Jump to content

screen317

Staff
 View Profile  See their activity

  • Posts

    19,864

  • Joined

  • Last visited

 Content Type 

Posts posted by screen317

    Unable to Execute files

    in Resolved Malware Removal Logs

    Posted

    Hi vinodh and welcome to Malwarebytes.

    I suspect a file association issue.

    Can you post the files that are in MBAM's quarantine?

    Next, download DDS by sUBs and save it to your Desktop.

    Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

    -screen317

    Infected with Keylogger?? Help!

    in Resolved Malware Removal Logs

    Posted

    Hi,

    Delete SecurityCheck.exe

    Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

    This uninstalls all of ComboFix's components.

    Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

    1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

    2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

    3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

    4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

    5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE.

    6) Be sure to update your Antivirus and Antispyware programs often!

    Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

    You may want to consider adding an Authenticator to your accounts and converting your account to a battle.net account. The former is a RSA hard token that works with WoW; it generates a new six-digit key every 30 seconds (Blizzard Authenticator FAQ). The latter ties an account permanently to an e-mail address (What is the Battle.net Account?).

    Change your passwords to hard to crack passwords. Use this Password Strength Checker by Microsoft.

    Safe surfing,

    -screen317

    Infected with Keylogger?? Help!

    in Resolved Malware Removal Logs

    Posted

    Please open Notepad - don't use any other text editor than notepad or the script will fail.

    Copy/paste the text in the quotebox below into Notepad:

    Driver::

    apacheWoW

    XDva007

    XDva020

    XDva075

    XDva098

    XDva136

    XDva189

    XDva219

    XDva248

    XDva277

    XDva279

    XDva280

    Apache2.2

    ekrn

    Folder::

    C:\Program Files\ESET

    KILLALL::

    SecCenter::

    {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    Registry::

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "15805:TCP"=-

    "15805:UDP"=-

    "24306:TCP"=-

    "24306:UDP"=-

    "15091:TCP"=-

    "15091:UDP"=-

    "23303:TCP"=-

    "23303:UDP"=-

    DDS::

    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

    TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File

    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

    TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

    Save this as CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScriptB-4.gif

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    -screen317

    Infected with Keylogger?? Help!

    in Resolved Malware Removal Logs

    Posted

    Hi,

    Courtest of Dakeyras, to remove ESET remnants, download this removal tool and save it to the Desktop.

    It is in Dutch but very simple to use as follows:

    1. Double-click on nod32removal to start the application.

    2. Click on Yes then on OK.

    3. ESET is now removed.

    4. Now delete nod32removal and empty the Recycle Bin.

    Also, I see you have Viewpoint installed...

    Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


    • Viewpoint
    • Viewpoint Manager
    • Viewpoint Media Player
    • Viewpoint Toolbar

    Let me know if you decided to uninstall it.

    For the same reason, I also recommend that you uninstall ASK, ASK Toolbar, and AskBarDis.

    Now restart your computer.

    Let me know when you're done with that.

    -screen317

    Recently Infected with a Silent RootKit.

    in Resolved Malware Removal Logs

    Posted

    Hi Internet and welcome to Malwarebytes.

    Do you still need help?

    Update MBAM, run a Quick Scan, and post its log.

    Next, download DDS by sUBs and save it to your Desktop.

    Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

    Next, please run a GMER Rootkit scan:

    Download GMER's application from here:

    http://www.gmer.net/gmer.zip

    Unzip it and start the GMER.exe

    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.

    This will copy the results to your clipboard.

    Paste the results in your next reply.

    Warning ! Please, do not select the "Show all" checkbox during the scan.

    -screen317

    Infected with Keylogger?? Help!

    in Resolved Malware Removal Logs

    Posted

    Download DDS by sUBs and save it to your Desktop.

    Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

    Next, please visit this webpage for download links, and instructions for running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    • When the tool is finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

    -screen317

    Infected with Keylogger?? Help!

    in Resolved Malware Removal Logs

    Posted

    Hi sinister65,

    Before we continue, configure Windows XP to show hidden files:

    Navigate to Start --> My Computer.

    Select the Tools menu and click Folder Options. Select the View tab.

    Under the Hidden files and folders heading select "Show hidden files and folders".

    Uncheck the "Hide protected operating system files (recommended)" option.

    Uncheck the "Hide file extensions for known file types" option.

    Click Yes to confirm. Click OK.

    See if C:\Program.exe exists.

    Run-time '5' Error - Malwarebytes starts scanning files then Run-time Error

    in Resolved Malware Removal Logs

    Posted

    Hi ryanwake09 and welcome to Malwarebytes.

    Do you still need help?

    While the developers are working on the error you noted, let's clean the malware in a different way.

    Please visit this webpage for download links, and instructions for running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    • When the tool is finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

    -screen317

    Can't get MBAM to install

    in Resolved Malware Removal Logs

    Posted

    Hi John Klima and welcome to Malwarebytes.

    Do you still need help?

    Update MBAM, run a Quick Scan, and post its log.

    Next, download DDS by sUBs and save it to your Desktop.

    Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

    Next, download my Security Check from here or here.

    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    -screen317

    [OpenEvent] Failed to perform desired action. Error Code: 2

    in Malwarebytes for Windows Support Forum

    Posted

    Hi everyone,

    I'm using the full version of MBAM on Vista Home Premium SP1 (32bit).

    MBAM just popped up and said [OpenEvent] Failed to perform desired action. Error Code: 2

    Haven't seen this before; wondering if maybe someone here has?

    Regards,

    -screen317

    Edit: I guess the protection module was trying to load... I opened MBAM and tried to start it manually; got this message:

    [CreateService] Failed to perform desired action. Error Code: 1073

    ..followed by..

    The MalwareBytes' Anti-Malware Protection module is already running! (it isn't)

    Version 1.27

    in Malwarebytes for Windows Support Forum

    Posted

    Ran fine... :unsure:

    Malwarebytes' Anti-Malware 1.27

    Database version: 1128

    Windows 5.1.2600 Service Pack 3

    2008-09-08 01:36:08 AM

    mbam-log-2008-09-08 (01-36-08).txt

    Scan type: Quick Scan

    Objects scanned: 65772

    Time elapsed: 4 minute(s), 26 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    AVG anti virus has a problem with Malwarebytes

    in Malwarebytes for Windows

    Posted

    The way MBAM scans files will trigger your AV to scan the file as well .

    What I am saying is that if you scan with MBAM you are already scanning with your AV .

    You can test this by doing the following :

    (with AV protection turned on) Reboot and do a quick scan with MBAM .

    Now reboot and disable your AV protection (if your not an expert it would be wise to turn off your internet as well) and do another quick scan .

    The quick scan with AV on will take longer because your AV will be scanning the files MBAM scans as well and this will make scanning slower .

    Wow that is very nifty!

    Can't get rid of these spyware/trojans, argh!

    in Resolved Malware Removal Logs

    Posted

    Hi Udaron,

    Sorry for the delay.

    I forgot to save the Kaspersky log, but it didn't find anything except for files from Avast! and a few other programs, and it didn't say they were suspicious or anything.
    Okay.

    I see you are running Teatimer.

    I suggest you to disable it because it can interfere with the changes you'll make on your system.

    When everything is done and your log is clean again, you can enable it again.

    If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    How to disable TeaTimer during HijackThis Cleanup

    Then, download ResetTeaTimer.bat.

    Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

    After all of the fixes are complete it is very important that you enable TeaTimer again.

    Next, please open HijackThis, and select Do a system scan only.

    Place a checkmark next to the following entries:

    O4 - HKLM\..\Run: [sDFix] D:\Programs\SDFix\RunThis.bat /second

    Then, close all other windows, leaving only HijackThis open, and select Fix checked.

    Restart the computer normally.

    Enable TeaTimer after the restart.

    Please download OTMoveIt

    • Double click OTMoveIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

    Let me know how things are running now.

    -screen317

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.