Jump to content

JoeyT

Members
  • Content Count

    32
  • Joined

  • Last visited

Everything posted by JoeyT

  1. Thanks a bunch for your patient help. Really appreciated.

  2. Thanks for the links. After reading all the information I think I'll backup my documents and just do a complete system restore (to factory settings). That should do it (right?). Thanks so much for all your help over the past few hours, you're awesome
  3. I checked my MSE history and it found a Trojan: WinNT/Ramnit.gen!A last night. I'll run a scan now to check. But it couldn't delete it. This is the error message: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
  4. Thanks so much for your help. I will let you know if Roguekiller detects anything tomorrow. Also jsut out of interest, is there anything I can do to remove the Win32/Ramnit.L virus and am I currently infected with it
  5. Done the restart. All looks well so far (opened this site easily). Roguekiller came back good (i think): RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Scan -- Date: 07/14/2012 10:29:35 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a4
  6. Thanks. I think i'll restart and see how it goes and let you know. You've been a great help.
  7. It seemed to close out itself. It didn't really say if anything happened or provide a log
  8. option are: list of found threats manage quaratine Select uninstall if you want to remove all ESET Online Scneer files from yourcomputer. The next time you run the ESET Online Scanner, they will need to be downloaded again unistall application on close delete quarantined files
  9. sorry for the long wait. Finally finished the scan. Found 7 infected files and cleaned 6. It is currently on the end screen which gives the option to manage quaratine (I haven't done/do know what to do). here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b7ea67d7c8fed64fa0969736b6390be1 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checke
  10. Heres the report (I didn't reboot before running this though): RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Scan -- Date: 07/14/2012 06:23:39 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] OTL.exe -- C:\Users\teng\Desktop\OTL.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HK
  11. This is the one I ran after the reboot. Did you want a fresh one? RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Remove -- Date: 07/14/2012 06:02:14 ¤¤¤ Bad processes: 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermP
  12. Here is the log: ========== FILES ========== c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe moved successfully. OTL by OldTimer - Version 3.2.54.0 log created on 07142012_061712
  13. I ran the process, had to reboot and when i did reboot I had the same problem with not being able to open this page. Once again used RogueKiller (same problem as before. here's the log for the manual deletion: All processes killed Error: Unable to interpret <:Filesc:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe:Commands[EMPTYJAVA][emptytemp]> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07142012_055548
  14. how do i manually delete it sorry?
  15. MBAM came back clean Is it finally good?
  16. heres the Combofix log (running MBAM now): ComboFix 12-07-13.03 - teng 14/07/2012 3:51.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.1881 [GMT 10:00] Running from: c:\users\teng\Desktop\comb\ComboFix.exe Command switches used :: c:\users\teng\Desktop\comb\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\teng\AppData\Ro
  17. should i complete MBAM full scan first or just go straight into the Combofix?
  18. here's the Combofix log: ComboFix 12-07-13.03 - teng 14/07/2012 3:03.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2018 [GMT 10:00] Running from: c:\users\teng\Desktop\comb\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . .
  19. I couldn't get back onto this website jsut then so had to run Roguekiller again.. Here's the log: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Remove -- Date: 07/14/2012 03:24:54 ¤¤¤ Bad processes: 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64
  20. Will do that after the combofix finishes running.
  21. ALso before after you mentioned to quickscan with MBAM I did a full scan and it found 2 suspicious objects. Not sure if this helps. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 teng :: VAIO [administrator] 14/07/2012 1:55:08 AM mbam-log-2012-07-14 (02-48-14).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195160 Time elapsed: 52 minute(s)
  22. Heres the TDSSKiller log, I didn't delete anything (wasn't sure what to delete): 02:50:32.0926 3148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 02:50:33.0999 3148 ============================================================ 02:50:33.0999 3148 Current date / time: 2012/07/14 02:50:33.0999 02:50:33.0999 3148 SystemInfo: 02:50:33.0999 3148 02:50:33.0999 3148 OS Version: 6.1.7601 ServicePack: 1.0 02:50:33.0999 3148 Product type: Workstation 02:50:33.0999 3148 ComputerName: VAIO 02:50:34.0000 3148 UserName: teng 02:50:34.0000 3148 Windows directory: C:\Windows 02:50:34.0000 3148 Syste
  23. heres the RogueKiller log: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Remove -- Date: 07/14/2012 02:47:01 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Window
  24. yeh its a access program for uni. But I dont need it anymore so can I just delete it?
  25. heres the RogueKiller log: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: teng [Admin rights] Mode: Scan -- Date: 07/14/2012 01:50:08 ¤¤¤ Bad processes: 3 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sUSP PATH] hovcexutiovmkrtn.exe -- C
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.