Jump to content

ddjmagic

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Tried start up repair and it finds no problems. I think it must be the user profile, what files do I need to backup so I don't lose all my user settings? Just the complete user folder?
  2. I came to turn my windows 7 pc on this morning and it booted as normal - starting windows - welcome - then the screen goes blank with just a mouse cursor. Ctrl-Alt-Del works and I can bring up task manager, but task manager stops responding as soon as I try and start a new task. Tried safe mode, exactly same thing happens. If I switch to another user it works fine and the desktop shows up and everything, just my main user that won't work? Tried system restore but doesn't fix it. Any suggestions? Thanks.
  3. I will have a go at backing up and reformatting, thanks for the help.
  4. Yeah, pretty much the whole of program files was infected and just about every HTML file on my PC. A few questions - Will the USB flash drive that I have been using to copy between the 2 PC's be OK? What would be the safest way of backing up my images/music etc, that aren't infected? Would I be able to use the recovery partition to reinstall windows? Thanks for your help!
  5. Scan completed - 27,349 found, 27,424 deleted. The log is too big to post here - here's the items it was unable to delete- C:\Windows\explorer.exe Win32/Bamital.ER trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\explorer.old Win32/Bamital.ER trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\wininit.exe Win32/Bamital.ER trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Bears.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Garden.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Green Bubbles.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Hand Prints.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Orange Circles.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Peacock.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Roses.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Shades of Blue.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Soft Blue.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Stars.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I
  6. Its 6 hours into the scan and about 2/3 of the way through, its been stuck on one file on the recovery partition for about an hour. So far it has found 27,438 infected files, all W32/Ramnit, it looks like its infected pretty much everywhere I'll let it run a bit longer to see if it can get past that file and finish the scan.
  7. Same, nothing found - http://virusscan.jotti.org/en/scanresult/7...4a5d720115d1969
  8. http://virusscan.jotti.org/en/scanresult/4...7c005565a5e192f
  9. Computer pretty much the same, whatever I do , multiple IE browsers open, when they open, a file "watermark.exe" appears in task manager for a few seconds. Latest log- ComboFix 10-11-18.03 - derek 11/19/2010 1:42.5.2 - x86 NETWORK Microsoft
  10. Hiddens files were not been shown before, heres the new log- ComboFix 10-11-18.03 - derek 11/19/2010 0:38.4.2 - x86 NETWORK Microsoft
  11. SystemLook 04.09.10 by jpshortstuff Log created at 00:23 on 19/11/2010 by derek Administrator - Elevation successful ========== filefind ========== Searching for "explorer.exe" C:\Windows\explorer.exe --a---- 2923520 bytes [00:06 19/11/2010] [09:45 02/11/2006] 2774A3141A1FFEBA09C87463C84B2FAF C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe --a---- 2923520 bytes [23:50 19/10/2007] [23:50 19/10/2007] 6D06CD98D954FE87FB2DB8108793B399 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [12:26 10/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe --a---- 2923520 bytes [23:50 19/10/2007] [23:50 19/10/2007] BD06F0BF753BC704B653C3A50F89D362 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [12:26 10/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [16:42 23/09/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9F C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [12:26 10/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [12:26 10/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [13:45 24/09/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253 -= EOF =-
  12. Seemed to be a lot quicker than last time, still some IE pop ups though and explorer.exe seems to be still infected ComboFix 10-11-18.01 - derek 11/18/2010 23:22:46.3.2 - x86 NETWORK Microsoft
  13. No errors from the command line it said "File copied"
  14. I keep getting "the syntax of the command is incorrect" when trying to rename.
  15. I have it on a USB stick and on the infected PC's Desktop
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.