pifreak
-
Posts
98 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by pifreak
-
-
Does anyone care that a link is messed up on the malwarebytes website, and it leads to advertisements?
-
I just purchased MBAM and clicked the twitter link:
Did we save your computer from malware? Spread the word about Malwarebytes via Twitter
It makes me tweet:
I just bought @Malwarebytes Anti Malware! http://bit.ly)YkJSg Thanks @Malwarebytes Team! #Software #AntiMalware
When, to make a correct link, it should tweet:
I just bought @Malwarebytes Anti Malware! http://bit.ly/YkJSg Thanks @Malwarebytes Team! #Software #AntiMalware
BUT the link hxxp://bit.ly/YkJSg
goes to:
hxxp://www.home-body-detox.com/blog/body-cleanse-weight-loss/787/
The address is not showing up! The DNS does not respond, such as tracert.
I WILL KEEP INVESTIGATING THIS
Your link is messed up, and this is some advertisement.
How did it get like that?
Can you fix it please?
Thanks, team!
pi`
-
What the hell, I'm going to buy it.
Edit: ha ha ha that was easy to buy
Flash scan is so awesome It just found 4 things in a few seconds and now it's done
Appears to be leftover keys from files I deleted from that stinky malvertisement I made a topic on.Thanks team for making such an awesome product, I feel safer now.
So if I want to put this on the family computer as well as my computer I need to buy another key? Or can I just go ahead and put it on there?
-
You guys are quite funny
-
Alright, will do some time, for now it's disabled from startup.
Sorry for the delay
-
On a friend's computer running Windows 7 Home Premium x64, Frostwire always appears on startup.
He doesn't want it on there anymore, and I was trying to help him remove it because it slows the computer and internet, and is unsafe etc.
I exit out of frostwire, it shuts down fine and quits. Then I go to control panel and go to add/remove applications. I select Frostwire, and click the "Change/remove" button. Nothing happens. If you wait a while and click it again, it says "Please wait for the current uninstaller to finish", but it's not showing anything.
When attempting to uninstall, all other programs freeze even though there is ~2.7GB of memory free, an the CPU is using 3% power or so. Everything is just unresponsive and task manager cannot kill any process.
Any ideas? I guess I could just delete the startup key and then manually delete all the files and folders and registry entries but that seems like a pain and I would have to lookup where everything is...
Thanks for the help,
pi`
-
I always played Fighter Pilot on our first computer:
-
I have had problems on live.com with Firefox
-
I have only tried one product and it was the one that is supposed to make games faster but it is pretty scary that it shuts down windows services and junk in order to do it...no FPS increase
a bunch of crap if you ask me
-
So, I had this dream last night, Something weird happened on my computer, and I was running some weird program.
*dream disappears before I can write it down*
Anyway, I remember that nothing was working right, so I did a scan with Malwarebytes, and the red text for infections popped up, and the number kept jumping!
Then I remember it saying it finished, and it found over 30,000 infections!
It showed all the detected files, and they were like "haha_you_got_hacked.exe" etc.
I thought "ha ha I have Malwarebytes
"It's good to know that Malwarebytes is protecting me even in my dreams.
pi`
-
How do we know what to submit?
if we find a virus that, say, Norton and McAfee do not detect and Malwarebytes does not detect, can we still submit it?
-
Thanks for fixing it, updated and scanned, not detected.
I'll get the "mbam.exe /developer" log file next time before making a topic, sorry.
You guys and/or gals are great.
pi`
-
Sorry for double post, but I'm running the scan with the /developer parameter to get the log file for you
Sorry for doing it wrong, fatdcuk, and thanks for everything you do for us Malwarebytes users :'D
-
the attachment failed? :/
Oh, I ditched Avast! because MaximumPC didn't rate it very well and because it kept deleting some file I was using to test network code (smsniff by NirSoft)
Sorry about the file thing. I think it uploaded this time. I put the .cpp and .exe in a zip.
-
psssh
-
By the way, the new site looks awesome, the new program looks sweet.
I'm going to ditch MSE and Avast! I think and use Malwarebytes' full version if I can get some moneys
Anywho, I don't mind that Malwarebytes' Anti Malware finds false positives, and I expect it a lot since I have a lot of programs I make that end up getting detected.
broken_2d_dynamic_array.exe was the only thing found on the quick scan, but I know it's not malware because it's something I made as a test, I believe because some arrays weren't working in a program and I was just practicing something.
I've attached the source code for you to laugh at, not edited although embarrassing
pi`
-
(Sorry double post)
...Deleting everything (all malware found) immediately could be dangers due to false positives from time to time
Malwarebytes has the option to recover files that have been "removed", or quarantined.
This is good in case it is a false positive and really a good file.
pi`
-
about displaying the selections, it is a good option to see what to delete and what not to delete. In my opinion here are some reasons:
-There might be something you want to keep, such as hacking_tool.exe
-There might be a false positive, such as game.exe
-It informs you what you have and you can research them, such as if it finds a keylogger, you should change your passwords, a hacker might have them!
-It can show if something has come back, and the location it appears.
I hope this shows why it is a good thing to show what the scan has found.
pi`
-
systemcallsignal.zip
(systemcallsignal.exe inside)
From:
C:\Program Files\Cheat Engine\systemcallsignal.exe
-
File information
File Name : systemcallsignal.exe
File Size : 16384 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 604337c552accb6ef5cfb5bd9644f435
SHA1 : 0b31ccd057e61c167b1265ebac259ca21fb30aa2
Scanner results
Scanner results : 11% Scanner(s) (4/37) found malware!
Time : 2009/11/30 07:03:05 (CST)
What's the meaning of this, I doubt a file in cheat engine is a trojan, rootkit, or anything to do with an attacker stealing your information, hacktool I can see.
Who decided this is malware? Is it really worth deleting?
pi`
-
bump, please help if possible, fixing my friend's laptop, he is in the airforce and home visiting. He will be leaving in a few days
pi`
-
oh yes! I don't know how I forgot, but I have done that some time ago to a machine. Thank you so much for the link, it's much appreciated.
-
My computer used to skip the login screen so if you turned on the computer it would boot windows and then load your profile automatically. I applied some updates or something, and it stopped doing it.
How do you make it so you don't need to click the icon of your profile to login, assume there is only one user.
Thanks for the help, anyone.
pi`
-
I'm fixing a friend's laptop, there were a few things such as a rootkit, trojan horse, and trojan downloader that malwarebytes and trend micro cleaned up.
The system seems to be working fine now, but both IE8 and Firefox redirect to random ad sites when clicking a result from a google search, etc.
A few times it has gone to computer-online-scanner.biz or something like that and the pop ups dont go away since it's javascript in an endless loop. Telling me to download some file because I'm infected, so I ended the process of firefox.exe
I also found a file 2.js in C:\ which looks suspicious, so I made a backup and deleted it. I attached a zip if anyone wants to look at that.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:19 AM, on 11/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {abdb2d82-93c4-4d9e-9a80-2f1ee1cca981} - C:\Program Files\Quizulous\Helper.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - F:\SZSG.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: FCTBPos00Pos - {C32F1A70-105D-4340-8A69-0C1364723D56} - C:\Program Files\Quizulous\Toolbar.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - F:\SZIEBHO.dll (file missing)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - F:\SZSG.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Quizulous - {6CE6E13B-280E-44AE-BD3D-558838E69C9D} - C:\Program Files\Quizulous\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O13 - Gopher Prefix:
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12436 bytes
Appears to be leftover keys from files I deleted from that stinky malvertisement I made a topic on.
Browser Redirecting
in Resolved Malware Removal Logs
Posted
When searching on google or yahoo, results come up normal. When you click, it sometimes go to an ad site. This is very annoying and I don't know where it's coming from.
Malwarebytes:
HiJackThis: