Jump to content

Joss

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Joss
    Hi Maniac Stupid of me I didn't check the "ignore" section in mbam...and C drive was there...I removed it and all of a sudden it works and no threats... Thanks for your help! jose
  2. Joss
    Hi maniac, Thanks a lot for your help. As soon as I am back at home I will follow your suggestions and come back to you with the results. Thanks! Jose
  3. Joss
    Hi, I managed to remove some malware already using an USB stick with AVG but Malwarebytes keeps not working what makes me suspect that something is not yet fixed. The application starts and after few minutes and around 94K files scanned it always stops with a message that no threats are detected. Malware chamaleon has the same behaviour. I tried also to start the computer in safe mode and no changes... Any clue what could be wrong? regards jose attach.txt dds.txt
  4. Joss
    Sorry for posting in the wrong place Thanks!
  5. Joss
    Hi, I managed to remove some malware already using an USB stick with AVG but Malwarebytes keeps not working what makes me suspect that something is not yet fixed. The application starts and after few minutes and around 94K files scanned it always stops with a message that no threats are detected. Malware chamaleon keeps not working. Any clue what could be wrong??? regards jose dds.txt attach.txt
  6. Joss
    They look much better ))) Many, many thanks. Unless you think anything else must be done I think we can close this thread...
  7. Joss
    Hi Borislav, Here comes the logs... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versi
  8. Joss
    Here it goes (I add an additional line with the current name of the file): Logfile of The Avenger Version 2.0, © by Swandog46 [url="http://swandog46.geekstogo.com"]http://swandog46.geekstogo.com[/url] Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "vbma3792" disabled successfully. Driver "vbma3792" deleted successfully. Error: file "C:\WINDOWS\system32\vbma3792.sys" not found! Deletion of file "C:\WINDOWS\system32\vbma3792.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\drivers\vbma3792.sys.XXX.no_toCar,_virus" deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 23:18:16, on 25/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\ARCHIV~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Archivos de programa\AVG\AVG10\avgwdsvc.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Archivos de programa\AVG\AVG10\avgnsx.exe C:\Archivos de programa\AVG\AVG10\avgemcx.exe C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\Apoint2K\Apoint.exe C:\Archivos de programa\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe C:\Archivos de programa\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSServ.exe C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe C:\Archivos de programa\AVG\AVG10\avgtray.exe C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Apoint2K\Apntex.exe C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\Citrix\ICA Client\pnagent.exe C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Archivos de programa\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqbam08.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqgpc01.exe C:\ARCHIV~1\AVG\AVG10\avgrsx.exe C:\Archivos de programa\AVG\AVG10\avgcsrvx.exe F:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
  9. Joss
    It ends and some good news: Not removable, file renamed: [TR/Drop.Sirefef.B.226] Windows/system32/drivers/vbma3792.sys And some spybot files that cannot be read due to be encrypted. And now?
  10. Joss
    Running...let's see For your records, the link to download the Avira Rescue has changed and now is: http://www.avira.com/en/support-download-a...r-rescue-system
  11. Joss
    No luck
  12. Joss
    HI Borislav, Another sympton I have just realized, I cannot set on "folder options" the option to see hidden files and folders, I select it, apply but nothing appears, I go back to "folder options" and the option is not selected. best regards jose
  13. Joss
    Hi Maniac, First thanks for your time I follow your instructions, combofix start to run, a small window with combofix name appears and some bars and after few seconds it disappears without leaving any trace of log file... Best regards jose
  14. Joss
    Hi, A friend asked for help, he click by error on a banner claiming to help fix an infection and here we go.... Spybot stopped working, AVG doesn't detect anything wrong, the same as bit defender and also starting from a PE CD-ROM with Spybot didn't fix the problem. One symptom is a connection to 213.174.130.34 that Zone Alarm is blocking. I tried to run spybot, hjt, mbam, autoruns...in all cases they start running and after few seconds they crash...I can run process explorer but this time nothing unsual appears, so I need some extra help. Many thanks in advance!! Best regard, Here goes the DDS logs: (XP is in Spanish, "Archivos de Programa" stands for "Program Files") DDS (Ver_10-11-10.01) - NTFSx86 Run by ELENA at 0:57:50,87 on 24/11/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1014.471 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Archivos de programa\AVG\AVG9\avgchsvx.exe C:\Archivos de programa\AVG\AVG9\avgrsx.exe C:\Archivos de programa\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\Apoint2K\Apoint.exe C:\Archivos de programa\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe C:\Archivos de programa\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSServ.exe C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe C:\Archivos de programa\Apoint2K\Apntex.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqSRMon.exe C:\ARCHIV~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\dds.com C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\Citrix\ICA Client\pnagent.exe C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: AutorunsDisabled - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~2\SDHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Aplicaci
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.