quarantined these files. I was assuming these files were from Combofix and hoping that this action didn't affect the uninstall.

    Other than that, I think I completed all of the clean up tasks without any issues. I will probably be posting a new topic soon to help my mother-in-law with her computer.

    Thanks again for all your help!!!

  2. Hi MrC

    Just a quick question on the uninstall of ComboFix. McAfee was running as I was uninstalling ComboFix and it detected a couple of files that I a believe were used by combofix. Although Mcafee deleted those files during the uninstall, is it correct to assume McAfee didn't prevent Combofix from uninstalling properly?

    -------------------------------

    You have out date Java on the system, older versions are vulnerable to malware.

    Please go to your control panels add/remove programs and uninstall these:

    Java Auto Updater

    Java™ 7 Update 4

    Then download and install the latest version Java™ 6 Update 32.

    http://www.java.com/...load/manual.jsp <---latest version

    http://www.java.com/...d/installed.jsp <---verify your Java

    I believe I have a later version of Java than version 6. I also clicked on the java link and it confirmed V7 update 4 is the latest available.

    Thanks again for all your help. Will post positive feedback!

  3. Everything seems to be okay. The original problem was intermittent, but I feel confident that uninstalling those trojans and using roguekiller cleaned everything up. If the problem rears its head again, I'll let you know.

    With these specific trojans and viruses, what threats did they pose in regards to data?

    Thanks again for all your help!!!

  4. Thanks so much for helping me out on the weekend, MrC!

    OK The process didn't exist anymore since it was uninstalled. I was, however, able to delete the two registry items. After deletion, the status said REPLACED(0). Here is the log:

    RogueKiller V7.4.4 [05/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback:

    Blog:

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: admin [Admin rights]

    Mode: Remove -- Date: 05/12/2012 15:36:00

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    Finished : << RKreport[4].txt >>

    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

    When the ComboFix ran, what viruses, if any, did it clean up?

    Thanks again!

  5. MrC

    I deleted the folder; it was empty since I was able to uninstall it via the Control Panel. When using RogueKiller, am I supposed to do anything with the items it detected? I only sent the report but did not delete anything. When I try to run it now, it keeps crashing after I click "Scan", but I can see it is still detecting two HJ registry items.

    Thanks for all your help!

    I forgot to mention, although I tried to uninstall "Anti-phishing Domain Advisor", the "C:\ProgramData\Anti-phishing Domain Advisor" folder still exists and has executable files in it. I don't know if the uninstall worked.

  6. MrC

    I deleted the folder; it was empty since I was able to uninstall it via the Control Panel. When using RogueKiller, am I supposed to do anything with the items it detected? I only sent the report but did not delete anything. When I try to run it now, it keeps crashing after I click "Scan", but I can see it is still detecting two HJ registry items.

    Thanks for all your help!

  7. Thanks MrC:

    I uninstalled those programs .

    Here is the updated Rogue Killer report. I have the MVPS Hosts file on my computer now.

    RogueKiller V7.4.4 [05/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: admin [Admin rights]

    Mode: Scan -- Date: 05/12/2012 07:33:30

    ¤¤¤ Bad processes: 1 ¤¤¤

    [sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 2 ¤¤¤

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 localhost

    ::1 localhost #[iPv6]

    127.0.0.1 fr.a2dfp.net

    127.0.0.1 m.fr.a2dfp.net

    127.0.0.1 ad.a8.net

    127.0.0.1 asy.a8ww.net

    127.0.0.1 abcstats.com

    127.0.0.1 a.abv.bg

    127.0.0.1 adserver.abv.bg

    127.0.0.1 adv.abv.bg

    127.0.0.1 bimg.abv.bg

    127.0.0.1 ca.abv.bg

    127.0.0.1 www2.a-counter.kiev.ua

    127.0.0.1 track.acclaimnetwork.com

    127.0.0.1 accuserveadsystem.com

    127.0.0.1 www.accuserveadsystem.com

    127.0.0.1 achmedia.com

    127.0.0.1 aconti.net

    127.0.0.1 secure.aconti.net

    127.0.0.1 www.aconti.net #[Dialer.Aconti]

    [...]

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2552GSX ATA Device +++++

    --- User ---

    [MBR] 551004de8a36225bd2117f3b1c7679bc

    [bSP] 5fdf007a7b891da1ca01d5fb4600053a : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST95005620AS ATA Device +++++

    --- User ---

    [MBR] a4dd951913109349b3853eb49f2adfe0

    [bSP] 8c93a053b28efc2e467209197d878d63 : Windows 7 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 64000 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 131893248 | Size: 128000 Mo

    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394037248 | Size: 284538 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>

    RKreport[1].txt ; RKreport[2].txt

  8. MrCharlie:

    After seeing that Anti-phishing.exe may be the culprit, I checked my control panel. I noticed that it was most likely installed when I downloaded "pdf creator". There were some other programs which were installed on that day as well. When you give me your recommendations, please let me know if these programs should be removed as well.

    Bekko Search Bar 1.0

    Search.com Bar

    Adobe AIR

    Adobe Download Assistant

    PDF Creator

    Thanks again

  9. Hi MrCharlie:

    Here is the report:

    RogueKiller V7.4.4 [05/08/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User: admin [Admin rights]

    Mode: Scan -- Date: 05/11/2012 10:48:12

    ¤¤¤ Bad processes: 1 ¤¤¤

    [sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 3 ¤¤¤

    [sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2552GSX ATA Device +++++

    --- User ---

    [MBR] 551004de8a36225bd2117f3b1c7679bc

    [bSP] 5fdf007a7b891da1ca01d5fb4600053a : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST95005620AS ATA Device +++++

    --- User ---

    [MBR] a4dd951913109349b3853eb49f2adfe0

    [bSP] 8c93a053b28efc2e467209197d878d63 : Windows 7 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 64000 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 131893248 | Size: 128000 Mo

    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394037248 | Size: 284538 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt

    Thanks

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.