Jump to content

Flapjack

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi I have now removed the old Adobe Reader and updated it. I also removed the outdated Thunderbird. I have also re-installed Firefox 4 and I am pleased to say this does seem to have made the computer run better. In case there were other underlying factors affecting computer speed, I have run the other diagnostic test you suggest. This is the results page: http://www.pcpitstop.com/betapit/sec.asp?conid=24312604 I have looked through the results and will action the junk stuff, the defrag and the system restore level. I am wary of altering registry values, and the sound driver is something of an ongoing saga! many thanks for your help.
  2. Hi screen317 thank you for your reply. I have carried out the scans you had requested and the logs are below - though all appear to be coming up clear. I did temporarily disable AVG whilst I carried out the ESET scan - as ESET said the AV system would interfere with the scan result. Our computer problem seems to have now levelled out to a) running very slowly; B) occasional stalling/freezing requiring a hard reboot. I am also wondering if some of these symptoms are related to fact that I updated to Firefox 4 during last weekend whilst I was experiencing the trojan issue - I will try re-installing Firefox 4 to see if this makes a difference. I would be grateful if you could let me know if there is anything else I should now do. Many thanks. MBAM log 14.04.2011 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6359 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14/04/2011 07:37:20 mbam-log-2011-04-14 (07-37-20).txt Scan type: Quick scan Objects scanned: 145744 Time elapsed: 8 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESET log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=15096e4733d7964eb79016c2787ee7bb # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-14 07:52:14 # local_time=2011-04-14 08:52:14 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1032 16777189 100 94 81454 46055201 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 403 403 0 0 # scanned=90707 # found=0 # cleaned=0 # scan_time=2727 Security Check log Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! AVG 2011 ESET Online Scanner v3 PC Tools Firewall Plus 5.0 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Adobe Flash Player 10.2.153.1 Adobe Reader 9.4.3 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) Mozilla Thunderbird (3.1.7) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe PC Tools Firewall Plus FirewallGUI.exe PC Tools Firewall Plus FWService.exe ``````````End of Log````````````
  3. Hi My computer has been hit twice this last week with the same trojan: Trojan Horse SHeur3.BRHV. I am on a desktop running XP SP3 with AVG as my realtime AV program. AVG picked up this trojan the first time when I ran a full scan and I quarantined it. I also deleted the file that had apparently been infected as I was no longer using it and wondered if it was a security risk in some way. I had decided to run the full system scan because I had experienced problems booting up my computer that morning - I had kept getting the following message when I turned on the computer: Disk Boot Failure BR Error Insert System Disk [it did definitely say BRError and not MBR, btw] When I did a general search this trojan did not seem to be being picked up by any other AV programs. I had run SuperAntiSpyware and this did not pick it up. On the second occasion, 3 days later, the Resident Shield picked up this trojan and flashed up the warning box. Again the trojan was quarantined. However, on checking further via a Windows search (including hidden files and folders), the 'file' that apparently was infected did not appear to exist. I have cleared the cache, emptied system restore and reset my router since dealing with these trojans. However, since having this trojan I still seem to be experiencing further problems - odd things, such as pop-up boxes for missing files (one for my printer, one for a microsoft game), webpages not redirecting to the correct page when I click on a link, the computer jumping to different tabs without me asking it to - I did not see these problems before the trojan first appeared. This led me to believe there must be some residual problem after the trojan. I have downloaded and run MBAM and the scans I have run this last two days have been clear. This morning I took a look at your info on dealing with infections and I have (I think!) meticulously followed your instructions. I would be very grateful if you could look at the info I have provided and assist me in resolving this problem. Many thanks. I did use the DeFogger tool and it produced the following log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:03 on 11/04/2011 (Kitchen) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F= These are the other logs and attachments you ask for: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6330 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/04/2011 06:52:13 mbam-log-2011-04-11 (06-52-13).txt Scan type: Quick scan Objects scanned: 145263 Time elapsed: 9 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by Kitchen at 7:12:17.10 on 11/04/2011 Internet Explorer: 8.0.6001.18702 . ============== Running Processes =============== . \??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\System32\alg.exe \??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Kitchen\My Documents\Downloads\Defogger(1).exe C:\Documents and Settings\Kitchen\My Documents\Downloads\dds.scr C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.pcservicecall.co.uk/ uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [<NO NAME>] mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe" mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe" mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R? AVG Security Toolbar Service;AVG Security Toolbar Service R? gupdate;Google Update Service (gupdate) R? SetupNTGLM7X;SetupNTGLM7X S? AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9 S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSEH;AVGIDSEH S? AVGIDSFilter;AVGIDSFilter S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgwd;AVG WatchDog S? PCTAppEvent;PCTAppEvent Driver S? pctgntdi;pctgntdi S? PCToolsFirewallPlus;PC Tools Firewall Plus S? pctplfw;pctplfw S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-02-11 16:39:49 1594543 ----a-w- c:\windows\WANEUninstaller.exe 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 19:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2003-08-27 22:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll . ============= FINISH: 7:14:44.53 =============== Many thanks for your assistance. Attach.zip ark.zip
  4. Good point about contacting AVG - I will certainly do this.
  5. I was just wondering if it is worth MBAM adding to the Sticky which was posted on this subject by GT500 to point out to other people with this problem that they need to replace their copy of rules.ref AFTER they have added the file to their AVG Resident Shield excluded files list ... or is it just me who wouldn't have thought of it
  6. Thank you - that seems to have done the trick. I have been able to reload the database and am now starting a quickscan - definitely a hopeful sign. Thanks again for your help.
  7. Ah well - it was worth a try - but didn't work. Still no MBAM Can anyone suggest any other solutions to this problem?
  8. Hi there Amethyst. You are right - it does look very similar in AVG 9 - but unfortunately adding this file to the Excludes for the Resident Shield still does not allow MBAM to work. I made this change and then rebooted but was still unable to use MBAM - the same error code popped up. I am going to try excluding the whole MBAM folder to see if that works.
  9. Thanks for your swift reply. Yes I do have AVG AntiVirus - I have the AVG Free version 9.0.698. My Windows system is Windows XP Home Edition SP3.
  10. Unfortunately again today I have received the error code 703(0,5) when I tried to update MBAM. I tried deleting the rules.ref file as Exile 360 suggested when I had the same problem on Monday. However, when it came to reloading the database, the same error code flashed up again. (I also had the error code yesterday but re-downloading the rules.ref file worked then.) Please can you advise me how to resolve this problem? Is it something I am doing or my computer is doing that keeps making this error code appear? Your help and advice will again be appreciated.
  11. Thanks for your reply Exile360. I have carefully followed your excellent instructions - just the right level for a non-techie like me - and am pleased to report a successful outcome. My MBAM is up and running again and the quick scan has just come up clean Thanks again for your help.
  12. Hi Ron Thanks for your reply. However, bad news, I'm afraid. I clicked the link to the exe file you posted and followed the instructions. But when I clicked to run the file a Windows box popped up that said "An error occurred while trying to copy the file: The source file is corrupted." I don't think I did anything wrong. Rebooting: We switch off our computer every night and reboot in a morning normally - sometimes we switch off and reboot during the day too, if the computer isn't being used for a few hours. Disk check: I run Disk Clean up every week and I defragmented the hard drive quite recently - actually not long after I did that I had a problem with the computer - it wouldn't load anything, so I did a System Restore (we run on XP SP3). But the computer has been running fine since then. Is there anything else I could try?
  13. As I tried to update MBAM this morning I received the following error message "Error code: 703 (0,5). Please can you advise me what I need to do to resolve this? I seem to have the gremlins in my MBAM lately - I just had a different error code on Saturday. Am I just unlucky or does this pattern mean something? I have used MBAM for nearly a year now but have never had these error codes before. Your expert and invaluable help will again be appreciated.
  14. Thank you so much - my MBAM is now up and running again - I can't start the day without it
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.