-
Posts
19,864 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by screen317
-
-
Hi,
Delete SecurityCheck.exe
Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u
This uninstalls all of ComboFix's components.
Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:
1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.
2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.
3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.
4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.
5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE.
6) Be sure to update your Antivirus and Antispyware programs often!
Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?
You may want to consider adding an Authenticator to your accounts and converting your account to a battle.net account. The former is a RSA hard token that works with WoW; it generates a new six-digit key every 30 seconds (Blizzard Authenticator FAQ). The latter ties an account permanently to an e-mail address (What is the Battle.net Account?).
Change your passwords to hard to crack passwords. Use this Password Strength Checker by Microsoft.
Safe surfing,
-screen317
- Green to go
-
Topic closed at request of topic starter.
-
-
Please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:
Driver::apacheWoW
XDva007
XDva020
XDva075
XDva098
XDva136
XDva189
XDva219
XDva248
XDva277
XDva279
XDva280
Apache2.2
ekrn
Folder::
C:\Program Files\ESET
KILLALL::
SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15805:TCP"=-
"15805:UDP"=-
"24306:TCP"=-
"24306:UDP"=-
"15091:TCP"=-
"15091:UDP"=-
"23303:TCP"=-
"23303:UDP"=-
DDS::
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Save this as CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
-screen317
-
Hi,
Courtest of Dakeyras, to remove ESET remnants, download this removal tool and save it to the Desktop.
It is in Dutch but very simple to use as follows:
1. Double-click on nod32removal to start the application.
2. Click on Yes then on OK.
3. ESET is now removed.
4. Now delete nod32removal and empty the Recycle Bin.
Also, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.
- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
Let me know if you decided to uninstall it.
For the same reason, I also recommend that you uninstall ASK, ASK Toolbar, and AskBarDis.
Now restart your computer.
Let me know when you're done with that.
-screen317
-
Hi Galina and welcome to SWI.
Do you still need help?
Please visit this webpage for download links and instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
- When the tool is finished, it will produce a report for you.
-
Hi Internet and welcome to Malwarebytes.
Do you still need help?
Update MBAM, run a Quick Scan, and post its log.
Next, download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.
Next, please run a GMER Rootkit scan:
Download GMER's application from here:
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
-screen317
-
Hi needhelpbad and welcome to Malwarebytes.
Do you still need help?
Download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.
-screen317
-
Download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.
Next, please visit this webpage for download links, and instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
- When the tool is finished, it will produce a report for you.
-
Hi sinister65,
Before we continue, configure Windows XP to show hidden files:
Navigate to Start --> My Computer.
Select the Tools menu and click Folder Options. Select the View tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
See if C:\Program.exe exists.
-
Hi ryanwake09 and welcome to Malwarebytes.
Do you still need help?
While the developers are working on the error you noted, let's clean the malware in a different way.
Please visit this webpage for download links, and instructions for running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
- When the tool is finished, it will produce a report for you.
-
Redstrip,
One or more of the add-ons you have installed is not yet compatible with Internet Explorer 8.
Could you list the add-ons you have installed?
Alternatively, an alternate browser such as Firefox or Opera should be compatible with whatever add-ons are problematic.
Let me know how it goes.
-screen317
-
Hi John Klima and welcome to Malwarebytes.
Do you still need help?
Update MBAM, run a Quick Scan, and post its log.
Next, download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.
Next, download my Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-screen317
- Save it to your Desktop.
-
Wow haha..
Reading this whole thread sort of made me chuckle, because I had completely forgotten A-squared existed up until reading this.
Kudos to Marcin and all involved for handling this very professionally.
-
By far one of my favorite shows... Season 5 ending was completely unexpected! Cannot wait for Season 6.
-
Whoops-- a little late.
Well done all!! Onward and upward!
-
Thank you for the reply exile360..
Rebooted and the protection module loaded without any problems; must have been an isolated incident..
Thanks again!
screen317
-
Hi everyone,
I'm using the full version of MBAM on Vista Home Premium SP1 (32bit).
MBAM just popped up and said [OpenEvent] Failed to perform desired action. Error Code: 2
Haven't seen this before; wondering if maybe someone here has?
Regards,
-screen317
Edit: I guess the protection module was trying to load... I opened MBAM and tried to start it manually; got this message:
[CreateService] Failed to perform desired action. Error Code: 1073
..followed by..
The MalwareBytes' Anti-Malware Protection module is already running! (it isn't)
-
Care to provide an example..?Can Malwarebytes remove adware nuisances that can be easily removed? -
Thanks guys! B) I had a wonderful day.
-
Hvala puno, dobrota!
-
Ran fine...
Malwarebytes' Anti-Malware 1.27
Database version: 1128
Windows 5.1.2600 Service Pack 3
2008-09-08 01:36:08 AM
mbam-log-2008-09-08 (01-36-08).txt
Scan type: Quick Scan
Objects scanned: 65772
Time elapsed: 4 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Wow that is very nifty!The way MBAM scans files will trigger your AV to scan the file as well .What I am saying is that if you scan with MBAM you are already scanning with your AV .
You can test this by doing the following :
(with AV protection turned on) Reboot and do a quick scan with MBAM .
Now reboot and disable your AV protection (if your not an expert it would be wise to turn off your internet as well) and do another quick scan .
The quick scan with AV on will take longer because your AV will be scanning the files MBAM scans as well and this will make scanning slower .
-
Hi Udaron,
Sorry for the delay.
Okay.I forgot to save the Kaspersky log, but it didn't find anything except for files from Avast! and a few other programs, and it didn't say they were suspicious or anything.I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
After all of the fixes are complete it is very important that you enable TeaTimer again.
Next, please open HijackThis, and select Do a system scan only.
Place a checkmark next to the following entries:
O4 - HKLM\..\Run: [sDFix] D:\Programs\SDFix\RunThis.bat /second
Then, close all other windows, leaving only HijackThis open, and select Fix checked.
Restart the computer normally.
Enable TeaTimer after the restart.
Please download OTMoveIt
- Double click OTMoveIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
Let me know how things are running now.
-screen317
- Double click OTMoveIt.exe.
Unable to Execute files
in Resolved Malware Removal Logs
Posted
Hi vinodh and welcome to Malwarebytes.
I suspect a file association issue.
Can you post the files that are in MBAM's quarantine?
Next, download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.
-screen317