Jump to content

jt83

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jt83

  • Rank
    New Member
  1. I was asked to take a look at a Dell Optiplex 330 running Vista Business SP2 because it had picked up the ZeroAccess rootkit/trojan. The PC was running McAfee Security as a Service, but the subscription was no longer up to date. I have run MBAM several times, sometimes detecting the infection, sometimes not. McAfee was not removing the infection, only detecting/blocking it, so I removed McAfee and replaced with Microsoft Security Essentials so it would, at the least, remain updated. Running a full scan overnight detected the infection again. I tried removing and rebooting, but then the PC
  2. Just an FYI - I believe I succesfully removed the malware by removing this "O20 - Winlogon Notify: wminotify - Invalid registry found" with Hijack This, manually deleting the regitry keys, and using Spybot's File Shredder program to delete locked dll's. I have run three full scans since with Avira, and they come up clean. Problem is, there were some things I had to try to fix after the fact. Like reconfiging ports and loopback for the internal website, but DNS is effed and I can't configure it, and for some reason, when I try to reinstall, it doesn't even prompt me for a CD and does nothing.
  3. Looks like Avira and Hijack This logs didn't upload properly, so here's the ol' cut-n-paste : AntiVir Server Report file date: Friday, February 18, 2011 22:30 Scanning for 3106646 virus strains. The program is running as a fully functional evaluation version. Online services are available: Licensee : 30 Days Evaluation License Serial number : 0000149999-OEJIM-0000025 Platform : Windows Server 2003 Windows version : (Service Pack 2) [5.2.3790] Boot mode : Normally booted Username : SYSTEM Computer name : DCM-SBS Version information: BUILD.DAT : 10.0.0.17
  4. Need a lot of help here. I am the IT guy at a small manufacturing company of about 10 employees. I mbam-log-2011-02-17 (22-33-52).txt 127.0.0.1_4d5f99d1.log 127.0.0.1_4d5fbee5.log ark.txt hijackthis.log
  5. Forgive me. I typed this whole thing out and forgot to copy and paste the logs. At any rate, it looks like running Spybot a second time removed it. You can lock this up if you like. I'll let you guys know if anything else pops up.
  6. Quick System Specs: OS: Microsoft Windows Server 2003 for Small Business Server Service Pack 2 Processor: Intel Xeon CPU E5335 @ 2.00GHz Memory: 4.00 GB of RAM Antivirus Software: Computer Associates eTrust Antivirus version 7.0.140 Antimalware Software: MBAM (was on machine before discovering Trojan) and Spybot S&D (installed after discovering Trojan) Hello, The other day I received an e-mail from the security division of a very large, well known bank. It seems a machine on our network was trying to attack one of their Websites. After doing a quick check of our server, I found an instan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.