Jump to content

dgar

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dgar

  • Rank
    New Member
  1. Nope; not using Vbscript. Everything is handled in the Powershell script (using Powershell commands). The shortcut on each computer points to the powershell script on the server. What were you seeing that made you think Vbscript?
  2. Thank you. I've uploaded them. Malwarebytes Anti-Exploit.zip
  3. I wrote a Powershell script that uploads and downloads files through FTP. The script is located on a server, and 5 computers have shortcuts that point to the script. Anti-Exploit is running on all computers and managed through the Management console on the server. One of the computers occasionally blocks this file and identifies it as an exploit. ("Exploit Payload process blocked"). Once the computer is restarted or anti-exploit is restarted, we don't have issues for days at a time. The issue ONLY occurs on this specific computer, and only sporadically.
  4. I ran Hijackthis and removed the entries you specified. I ran online Eset scan, and no viruses are found.
  5. Attached log files. Computer seems to be running fine. No problems running CCleaner, Malwarebytes or Hijackthis. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.09.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 D :: D-PC [administrator] Protection: Enabled 12/8/2012 10:43:53 PM mbam-log-2012-12-08 (22-43-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236267 Time elapsed: 5 minute(s), 1
  6. Here's the log. There were no issues with running CFScript.txt in ComboFix. The computer didn't need to restart. The computer seems to be doing everything just fine. ComboFix 12-12-07.01 - D 12/08/2012 19:13:36.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6068.2948 [GMT -8:00] Running from: c:\users\D\Desktop\Remove Trojans Malware\ComboFix.exe Command switches used :: c:\users\D\Desktop\Remove Trojans Malware\CFScript.txt AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C
  7. Here we are. Everything ran properly. The computer did not restart during the process. As far as I can see, the computer is running properly - no messages popping up, etc. 15:23:34.0402 8644 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:23:35.0104 8644 ============================================================ 15:23:35.0104 8644 Current date / time: 2012/12/08 15:23:35.0104 15:23:35.0104 8644 SystemInfo: 15:23:35.0104 8644 15:23:35.0104 8644 OS Version: 6.1.7601 ServicePack: 1.0 15:23:35.0104 8644 Product type: Workstation 15:23:35.0104 8644 ComputerName: D-PC 15:23:35
  8. No problems with ComboFix. I did have to reboot again after ComboFix rebooted because of the "Illegal operation attempted on a registery key that has been marked for deletion." error message. Computer is running fine - as it was before. I'm not completely sure how I need to answer your last question. Should I run Malwarebytes and rescan to see if the trojan.agent listings are still there? AVG restarted after the computer reboot. Malwarebytes didn't restart. ComboFix 12-12-07.01 - D 12/08/2012 0:17.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6068.3993 [GMT -8:00]
  9. Okay, ran them all. How's this look? Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0
  10. Thank you, Gringo. I've read your post and will follow your instructions. Do you need me to re-upload the two initial files (attach.txt and dds.txt) directly to the post instead of as attachments? Current status of computer: I've had Malwarebytes installed for a long time, and update constantly. My computer is running fine. If it hadn't been for all the hits when I ran my scan, I wouldn't have known I had an issue. I started your instructions - ran the first program Security Check. I next downloaded and ran adwcleaner from the link you provided: http://general-changelog-team.fr/fr/download
  11. Thank you for helping me. I have several files infected with trojan.agent. I *hope* I've followed the directions properly. Is there anything else I need to do? Thanks! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.