Invalid-input
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Invalid-input
-
-
Hi,
My recommendation is to not use p2p software at all. It's possible that torrent site in your favourites list is exploited.
Logs themselves look ok and that's why I requested for more information about the link.
Thanks for the quick response.
Humm. now that I think about it it could be that site that's causing the problem. The reason I said that is that the last 2 occurances happened with the same link. I guess I'll be careful with that site. Thanks.
Oh, one more question, which online scans would you recommend for a really good deep scanning for viruses/ malwares?
So what should I do now? Uninstall the programs I've d/l for the scans?? How??
-
Oh, BTW thanks so much for your help. Just thought I should mention that.
Please let me know if I am infected with something/ or not and what I should do next.
Cheers
-
Hi,
BitComet
Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.
Does this happen with some specific links?
How I got my first virus/ trogen was when I selected the link of excite.com off my favourites list, I was redirected to that 'your comp is infected' site. i tried to close it but I guess I accidentially hit inside the window. It caused malware from running/ updating and every antivirus thing stopped working. So I took it to the techie.
Now when i hit another link (where I get my torrents) it sometimes redirects me to that site. I know the site where I get my torrents are safe. Then should I install older p2p programs or none at all?? suggestions for d/l torrent programs?
-
My comp was infected with trogen in Jan and I took it to a comp techie to fix it. But now when I select a link off my Favourites, I some times get direct to the ' you computer is infected' site. It has maybe happed 3-4 times since. I know there is something wrong but the scans produced no results. I use Eset 3.0. Thanks you so very much for your generous help.
I am not very good with computers so I hope I have followed the instructions correctly.
Here is the dds.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Sarah at 23:19:19.62 on 11/03/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.703.375 [GMT -8:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sarah\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Microsoft Internet Explorer
uStart Page = hxxp://ca.search.yahoo.com/web/advanced?ei=UTF-8&fr=yfp-t-501
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263694369483
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263694357776
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sarah\applic~1\mozilla\firefox\profiles\xc93xfwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://hk.yahoo.com/
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
=============== Created Last 30 ================
2010-03-12 07:15:21 0 ----a-w- c:\documents and settings\sarah\defogger_reenable
2010-03-09 07:24:24 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cabf598b4dae70.mof
2010-03-07 23:08:11 0 d-----w- c:\windows\system32\NtmsData
2010-02-22 05:59:29 398 ----a-w- c:\windows\NJCOM.INI
2010-02-22 05:59:23 0 d-----w- c:\docume~1\sarah\applic~1\NJStar
2010-02-22 05:59:05 0 d-----w- c:\program files\NJStar Communicator
==================== Find3M ====================
2010-01-17 06:39:48 390240 ----a-w- c:\windows\system32\mkdriver.dll
2010-01-17 06:39:48 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2010-01-16 16:53:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
============= FINISH: 23:19:48.37 ===============
Malwarebytes log
Malwarebytes' Anti-Malware 1.44
Database version: 3857
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/03/2010 11:11:31 PM
mbam-log-2010-03-11 (23-11-31).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 141053
Time elapsed: 36 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Gmer log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-11 23:49:40
Windows 5.1.2600 Service Pack 3
Running: wu5x6g84.exe; Driver: C:\DOCUME~1\Sarah\LOCALS~1\Temp\kxtdapob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.15 ----
Please let me know what I should do next. Thanks again for all the help.
Infected with something. Help, Please and Thanks.
in Resolved Malware Removal Logs
Posted
Thanks so much for your help (time and effort). I am glad to know that my computer is not infected and it was the internet site. Phew I'll try your sugggestions.
Thanks so so much. Keep up the good work.