Jump to content

ajax

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ajax

  • Rank
    New Member
  1. Ran TFC. Performed new scan. No detections. No other symptoms of malware infection.
  2. Detection on what looks like a setting. Please advise if false positive or actual infection. Log file below. Malwarebytes' Anti-Malware 1.39 Database version: 2549 Windows 5.1.2600 Service Pack 3 8/3/2009 12:30:34 PM mbam-log-2009-08-03 (12-30-34).txt Scan type: Full Scan (C:\|) Objects scanned: 148346 Time elapsed: 44 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules I
  3. Updated detection settings today (last update was about 1 week ago). Ran a quick scan and got a detection on some kind of setting (log below). Removed the file. Subsequently ran a full scan, which found nothing. I'm thinking this might be a false positive or a detection of a remnant of long dead malware due to the update (I hope). Please advise. Malwarebytes' Anti-Malware 1.38 Database version: 2368 Windows 5.1.2600 Service Pack 3 7/3/2009 10:59:51 AM mbam-log-2009-07-03 (10-59-51).txt Scan type: Quick Scan Objects scanned: 85609 Time elapsed: 4 minute(s), 28 second(s) Memory Processes In
  4. I thought this one was the positive: Sophos Antivirus Found Troj/BHO-IQ I haven't seen the redirect again (assuming it was a redirect to begin with and not a mistyped URL).
  5. Came back positive. What's the easiest way to delete the file? Scan taken on 12 Feb 2009 21:16:05 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found Tr
  6. ComboFix 09-02-11.02 - Administrator 2009-02-12 6:56:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.656 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\
  7. Must Windows Firewall also be disabled prior to running ComboFix? Also, can I ask if you're having me run this as a precaution or if you see signs of infection?
  8. Malwarebytes' Anti-Malware 1.33 Database version: 1749 Windows 5.1.2600 Service Pack 3 2/11/2009 8:55:00 AM mbam-log-2009-02-11 (08-55-00).txt Scan type: Quick Scan Objects scanned: 54311 Time elapsed: 6 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (
  9. I typed in a legit URL and ended up at an ad site. I'm not sure if I mistyped the URL or got redirected by malware. Any assistance is appreciated. MBAM quick scan log and HJT log are below (a McAfee scan was clean - no log to post). Malwarebytes' Anti-Malware 1.33 Database version: 1738 Windows 5.1.2600 Service Pack 3 2/8/2009 6:13:21 AM mbam-log-2009-02-08 (06-13-21).txt Scan type: Quick Scan Objects scanned: 53950 Time elapsed: 6 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infecte
  10. I did as you instructed. The system seems to be behaving normally. HijackThis log is below. Additionally, as I went to the C drive to delete that folder, I noticed a folder with a suspicious name (c:\0c9fc5be454d5f8cf112c4715a). Properties says it was created on Nov. 15, 2006 (maybe I just never noticed it before). In the folder is a text file (title: "msxml4-KB927978-enu"). I scanned the folder and file with MBAM and McAfee, came up clean. The text is seems to record some kind of system update. Is this something I should be worried about? Logfile of Trend Micro HijackThis v2.0.2 Scan s
  11. Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9 ALPS Touch Pad Driver AnswerWorks 4.0 Runtime - English Apple Mobile Device Support Apple Software Update Bonjour Broadcom Advanced Control Suite Broadcom Gigabit Integrated Controller CALI Library of Lessons CCScore Close Combat IV Conexant HDA D110 MDC V.92 Modem ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt fflink High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windo
  12. No, I didn't intend to keep it. It looked to me like 9.0 deleted the old 7.0 at the time of the update. How can I complete the uninstall process?
  13. Did as you directed. Logs: Malwarebytes' Anti-Malware 1.31 Database version: 1463 Windows 5.1.2600 Service Pack 3 12/5/2008 8:00:15 AM mbam-log-2008-12-05 (08-00-15).txt Scan type: Quick Scan Objects scanned: 49318 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected)
  14. Thanks. Again, I suspect I just have had some bad luck, but it would be nice to get an expert opinion. Here is the new HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:37:00 PM, on 12/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\In
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.