Jump to content

bfordmn

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bfordmn
    Thanks, it's a nasty world out there. Will a standard reformat/partition clean everything out or can any of these threats survive a format?
  2. bfordmn
    Thanks. Would MBAM Pro running with "Enable Malacious Website Blocking" have prevented this infection? If not, is there software that would? If not, what can a user do to keep this from happening, especially since the infections can come from legitimate sites that have been compromised (i.e. LATimes)? How do you personally protect your computer from such attacks when browsing?
  3. bfordmn
    Oh, I forgot to mention, I read the info in the link for ZA and the infection did somehow come in thru a fake Adobe update pop up. It is very hard to know when a pop looks just like a normal Adobe update window.
  4. bfordmn
    Thanks for your continued help. C:\Users\bford\AppData\Roaming\noenr.dll does not exist in that directory C:\Users\bford\AppData\Roaming\windo.dll does exist in that directory Why is this interesting? Regarding other clients - The immediate recognized response to this infection was turning the client into a spambot. We were almost immediately blacklisted on CBL, Spamhaus, etc. It appears that running MBAM immediately stopped the spambot. I went to all of the clients, including the infected computer and ran and watched TCPview. None had shown any activity to :SMTP or :25, so I think the spambot is temporarily dead on the infected and is not operating on any of the other clients. What was the signature for ZA that you saw in the printout of the infected computer? Can I simply check for the signature on other clients? Finally, I have been watching the server and MBAM pro and been denying access to several known "bad" mail IPs (204.12.225.74) that are trying to gain access to edgetransport.exe, which I think is some part of the stmp engine for exchange. We have now restricted all outbound port 25 traffic to only traffic coming from exchange. Probably should have done that long ago. Thanks again.
  5. bfordmn
    Hi, Thanks for your response. Reformat and reinstall it is. You can see, there is not much on this machine. Very few installed programs and no data, to speak of. I am the de facto system admin with some help from an outside consultant. Our system is about 8-clients with an SBS server running exchange. Big question: could Zero Access have moved to other client or, heaven forbid, the server. They all scanned clean, but so did the infected computer. The mailbot appears to have been stopped. The infected computer was connected to the network for some of the day yesterday, but has been disconnected from the network for the last 14-hours. Thank you.
  6. bfordmn
    I was recently hit by sometype of Malware. I quickly closed the process and started malwarebytes and that appears to have stabilized this client computer, but I have purchased/activiated the pro version and I cannot check the "Enable Malacious Website Blocking". I read somewhere that this is residue from the rootkit that was or still is, embedded in my computer. A full scan of MBAM returns no errors. This is a work computer that is a client to a 2011 SBS. For the short time the virus/malware was active, it mail botted out a bunch of spam, enought to get our static IP blacklisted on CBL. The Client seems to be working fine now, but I am still concerned that it might somehow still be infected. I have been keeping it mostly unplugged from the server, even tho MBAM shows it as clean. 1) Am I clean and 2) how do I fixe the enable... Thank you in advance for your help. Here are the two files from DDS.COM DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.4.1 Run by BFord at 17:10:53 on 2013-04-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.5828 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskhost.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe C:\Users\bford\AppData\Local\Temp\Temp1_TCPView.zip\Tcpview.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uDefault_Page_URL = hxxp://companyweb mWinlogon: Userinit = userinit.exe, BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [noenr] "C:\Windows\System32\rundll32.exe" "C:\Users\bford\AppData\Roaming\noenr.dll",File uRun: [windo] "C:\Windows\System32\rundll32.exe" "C:\Users\bford\AppData\Roaming\windo.dll",Node_AddChild mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" mRun: [uSBDetect] <no file> uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: RunStartupScriptSync = dword:1 IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: mswsock.dll TCP: NameServer = 192.168.0.111 TCP: Interfaces\{ADC1C232-9923-4789-8399-BDC0820CD17D} : DHCPNameServer = 192.168.0.111 Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-2 55856] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-7 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-13 682344] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2012-5-15 1768376] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-13 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-13 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-2 413800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 COH_Mon;COH_Mon;C:\Windows\System32\drivers\COH_Mon.sys [2012-5-15 25424] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-2 158976] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-2 317440] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 180736] S3 Samsung UPD Service2;Samsung UPD Service2;C:\Windows\System32\SUPDSvc2.exe [2012-10-29 158208] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-8 1255736] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1" . =============== Created Last 30 ================ . 2013-04-01 22:28:13 -------- d-----w- C:\ProgramData\A474D91E02CEAD3E0000A47434ADB121 2013-04-01 22:14:09 -------- d-----w- C:\ProgramData\A47B611E0956AD3E0000A47ABCADB7A9 2013-04-01 22:13:37 735744 ----a-w- C:\Users\bford\AppData\Roaming\windo.dll . ==================== Find3M ==================== . 2013-03-20 23:28:32 233120 ----a-w- C:\Windows\System32\drivers\WpsHelper.sys 1997-07-22 00:30:54 1045776 --sha-w- C:\Windows\SysWOW64\Msjet35.dll 1997-06-23 08:00:00 123664 --sha-w- C:\Windows\SysWOW64\Msjint35.dll 1997-06-23 17:06:50 24848 --sha-w- C:\Windows\SysWOW64\Msjter35.dll 1997-06-23 17:06:50 252176 --sha-w- C:\Windows\SysWOW64\Msrd2x35.dll 1997-06-23 17:06:50 287504 --sha-w- C:\Windows\SysWOW64\Msxbse35.dll . ============= FINISH: 17:11:10.65 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/7/2012 3:44:05 PM System Uptime: 4/1/2013 7:36:07 PM (22 hours ago) . Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 219 GiB total, 165.051 GiB free. D: is FIXED (NTFS) - 14 GiB total, 7.259 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Adobe Acrobat 8 Professional Adobe Acrobat 8.1.1 Professional AutoCAD Civil 3D 2010 AutoCAD Civil 3D 2010 Language Pack - English AutoCAD Express Tools Volumes 1-9 Autodesk Design Review 2010 Autodesk Express Viewer Autodesk Land Desktop 2004 Autodesk Network Installation Wizard Conexant HD Audio CyberLink PowerDVD 9.5 DYMO LabelWriter Drivers eReg Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Intel® Processor Graphics Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 LiveUpdate 3.3 (Symantec Corporation) Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual Basic Power Packs 3.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver 296.10 NVIDIA 3D Vision Driver 296.10 NVIDIA Control Panel 296.10 NVIDIA Graphics Driver 296.10 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.7.11 NVIDIA Update Components Samsung Universal Print Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Symantec Endpoint Protection Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition VBA WebLinkActiveX Windows Small Business Server 2011 Standard ClientAgent Windows Small Business Server 2011 Standard WMI Provider . ==== Event Viewer Messages From Past Week ======== . 4/2/2013 9:25:38 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain REHDER due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/2/2013 4:36:49 PM, Error: Service Control Manager [7000] - The COH_Mon service failed to start due to the following error: This driver has been blocked from loading 4/2/2013 3:17:02 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 4/2/2013 3:17:01 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain REHDER due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/1/2013 8:36:59 PM, Error: Application Popup [875] - Driver COH_Mon.sys has been blocked from loading. 4/1/2013 5:49:13 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 4/1/2013 5:26:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 4/1/2013 5:26:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/1/2013 5:26:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/29/2013 6:31:54 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Samsung ML-1250/ML-250 required for printer !!FORDFAMILY-PC!Samsung Mono is unknown. Contact the administrator to install the driver before you log in again. 3/28/2013 10:28:34 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 192.168.0.111. . ==== End Of File ===========================
  7. bfordmn
    Just prior to your post with instructions, I was able to get MBAM installed on the infected computer by using a USB thumb drive and renaming the file as a COM. I could not update the definitions, but was able to run MBAM. Then after the first pass, I was able to update the definitions and fully wipe out what was left. Thanks, this case can be closed.
  8. bfordmn
    We have an XP pro desktop that is infected. I tried installing the latest MB from a thumbdrive, but it would simply start up the false AV warning page. I have tried renaming the exe and also tried installing through safe mode, but the same thing happens. I can see from the other tutorials that maybe running a variant of RKILL may solve the problem, but before going further I thought I would post here for advice. I have also seen in other threads where you recommend building a bootable CD, so I am guessing that is where I will be heading. Thanks for your help. I did not mention it in my first post, but the malware I am infected with is XP Security 2012.
  9. bfordmn
    Hi, I am running Windows Mail on Vista Home. It ports throught AOL. Twice now, a number of emails have been sent from our account. These two instances were about a week apart and we only know it when someone responds, asking if we have a bot or we notice several bounces in our in box that we did not send. We were not even home today when the emails were generated. First, is this likely a bot residing on my computer or could someone being using our email as a 'return label' only. Most of the bounced emails are from our address book and some are just address we have sent to in the past but not in our address book. Finally, there is nothing in the sent box indicating that anything was sent. Again the only indication that we had been 'used' was the bounced emails and friendly questions. I installed, updated and ran the latest MWB program and it found nothing. Should it find a mail bot if it is residing on our computer? I cannot find anything on google. Any ideas? Thanks, Ben
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.