jabberwockdb
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jabberwockdb
-
-
Hi Larry:
FYI, I am getting email notifications now, but for some reason I never received the first email notification.
The Here link just opens the My Settings page, I thought you were providing a sample of what the settings should look like.
Thanks
-
-
Hi MrC
Sorry for the confusion...
Yes, McAfee was disabled during the scan, but when I performed the uninstall of Combofix, McAfee was enabled again. As the uninstall was proceeding, McAfee detected 3 Tool-Nircmd threats: firefox.exe, iexplore.exe, and n.pif. It quarantined these files. I was assuming these files were from Combofix and hoping that this action didn't affect the uninstall.
Other than that, I think I completed all of the clean up tasks without any issues. I will probably be posting a new topic soon to help my mother-in-law with her computer.
Thanks again for all your help!!!
-
Hi MrC
Just a quick question on the uninstall of ComboFix. McAfee was running as I was uninstalling ComboFix and it detected a couple of files that I a believe were used by combofix. Although Mcafee deleted those files during the uninstall, is it correct to assume McAfee didn't prevent Combofix from uninstalling properly?
-------------------------------
You have out date Java on the system, older versions are vulnerable to malware.
Please go to your control panels add/remove programs and uninstall these:
Java Auto Updater
Java™ 7 Update 4
Then download and install the latest version Java™ 6 Update 32.
http://www.java.com/...load/manual.jsp <---latest version
http://www.java.com/...d/installed.jsp <---verify your Java
I believe I have a later version of Java than version 6. I also clicked on the java link and it confirmed V7 update 4 is the latest available.
Thanks again for all your help. Will post positive feedback!
-
Everything seems to be okay. The original problem was intermittent, but I feel confident that uninstalling those trojans and using roguekiller cleaned everything up. If the problem rears its head again, I'll let you know.
With these specific trojans and viruses, what threats did they pose in regards to data?
Thanks again for all your help!!!
-
Thanks so much for helping me out on the weekend, MrC!
OK The process didn't exist anymore since it was uninstalled. I was, however, able to delete the two registry items. After deletion, the status said REPLACED(0). Here is the log:
RogueKiller V7.4.4 [05/08/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback:Blog:Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: admin [Admin rights]Mode: Remove -- Date: 05/12/2012 15:36:00¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 2 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤Finished : << RKreport[4].txt >>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txtWhen the ComboFix ran, what viruses, if any, did it clean up?
Thanks again!
-
MrC
I deleted the folder; it was empty since I was able to uninstall it via the Control Panel. When using RogueKiller, am I supposed to do anything with the items it detected? I only sent the report but did not delete anything. When I try to run it now, it keeps crashing after I click "Scan", but I can see it is still detecting two HJ registry items.
Thanks for all your help!
I forgot to mention, although I tried to uninstall "Anti-phishing Domain Advisor", the "C:\ProgramData\Anti-phishing Domain Advisor" folder still exists and has executable files in it. I don't know if the uninstall worked.
-
MrC
I deleted the folder; it was empty since I was able to uninstall it via the Control Panel. When using RogueKiller, am I supposed to do anything with the items it detected? I only sent the report but did not delete anything. When I try to run it now, it keeps crashing after I click "Scan", but I can see it is still detecting two HJ registry items.
Thanks for all your help!
-
-
Hi MrC
I ran TDSSKiller and got "No Threats found".
-
Thanks MrC:
I uninstalled those programs .
Here is the updated Rogue Killer report. I have the MVPS Hosts file on my computer now.
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: Scan -- Date: 05/12/2012 07:33:30
¤¤¤ Bad processes: 1 ¤¤¤
[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost #[iPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2552GSX ATA Device +++++
--- User ---
[MBR] 551004de8a36225bd2117f3b1c7679bc
[bSP] 5fdf007a7b891da1ca01d5fb4600053a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST95005620AS ATA Device +++++
--- User ---
[MBR] a4dd951913109349b3853eb49f2adfe0
[bSP] 8c93a053b28efc2e467209197d878d63 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 64000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 131893248 | Size: 128000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394037248 | Size: 284538 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
-
Hi Larry:
I believe I set my settings to email me when a reply is posted to my followed topics, but I didn't receive an email this morning. Do you have a screen shot of how the settings should look?
Go here and make sure your settings are like this.
Thanks
-
MrCharlie:
After seeing that Anti-phishing.exe may be the culprit, I checked my control panel. I noticed that it was most likely installed when I downloaded "pdf creator". There were some other programs which were installed on that day as well. When you give me your recommendations, please let me know if these programs should be removed as well.
Bekko Search Bar 1.0
Search.com Bar
Adobe AIR
Adobe Download Assistant
PDF Creator
Thanks again
-
Hi MrCharlie:
Here is the report:
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: Scan -- Date: 05/11/2012 10:48:12
¤¤¤ Bad processes: 1 ¤¤¤
[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 3 ¤¤¤
[sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2552GSX ATA Device +++++
--- User ---
[MBR] 551004de8a36225bd2117f3b1c7679bc
[bSP] 5fdf007a7b891da1ca01d5fb4600053a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST95005620AS ATA Device +++++
--- User ---
[MBR] a4dd951913109349b3853eb49f2adfe0
[bSP] 8c93a053b28efc2e467209197d878d63 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 64000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 131893248 | Size: 128000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394037248 | Size: 284538 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Thanks
-
Hi
I think I am infected with malware which sometimes redirects my browser to mydomainadvisor or to a 404 page with nginx.
Here are the two files generated with dds.
Thanks for your help!
Issues with getting Notifications in the Support Forums
in Malwarebytes for Windows Support Forum
Posted
Great thanks!