Jump to content

SpySentinel

Experts
  • Content Count

    1,848
  • Joined

  • Last visited

Posts posted by SpySentinel

  1. Hi nikeairtown, welcome to the Malwarebytes' HJT Forum

    Download ComboFix from one of these locations:

    Link 1

    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  2. Welcome to the Malwarebytes HJT Forum

    Sorry about that user.

    Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll (file missing)

    O2 - BHO: (no name) - {4F7F5D63-1D81-4CC7-8808-D4555D53DE9E} - C:\WINDOWS\system32\catsrvu.dll

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

    After that, Reboot

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  3. FP, File Attached below:

    Malwarebytes' Anti-Malware 1.34

    Database version: 1785

    Windows 5.1.2600 Service Pack 2

    02/21/2009 17:48:03

    mbam-log-2009-02-21 (17-48-00).txt

    Scan type: Quick Scan

    Objects scanned: 86445

    Time elapsed: 4 minute(s), 44 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. [5253514247403037391723252324363419363425182436192118342517243621391837251724361

    81817202518243622192

    4172519243623192239251924363418262425202436]

    wextract.zip

    wextract.zip

  4. Possible FP:

    Malwarebytes' Anti-Malware 1.33

    Database version: 1742

    Windows 5.1.2600 Service Pack 3

    09/02/2009 3:44:49 PM

    mbam-log-2009-02-09 (15-44-49).txt

    Scan type: Quick Scan

    Objects scanned: 64144

    Time elapsed: 4 minute(s), 59 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ftutil2 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    http://www.geekstogo.com/forum/Zlob-rtk-an...ml#entry1455283

  5. hope you had a great christmas

    Thanks, hope you did as well.

    As for the Malwarebytes Error, I am still working on that. In the mean time, try uninstalling and then reinstalling it.

    Your logs look clean, Great Job :)

    Follow these steps to uninstall Combofix and tools used in the removal of malware

    • Click START then RUN

    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

      CF_Cleanup.png

    Please download JavaRa to your desktop and unzip it to its own folder

    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

    • Accept any prompts.

    • Open JavaRa.exe again and select Search For Updates.

    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

    Please go to the link below to update.

    http://www.adobe.com/products/acrobat/readstep2.html

    Now for some cleanup..

    Please download OTCleanIt and save it to Desktop.

    • Please make sure you are connecting to the Internet

    • Double-click OTCleanIt.exe

    • Click the CleanUp! button.

    • Select Yes when the "Begin cleanup Process?" prompt appears.

    • If you are prompted to Reboot during the cleanup, select Yes

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.

      2. Click once on the Security tab

      3. Click once on the Internet icon so it becomes highlighted.

      4. Click once on the Custom Level button.

        1. Change the Download signed ActiveX controls to Prompt

        2. Change the Download unsigned ActiveX controls to Disable

        3. Change the Initialize and script ActiveX controls not marked as safe to Disable

        4. Change the Installation of desktop items to Prompt

        5. Change the Launching programs and files in an IFRAME to Prompt

        6. Change the Navigate sub-frames across different domains to Prompt

        7. When all these settings have been made, click on the OK button.

        8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

        9. Next press the Apply button and then the OK to exit the Internet Properties page.

        10. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

        11. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

        12. Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

          A tutorial on installing & using this product can be found here:

          Using SpywareGuard to protect your computer from Spyware/Hijacker

        13. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

          Follow this list and your potential for being infected again will reduce dramatically.

          here are some additional utilities that will enhance your safety

          • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

          • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

          • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

          • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:

            Using Winpatrol to protect your computer from malicious software

  6. Other then the MBAM error, how is your computer running?

    Please click here to download AVP Tool by Kaspersky.

    • Save it to your desktop.
    • Reboot your computer into SafeMode.

      You can do this by restarting your computer and continually tapping the
      F8
      key until a menu appears.

      Use your up arrow key to highlight SafeMode then hit
      enter
      .


    • Double click the setup file to run it.
    • Click Next to continue.
    • It will by default install it to your desktop folder.Click Next.
    • Hit ok at the prompt for scanning in Safe Mode.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.
    • System Memory

    • Startup Objects

    • Disk Boot Sectors.

    • My Computer.

    • Also any other drives (Removable that you may have)

    After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.

    Then choose OK again then you are back to the main screen.

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.