Jump to content

Uisna88

Honorary Members
 View Profile  See their activity

  • Posts

    27

  • Joined

  • Last visited

 Content Type 

Everything posted by Uisna88

  1. Uisna88
    <p>Thank you Mr. C.</p> <p> </p> <p>My infected pc won't allow me to log into my Malwarebytes account. Can I be spreading this infection by navigating to gmail to email this to myself so I can cut and paste it in the user forum to you?</p> <p> </p> <p>Uisna88</p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); border-top-width: 0px; border-top-style: initial; border-top-color: initial; ">RogueKiller V8.3.1 [Nov 20 2012] by Tigzy</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">mail: tigzyRK<at>gmail<dot>com</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Feedback: <a href="http://www.geekstogo.com/forum/files/file/413-roguekiller/" style="color: rgb(0, 0, 204); outline-style: none; outline-width: initial; outline-color: initial; " target="_blank">http://www.geekstogo.com/forum/files/file/413-roguekiller/</a></div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Website: <a href="http://tigzy.geekstogo.com/roguekiller.php" style="color: rgb(0, 0, 204); outline-style: none; outline-width: initial; outline-color: initial; " target="_blank">http://tigzy.geekstogo.com/roguekiller.php</a></div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Blog: <a href="http://tigzyrk.blogspot.com/" style="color: rgb(0, 0, 204); outline-style: none; outline-width: initial; outline-color: initial; " target="_blank">http://tigzyrk.blogspot.com</a></div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Started in : Safe mode with network support</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">User : shae [Admin rights]</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Mode : Scan -- Date : 11/20/2012 19:00:05</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ Bad processes : 0 ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ Registry Entries : 20 ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[RUN][sUSP PATH] HKUS\S-1-5-21-220523388-1343024091-1547161642-1004[...]\Run : Google Update ("C:\Documents and Settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500UA.job : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500Core.job : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004UA.job : C:\Documents and Settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004Core.job : C:\Documents and Settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ Particular Files / Folders: ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ Driver : [NOT LOADED] ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ Infection : Root.MBR ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ HOSTS File: ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">--> C:\WINDOWS\system32\drivers\etc\hosts</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">127.0.0.1 localhost</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">¤¤¤ MBR Check: ¤¤¤</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">+++++ PhysicalDrive0: WDC WD400EB-75CPF0 +++++</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">--- User ---</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[MBR] b99911a5b86b35bdf282d515b936a1f7</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Partition table:</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">User = LL1 ... OK!</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">User != LL2 ... KO!</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">--- LL2 ---</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[MBR] c74e52a111c4d85efe1a34002787d0ed</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code [possible maxSST in 1!]</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Partition table:</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 78140160 | Size: 12 Mo</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">+++++ PhysicalDrive1: QUANTUM FIREBALLlct20 40 +++++</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Error reading User MBR!</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Error reading LL1 MBR!</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">User = LL2 ... OK!</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">Finished : << RKreport[1]_S_11202012_02d1900.txt >></div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); ">RKreport[1]_S_11202012_02d1900.txt</div> <div style="font-family: 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); "> </div>
  2. Uisna88
    I'm a bona fide novice and need your help. I'm really really stupid: the virus protection software on our PC expired and I did nothing about it - and I haven't backed up anything in over a year. I'm worried that any computer technician I would take this to would just advise wiping the hard-drive and starting fresh - but my problem is the thousand images and writings that haven't been backed up. So maybe I could take a deep breath and try to fix this - with your help... I'm communicating with you right now on our second computer which is a Mac. I'm concerned about spreading any infections between my two computers via thumbdrive, as I have already been transferring free anti-virus software from my mac to my pc. I read your preliminary notes, but am afraid of getting back onto the infected PC until I have a better idea of what I'm doing. I just purchased the professional Malwarebytes - and now I am wondering how to get it onto my PC. I did order the back-up CD... I suppose I could wait for this to be delivered via snail mail. So here's what's happened. I'll be succinct. I apologize in advance for not using proper terminology. * 11/15/12 - Screen went black and twenty pop-up windows warned me of imminent hard-drive failure. Recommended HD cleaner product. Me: suspicious. Wrote down warning message, googled it. Found info about TDSS rootkit, smartHDD, etc. Followed links to "bleepingcomputer.com." *11/15/12 - Downloaded Malwarebytes free software, transferred this from thumbdrive to pc (in safemode with networking.) Ran "rootkill," but TDSSKiller wouldn't run, renamed or not. Did a scan of the C Drive with Malwarebytes, this found 7 things: Trojan.Agent and (6)instances of PUM.Hijack in the start menu. * As soon as I restarted my pc, the problems came back. *11/16/12 9:40AM Scanned again, found Trojan.FakeAVFile and Trojan.Registry Value *11/16/12: Porn Sites start popping up of their own accord. Malwarebytes blocks some ("Malwarebytes successfully blocked access to a potentially malicious website 31.184.192.86 type outgoing") *11/18/12: More porn sites pop up on their own like dandelions on a freshly mown lawn. (www.freehardcore, xxxTube.com, liveJasmin.com) *11/19/12: I download Comodo onto my mac and transfer this by thumbdrive to my pc. It finds the following: TrojWare.Win32PkdKrap.AG@99609516 F:\My F Drive Documents\CHIRON 2007\EXL6512721.zip and Malware@#1knfu38o4uajuC:\Documents and Settings\Shae LiveJasmin still pops up. *11/20/12 Comodo finds: Rootkit.hidden file C:\Documents and Settings\Shae\Cookies\DR2R032Z.txt and Malwarebytes blocks access to bad sites. * 11/20/12 4:23PM Loaded Avast onto PC. The Virus(es) sneer at it and take me to "xdating.com" *11/20/12 4:25PM I turn off my demonically-possessed pc. I'm done trying to sort this out on my own. Any help you can offer will be forever appreciated. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.