Jump to content

N6JSX

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have an infected PC that inhibits any update attempts. Some how one of those darn "you are infected with trojan pop up cleaner" got into my PC, again..... Is mbam portable that I can load it on a USB stick and run from the stick? If not, it should be considered!!! Forum needs a FAQ area - how to load current updates into an infected PC then how to use SAFE CMD mode to run. How do I load a current mbam/dat files to the infected PC?
  2. Hmmm do not see the Hijack file - I'll try again.... wow this is stupid - your system will not allow me to upload this file, yet you want its information.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:52:32, on 07/02/09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 6203 bytes
  3. Two days ago I got a Trojan into my main PC. mad.gif It keeps popping up windows informing me that I'm infected and then trying to get me to DL their cleaning program. It puts porno short cuts on my desk top and even tried to get me to uninstall MBAM..... It block me from executing MBAM - but I figured a way round this.... I just copied MBAM.exe into the same folder and run the copy - the name is now different at it ran - but when trying to update MBAM it blocks updating. I was able to use another PC to get a 07/01 update - then copy and run the program on my infected PC. It found some 22 problems and wiped them out.... But it did not find all of them - as soon as I plugged the PC back into my network cable it DL'ed all the crap again and began running it..... even putting loaded program icons in my task bar. An issue I did find - after MBRAM cleaned these items my PC would not boot up. I had to go to SAFE mode and run CCleaner.exe registry clean/reapir and the PC boots up OK. rolleyes.gif I'm hoping that 07/02 MBAM update might have the fix. This one has been a pain to get out.... F-PROT did not see it at all. Since MBAM can't clean it I've been thinking about installing ZoneAlarms Firewall so I can control internet accessing.... wink.gif Attached is the Hijack file and two log files for your review..... Sure like to kill this one and get advice on how to keep from getting this tyep of crap again. TNX mbam_log_2009_07_01__19_26_25_.txt mbam_log_2009_07_02__09_51_43_.txt mbam_log_2009_07_01__19_26_25_.txt mbam_log_2009_07_02__09_51_43_.txt
  4. Two days ago I got a Trojan into my main PC. It keeps popping up windows informing me that I'm infected and then trying to get me to DL their cleaning program. It puts porno short cuts on my desk top and even tried to get me to uninstall MBAM..... It block me from executing MBAM - but I figured a way round this.... I just copied MBAM.exe into the same folder and run the copy - the name is now different at it ran - but when trying to update MBAM it blocks updating. I was able to use another PC to get a 07/01 update - then copy and run the program on my infected PC. It found some 22 problems and wiped them out.... But it did not find all of them - as soon as I plugged the PC back into my network cable it DL'ed all the crap again and began running it..... even putting loaded program icons in my task bar. An issue I did find - after MBRAM cleaned these items my PC would not boot up. I had to go to SAFE mode and run CCleaner.exe registry clean/reapir and the PC boots up OK. I'm hoping that 07/02 MBAM update might have the fix. This one has been a pain to get out.... F-PROT did not see it at all. Since MBAM can;t clena it I've been thinking about installing ZoneAlarms Firewall so I can control internet accessing....
  5. Portable is needed. This is now the second time I got some hijacker crap on one of my PC's. MalWare is installed but the crap will not allow me to execute Malware program to do a scan/clean. Another time it prohibited me from getting updates to Malware.... So running it from a USB stick would be GREAT!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.