Jump to content

sUBs

Honorary Members
  • Posts

    10,157
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by sUBs

  1. Good to see that little devil ain't there anymore. Please do these next ... ----------- Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: @echo off SC CONFIG eventlog start= auto Win32kDiag -F -R del %0 Save this as fix.bat Choose to "Save type as - All Files" It should look like this: ## IMPORTANT ## Place fix.bat next to Win32kDiag.exe Double click on fix.bat & allow it to run Post back to tell me what it says --------------- Then run ComboFix by double clicking it.
  2. Lol .. no need. It's a bad typo by me. Just close the dos window & reboot the machine.
  3. No need for Avenger now. I found a simpler fix for you. Something so simple that I'm kicking myself for not thinking of it earlier. Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: @echo off sc config eventlog start= disabled pause nircmd exitwin reboot del %0 Save this as fix.bat Choose to "Save type as - All Files" It should look like this: Double click on fix.bat & allow it to run. It shall reboot the machine. After that, you should be able to waltz into the System32 folder & delete the eventlog.dll without fuss. Windows should then replace it with a legitimate copy I shall require a fresh copy of Win32Diag after this
  4. Lol .. stubborn lil critter is still there. Since we got rid of these, I think Avenger may run now
  5. Did you reboot the machine yourself? Please show me a fresh Win32Diag log. I think we may have got it.
  6. Lol .. it hit another rootkit infection prior to one we're primarily after. Kill the dos window & run the fix.bat batch again before running ComboFix once more.
  7. Just let it run to completion. It may not complete but it should have done enough to remove it.
  8. That's good news. With that in hand, it's as good as licked. Before attempting that, I do have one last method for you to try out. ------- Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: @echo Save this as fix.bat Choose to "Save type as - All Files" It should look like this: Double click on fix.bat & allow it to run ------- After it has finished running, try running ComboFix. Let me know if it runs.
  9. Nasty little bugger is still there. Have you any luck locating a Win2K/XP cd? With Avenger not functioning for this machine, we need to find an alternate method for removing this file.
  10. HaHa .. I forgot. Should have done that before uninstalling ComboFix. Kaspersky is a WMI entry registered in the Windows Security Center. This next script shall remove it. -------------- Open NOTEPAD.exe and copy/paste the text in the quotebox below into it: On Error Resume Next Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter") For Each av in oWMI.ExecQuery("Select * from AntiVirusProduct") If av.InstanceGuid = "{2C4D4BC6-0793-4956-A9F9-E252435469C0}" Then av.Delete_ Next Wscript.Echo "Done" Save this as Kav.vbs Choose to "Save type as - All Files" Double click on kav.vbs & allow it to run When finished, it will announce "Done". You can delete the Kav.vbs after that. -------------- Hard to say where it comes from. It's likely that the website serving that page has got compromised. Unlikely so. This infection has only surfaced these recent weeks. Not unless you do very sensitive work on this machine. For peace of mind, I would however advise that all your passwords be changed. To ensure the safety of our users & to protect/prevent them from getting infected, we at MBAM go out of our way to get infected ourselves. Only by doing so can we study the infections, their payload so that we may build better definitions for the product. So rest assured if there's spyware on this machine, we probably would have seen it before.
  11. Kindly follow these simple steps in order to keep your computer clean and secure: Uninstall ComboFix ... do not skip this step This process will perform some post cleanup measures. Do this by going to to Start > Run & typing in ComboFix /u ANTIVIRUS SOFTWARE It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Microsoft Windows Update → http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. . Have a safe & happy computing day. Kindly respond to this thread once more so we can mark this thread as resolved.
  12. Your system is clean. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html . Have a safe & happy computing day.
  13. MBAM's report looks pretty clean. You don't seem to have much malware in this machine. I'm a bit concerned about your being unable to update & that ComboFix not running. I shall require some extra logs: ================================= Downloads and Reports Required: ================================= Before scanning, make sure all other running programs are closed There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan. ==== DDS: ==== Download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt [*]Save both reports to your desktop. ===== GMER: ===== Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...say NO. In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and uncheck the Show all box. Then click the Scan button & wait for it to finish. Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries =========================== How the logs should be furnished: =========================== Copy/Paste the contents of 'DDS.txt' to be posted as text to your post The other two logs ... * attach.txt * gmer.txt ... should be zipped/archived before attaching to the post
  14. Your system is clean, kindly follow these simple steps in order to keep your computer clean and secure: Uninstall ComboFix ... do not skip this step This process will perform some post cleanup measures. Do this by going to to Start > Run & typing in ComboFix /u ANTIVIRUS SOFTWARE It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Microsoft Windows Update → http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. . Have a safe & happy computing day. Kindly respond to this thread once more so we can mark this thread as resolved.
  15. These are remnants from the cleaning process. No longer needed. You might want to get rid of them. To fix the above ... * You'll need to copy this off another XP machine * Or ... extract it from the XP cd * Or ... ignore it as most people wont be using that file. Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure: Uninstall ComboFix ... do not skip this step This process will perform some post cleanup measures. Do this by going to to Start > Run & typing in ComboFix /u ANTIVIRUS SOFTWARE It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Microsoft Windows Update → http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html After doing all these, your system will be optimised against future threats. . Have a safe & happy computing day. Kindly respond to this thread once more so we can mark this thread as resolved.
  16. That's up to you. If this was my machine, I would do it for the peace of mind.
  17. Kaspersky is a comprehensive scan. Each file in the machine is looked at. If you have a large drive filled with numerous files, this may take quite some while.
  18. Those Kaspersky entries are a result of a bad uninstall. You can ignore ComboFix's nagging. We'll deal with them later
  19. Is this a new copy of ComboFix? Which stage of it's run did it crash?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.