Jump to content

Rodav

Experts
  • Posts

    34
  • Joined

  • Last visited

Everything posted by Rodav

  1. There you go, it seems like it was never anything to worry about. IP blocking is a great feature and when the bugs are ironed out will help protect you in the future. Unless there is anything else I think we can consider this closed.
  2. You will need to make sure hidden files/folders are able to be seen: http://www.bleepingcomputer.com/tutorials/...al62.html#winxp When you have done that right click Start, then Explore and navigate to the following folder which will have the logs in it: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs If you still can't find it, I can run a fix that can.
  3. Hi, I have no reason to believe there is anything malicious on your computer, if you want we can check some other tools to see if anything amiss. You seem to have CleanUp! installed, close your browsers down and run it to clear out your temp folders. Afterwards please post the most recent logs from C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder.
  4. Your logs look ok, you can remove the following programs as they are outdated and have vulnerabilities: Adobe Reader 8.1.4 - Svenska Java
  5. temp_sweeney, if you feel you are infected you should start a new topic. This topic is for walkman.
  6. Let me know what the IP's are, you can check the ones blocked in the following folder: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs Download at your desktop DDS from one of the links below: Link 1 Link 2 Double click the tool to run it. A black Screen will open, just read the contents and do nothing. When the tool finish it will open 2 reports. Copy/paste both reports back here and remove DDS from your desktop.
  7. Computers in a network are at risk as well, just make sure AVG on the other computers is enabled and up to date when scanning them, if virut is on them AVG should pick them up. I also recommend you change your passwords.
  8. I really don't recommend temporarily turning off avasts realtime protection, however since you managed to appear to be malware free to this point without it, you can do the following: Right click on the avast! icon in system tray (looks like this: ) and choose (Stop On-Access Protection) Be certain to turn it back on. Miekiemoes a researcher here at Malwarebytes has an excellent article on prevention tips, it's well worth a read: http://users.telenet.be/bluepatchy/miekiem...prevention.html
  9. While inevitably an antivirus will impact slightly on a system, it shouldn't be too drastic depending on your computers specs. Some AV's are better than others in this regard, NOD32 has a good reputation for being relatively light on resources. There is a good guide here that may help speed your computer up somewhat: http://www.malwareremoval.com/tutorials/runningslowly.php Your log shows you have BitTorrent running, quite apart from the legal or moral issue of file sharing, it is one biggest sources for malware infestations. It may have been related to that and removing it might stop the random warnings. I highly suggest you uninstall BitTorrent, but if you want to keep it you should fix the following line in HijackThis to stop it running from startup: O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe" From what you have said and with the scan results coming back clean, I believe your computer is clean but if you want me to take a further look I will, just let me know. BTW if you have paid for Malwarebytes you can use their help desk for support: http://helpdesk.malwarebytes.org/login The forums are free for anybody to post to and sometimes people can get left behind with the volume looking for help.
  10. Hi, I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution. You may want to read this why: Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again. Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html If you have any questions let me know.
  11. Excellent, looks like we got it. I would like to see one more scan just to make sure there is nothing leftover. Also let me know how your computer is running. Run Eset NOD32 Online AntiVirus http://www.eset.eu/online-scanner Note: You will need to use Internet Explorer for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock. Click Start Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked Click Scan Wait for the scan to finish Re-enable your Anvirisus software. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post along with a new HijackThis log.
  12. Hi, sorry for the delay, I was away. Step 1: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with a new HijackThis log.
  13. Both DDS logs seemed to have been cut off, could you please run it again. DDS.txt should end with something like: ============= FINISH: 21:10:11.75 =============== Attach.txt should end with ==== End Of File ===========================
  14. Hi Dave, I was in a hurry posting last night and gave you extra files to scan, you did get the one I wanted to see though. Sorry about the extra work but there was no harm done. Anyway it looks like something is protecting that vundo file, we can have a deeper look. Step 1: Download at your desktop DDS from one of the links below: Link 1 Link 2 Double click the tool to run it. A black Screen will open, just read the contents and do nothing. When the tool finish it will open 2 reports. Copy/paste both reports back here and remove DDS from your desktop. Step 2: Please download gmer.zip from Gmer and save it to your desktop. Right click on gmer.zip and select Extract All.... Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard. Click on the Browse button. Click on Desktop. Then click OK. Click Next. It will start extracting. Once done, check (tick) the Show extracted files box and click Finish. Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes. When done, you may receive another notice. Click OK. Click on Save ... to save a log. Copy and paste in Gmer.txt and click Save. Close Gmer. If you receive no notice, click on the Scan button. It will start scanning again. When done, click on Save ... to save a log. Copy and paste in Gmer.txt and click Save. Close Gmer. Note: Do not run any programs while Gmer is running. Logs to Post: Post the following logs, if you need to use multiple replies to post the logs please do so: The 2 DDS logs Gmer.txt
  15. In your first log you had AVG, now you don't seem to have any antivirus installed. If you have none installed I suggest you install one of the free for home use AV's like Avast or AntiVir immediately: Step 1: Please go to Virus Total or VirSCAN and upload c:\windows\system32\drivers\lffycjtc.sys for scanning. For Virus Total Please copy and paste C:\WINDOWS\system32\inetcomm.dll in the text box next to the Browse button. Click on Send File. For VirScan Copy and paste C:\file.exe into the text box next to the Browse... button. Click on Upload. The file will be uploaded and scanned. This will take some time. Please be patient. When done, the page will be refreshed. Please copy and paste the scan results of this file in your next reply. Step 2: You have a flash infection, please insert any external drive device you have for the next steps: Please download Flash_Disinfector and save it to your desktop. Double click to run it. You will be prompted to plug in your flash drive. Plug it in. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear. Step 3: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with a new HijackThis log and the Virustotal/virscasn results.
  16. Hello Dave and welcome to the Malwarebytes forums. B) We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review along with a new HijackThis log.
  17. Hi Matt, On doing further research it looks like you are infected with Virut, some of the info given matches these: http://www.threatexpert.com/report.aspx?md...b02ca486eed4ea4 http://www.threatexpert.com/report.aspx?md...dc0a5ac02094aaa http://virscan.org/report/25d377dcc6ace93f...6c5c22bb6a.html Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best way to return the machine to its normal working state. Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (software) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable. Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. I don't feel there is any point in trying to clean this machine. Sorry to be the bearer of bad news, but that's how I see it. If you have any questions let me know.
  18. I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine. The infection is delivered by W32/Rbot-BLF It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present... IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications. We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet. The Decision Whether to ReFormat or Not should be based on: The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect. The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have an IRC backdoor, the worst kind. If the Computer has been used for any important data, you are strongly advised to do the following, immediately: Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned. Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites. If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers. From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information. Take any other steps you think appropriate for an attempted identity theft. Please read this for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063 Please let me know what you decide.
  19. Hello! and welcome to the Malwarebytes forums. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations. I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. ================================================================== Step 1: We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review along with a new HijackThis log.
  20. Hi maz, Step 1: Please go to C:\Documents and Settings\maz\Desktop\SPYWARE-MAZ\ and right click on HijackThis.exe. Select Rename. Type in maz and press Enter. Double click on scanner to run it. Select Do a system scan and save a logfile. Please post back this log in your next reply. Step 2: Make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Logs to Post: In your next reply please post: The new HijackThis (maz) log The Uninstall list
  21. Hello! maz and welcome to the Malwarebytes forums. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations. As I am still training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice. I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.