Jump to content

LonnyRJ

Honorary Members
  • Posts

    353
  • Joined

  • Last visited

Everything posted by LonnyRJ

  1. Autorun was disabled by combofix, you can view your camera card or usb sticks via the my computer folder. Uninstall combofix, to do so go start run (provided it is still on the desktop) type in combofix /u and press enter, the space is needed between x and /, if you no longer have it re-download to your desktop and do that run command. Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month How did that go ?
  2. Hello wolfe90 How is that PC behaving now ?
  3. Welcome to the forum nwebbertn Are there any current problems or questions ? C:\Program Files\cibngd << delete that (leftover) folder if it still exists, any problems ?
  4. Welcome Barbara Put a feshly downloaded copy of combofix on a usb stick and run it on the infected PC while it is in safe mode. If combofix restarts the PC boot back to safe mode, when the log opens close it and restart to normal mode then post c:\combofix.txt please
  5. Welcome to the forum GeorgeH I am confused by that comment, explain in more detail please. a format and install of windows is not the same as using a system restore point
  6. Welcome to the forum Phil "Cannot Remove Backdoor.Bot" I assume by that you have attempted to fix those items with Mbam ? End this process with Taskmanager (if possible) C:\WINDOWS\shvhost.exe then do a quick scan and fix with Mbam, reboot when prompted Do another quickscan and post the log please
  7. Welcome Are you seeing this message ? "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." Download and run gmer (use the download exe button) from here > http://www.gmer.net/#files Double click GMER. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.. In the right panel, you will see several boxes that have been checked. Uncheck the following ... Uncheck[ ] files Then click the Scan button & wait for it to finish. save the log to a handy location close gmer and post that log.
  8. Welcome to the forum Jenzer Download (dont run yet) this tool http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe http://ad13.geekstogo.com/Win32kDiag.exe Place it on your desktop. Go start run copy then paste in the entire line below and press enter "%userprofile%\desktop\Win32kDiag.exe" -r -f A log should open when it is finished, post it please.
  9. Combofix disable's autorun so that this exploited method cannot be using in the future by malware You can open your various usb sticks, flash drive or camera cards manualy via your my computer window. Lets uninstall combofix, to do so go start run type combofix /u press enter, you should have seen a confirmation message ? Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month To help avoid reinfection see "So how did I get infected in the first place?" http://www.malwarebytes.org/forums/index.p...65&hl=place? Note: Make sure your programs are up to date - older versions may contain Security Leaks. To find out what programs need to be updated, run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
  10. I feel better now, it was just Hewlett-Packard related , No harm it was deleted, unless you realy want it back ?
  11. Lets get a peak at the one that was in the system32 folder Go start run type (or copy paste) notepad "C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir" press enter Post the contents
  12. Get him a hosts file to if possible Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month To help avoid reinfection see "So how did I get infected in the first place?" http://www.malwarebytes.org/forums/index.p...65&hl=place? Note: Make sure your programs are up to date - older versions may contain Security Leaks. To find out what programs need to be updated, run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
  13. Looks fine blackdogg What antivirus and firewall programs do you use ? Why havent you updated to SP3 ?
  14. Go start run type Notepad.exe "C:\Qoobox\Quarantine\I\autorun.inf.vir" press enter Post the contents C:\i386\iaStor.sys << check if that file is present please ?
  15. With a copy from what location ? and with what tool ? Did you Uninstall SP3 at some time ?
  16. Welcome to the forum blackdogg Who intructed you to run combofix ? You should never use the program without an analysts asstistance ! Copy the contents of the code (dont include the word code) box below into a new notepad document (not wordpad or another text editor). Click file> save as...> call it check.bat > file types *all files*> and save it to your desktop. sc query type= driver group= "SCSI Miniport" >report.txt For /F "TOKENS=*" %%g IN ('dir /s/a-d/b %windir%\atapi.sys' ) Do @echo "%%~g":%%~zg:%%~tg:%%~ag >>report.txt 2>nul start notepad report.txt & exit A text should open post it please. Zip up these files which are in C:\qoobox ComboFix-quarantined-files.txt 2009-10-03 02:51 ComboFix2.txt 2009-10-02 16:25 ComboFix3.txt 2009-10-02 06:37 ComboFix4.txt 2009-10-02 04:01 ComboFix5.txt 2009-10-03 02:08 and attach it to your next reply
  17. Go start run type sc delete yeddef press enter Looks to be a leftover driver, no bid deal. Find that Autorun file within combofix's quarantine folder c:\qoobox\quarantine open it with notepad and post the contents You renabled your antivirus after running combofix i hope ?
  18. Looks good Run combofix let it update, when its finished post its log In the furture do not use the program unless asked to by an analyst.
  19. Odd, please restart the PC do another Mbam scan and post its log.
  20. Yes of course I think 3 is max unless its on a hi priced newish pc
  21. Great Uninstall combofix, to do so go start run type combofix /u press enter, you should see a confirmation message ? In the furture do not run the tool without an analyst's supervision Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm Repeat that proccess about once or even twice a month Are there any question's or current problems ?
  22. Lets do it without the cmd command Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy" (dont include the word code) Comment: files to move: C:\i386\iaStor.sys | C:\WINDOWS\system32\drivers\iaStor.sys Now start The Avenger2 by double clicking avenger.exe on your desktop. Read the prompt that appears, and press OK. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste". (the word comment: must be in the top left corner) Press the "Execute" button. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Paste that log here in your next post. Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could cause your PC to be unbootable.
  23. Also: Uninstall combofix, in the furture do not use it unless asked to by an analyst To do so go start run type combofix /u press enter, you should see a confirmation message ? You can delete avenger to Any questions or current problems ?
  24. I added a Note hilighted in red to that post JSntgRvr ham14 and other member's , do not try fix's proposed for other than yourself, wait for help please.....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.