Jump to content

MCgar

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    WA
  1. Running Windows XP and have a Windows install CD. Can burn CD/create a bootable USB drive on another computer. Does not load Windows splash screen before screen goes blank. F8 does not work on startup. Thanks Elise Gar
  2. Panasonic laptop infected. Was able to update MBAM and run quick scan. MBAM found a variety of infected files, but a few were not removable. Restarted laptop, now system will not boot beyond Panasonic logo. I can access system setup, but cannot proceed past that. System locks up in boot process w/ blank screen. Haven't tried booting from a recovery disk yet, wanted to get some advice from MBAM first since it's following a scan and remove. Thanks for the help. Gar
  3. Ran OTL, the other initial installs and scans during a troubleshooting scan. I disabled Symantec as directed, finish repairing, and re-enabled Symantec. I'm getting recurring notifications that Symantec is disabled, taskbar icon has exclamation, and I cannot perform a manual scan. I've also removed and reinstalled Symantec. Running Symantec AntiViurs Corporate Version. Any idea what I need to do to get it operating correctly again? Thanks Gar
  4. Ran Comfix, log attached. Thanks Elise. Gar combofix.txt
  5. OTL and GMER scans done. Logs attached. Thanks Elise Gar GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-04 22:23:33 Windows 5.1.2600 Service Pack 3 Running: 74gzenbn.exe; Driver: C:\DOCUME~1\GREGRO~1\LOCALS~1\Temp\kfqyapog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- Extras.Txt OTL.Txt
  6. Finished several days of scanning/removing malware w/ Borislav & Maniac assistance. Ran MBAM full scan after installing updated JAVA and found several password stealers in registry. Attached link to previous thread, and latest MBAM log. Do I have more work to do, or are these just MBAM catching problems? Thanks Gar mbam_log_2010_05_01__14_30_20_.txt recurring_malware___Malwarebytes_Forum.htm
  7. Link posted on bleepingcomputer. MBAM scan was clean, log attached. If the malware is cleaned up, do will I need to reinstall update Java? Thanks Maniac Gar mbam_log_2010_04_25__10_21_55_.txt
  8. 2nd CF scan run, log attached. Thanks Gar Combofix_log.txt
  9. Deleted all versions of Java, ran JavaRa.exe. Deleted Java and Sun files. MBAM wouldn't allow me to attach the log file, so here it is: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Apr 21 18:29:32 2010 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_03 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\JavaPlugin.142 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ ------------------------------------ Finished reporting. virustotal scan completed on both system files. Had problems saving the wokx file scan to a format that would attach to my reply, so it's in an email format. Having problems attaching some of these log files to my posts. What's the trick? Thanks again Maniac. Gar pbutk.dll_scan.htm wokxgism8.dll_scan.htm
  10. Combo-fix run, log attached. Thanks Maniac. Gar combo_fix.txt
  11. New MBAM scan and DDS logs attached. Thanks, Gar Attach.txt DDS.txt mbam_log_2010_04_19__21_06_37_.txt
  12. Borislav, scans run, logs attached. I also attached my banking home page, which show what I suspect is a key logger embedded into the page. The acct login block should only show the access number, user ID and password blocks. The bottom 3 should info items should not be asked per my bank. I can't figure how it's getting embedded into a fully functional SSL secured site tho. The bank login has been one of the biggest problems I've has since the malware attacks started. My bank has been no help. Thanks for the assist. Greg Navy_Federal_Credit_Union__Serving_U_S__Department_of_Defense.htm mbam_log_2010_04_18__15_41_49_.txt gmer.log2.txt DDS.txt Attach.txt
  13. Keep getting the following malware detected after startups. MBAM finds and cleans them, but they return. Had a problem w/ XP Defender a few months back, but after updating MBAM, it found them, but I suspect registry entries that still allow the malware to return. Any suggestions? Thanks Greg Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{D9CCFDE5-379A-4BA1-8875-63EE10034940}\RP3\A0002028.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D9CCFDE5-379A-4BA1-8875-63EE10034940}\RP3\A0002029.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D9CCFDE5-379A-4BA1-8875-63EE10034940}\RP3\A0002030.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D9CCFDE5-379A-4BA1-8875-63EE10034940}\RP4\A0002048.dll (Trojan.Agent) -> Quarantined and deleted successfully. F:\RECYCLER\recycld.exe (Spyware.Amber) -> Quarantined and deleted successfully. From an earlier scan, but keep getting these malware recurring also: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server\syubvo.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Server\syubvo.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\syubvo.dll (Trojan.Agent) -> Delete on reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.