Jump to content

stevefromdafutcha

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by stevefromdafutcha

  1. I realize that posting such issues in this forum is a free solution, dependent on the kindness, availability, and intuition of volunteers and/or representatives of Malwarebytes.org (Moderators). I also understand that there are many other threads in such a support forum that require immediate attention, or obtain higher priority, or are identified as being rather severe and need immediate or more timely correspondence than what I have observed and received here; which is apparently no correspondence at all. Please note that I highly value Malwarebytes as an application and as an entity that is dedicated to proactively identifying and prohibiting malware threats from compromising computer systems. I value it so highly, that in fact, I have set up a purchase agreement between my place of employment and DSolution ( a Malwarebytes business partner) to purchase paid and registered bundled licenses. (The reason why I have to go through DSolutions is due to the specific financial/tax recognition of my place of employment) However, it is just under 48 hours since I have posted this thread, and my most recent information regarding the number of times that my attachment was downloaded was "2". If this is how the non-paid based support is managed, then I do expect that the fee based support would be much better of course, but not receiving any correspondence on my issue at all does not imply that it may be worth purchasing premium licenses from Malwarebytes. As I mentioned, I am an admin in the IT field, and that was not to boast or anything such, but to display that a lot of advanced procedures can be performed by me in the event of taking such advanced direction(s) from anyone who might respond; in which no one did. Furthermore, it is not my decision to have implemented and rolled out Symantec Endpoint Protection Small Business Edition 12.0.x to all of the client PCs in the two networks in which I support. It has and always consistently fails at proactively identifying and prohibiting malware infections from infiltrating such client OSs. I almost always have to rely on Malwarebytes (thank you, again) to eradicate the threat(s). Following the instruction (or suggestion of resolution) from another thread (also by a poster who sought assistance and was not granted much), I was able to successfully resolve the issue. That thread is as follows: http://forums.malwarebytes.org/index.php?showtopic=77539 I performed a similar procedure, based on the same principle, where I created a scheduled task to grant me System privileges in order to ensure that I could successfully create an additional Administrator account in the Windows OS. From there, I was able to access the Malwarebytes GUI, update the malware definitions and apply them, and then subsequently perform a Full Scan, which removed the threat(s). Hopefully this thread as well as the thread I created can assist anyone else trying to resolve removing XP Total Security 2011. Just to briefly mention as well, I did contact Symantec about this issue, as well as the fact that their application NEVER resolves malware issues, and although they were not able to lead me to a resolution, they did offer many good suggestions to perform different procedures. Basically, they didn't ignore me. :/ Until next time? Maybe?
  2. Dealing with XP Total Security 2011...

  3. Greetings to Malwarebytes' Forum Moderators, as well as any user or guest viewing, Last Friday, 04.15.11, one of 18 workgroup PCs were reported to be infected with malware; specifically a rogue malware program. Upon further inspection, I observed this program to be XP Total Security 2011. As an advanced user and IT Administrator, I performed various and known interventions to eradicate and resolve this issue. Of course, I was unsuccessful in any and all attempts, therefore I performed them again (both in safe and normal modes). Again, any and all attempts were unsuccessful. I then referenced the following thread: I'm Infected? What do I do now? - Malwarebytes Forum This thread contained most of the steps and procedures that I had previously performed twice before, but because I am requesting assistance from Malwarebytes, I want to provide accurate and complete information with this case. The following information contains the details for every procedure I performed: In Safe Mode with Networking: Attempted to execute mbam.exe (to update definitions and perform scan)- not able to Attempted to execute Symantec Antivirus Small Business Edition (to update definitions and perform scan) - not able to Downloaded and ran Defogger (to disable all CD emulation drivers) - ran program and disabled all CD emulation drivers. Results contained in defogger_disable.log Downloaded and ran DDS - DDS opens, as a command prompt opens for about a second then disappears. No scan results display after a considerable amount of time, therefore I do not have a .txt file log (Attach.txt and DDS.txt) Downloaded and ran GMER Rootkit Scanner - unchecked IAT/EAT, Drives/Partitions other than the system drive (C:\), and Show All. Results contained in ark.txt Downloaded and ran executable file from tdsskiller.zip - no instances of malware detected; results contained in TDSSkiller.2.4.21.0_15.04.2011_16.10.32_log.txt file. In addition, I ran a Fix TDSS tool downloaded from Symantec website. No instances of malware detected. Attached files for this instance of procedures performed while in Windows XP (SP3) Safe Mode, are as follows: defogger_disable.log ark.txt TDSSkiller.2.4.21.0_15.04.2011_16.10.32_log.txt In Windows XP Normal Mode: Attempted to execute mbam.exe (to update definitions and perform scan)- not able to Attempted to execute Symantec Antivirus Small Business Edition (to update definitions and perform scan) - no instances of malware detected. Downloaded and ran Defogger (to disable all CD emulation drivers) - ran program and disabled all CD emulation drivers. Results contained in defogger_disable xp.log Downloaded and ran DDS - DDS opens, as a command prompt opens for about a second then disappears. No scan results display after a considerable amount of time, therefore I do not have a .txt file log (Attach.txt and DDS.txt) Downloaded and ran GMER Rootkit Scanner - unchecked IAT/EAT, Drives/Partitions other than the system drive (C:\), and Show All. Results contained in ark2.txt Downloaded and ran executable file from tdsskiller.zip - no instances of malware detected; results contained in TDSSKiller.2.4.21.0_19.04.2011_14.49.33_log.txt file. In addition, I ran a Fix TDSS tool downloaded from Symantec website. No instances of malware detected. Attached files for this instance of procedures performed while in Windows XP (SP3) Normal Mode, are as follows: defogger_disable xp.log ark2.txt TDSSKiller.2.4.21.0_19.04.2011_14.49.33_log.txt Please kindly advise with any additional steps that should be performed, additional information required, and suggestions for resolution. Thank you very much for taking the time to review this thread and assist accordingly. I look forward to receiving your response(s). - Steve Attach.zip
  4. Please excuse my typo regarding your name, Kahdah
  5. Hi Kadah, Thank you very much for your prompt response! Due to the inability to preform the steps outlined in the other thread, I resumed performing the last suggestion by "maniac". This suggestion was to manually delete the malware folder in C:\Documents and Settings\All Users\Application Data The malware folder for System Tool 2011 is/was a folder named by a random string of numbers and letters. I was not able to delete this folder because the program's process was in use, therefore I had to boot into Safe Mode and manually delete the malware folder. After the folder was deleted, I rebooted and logged into the local user account from which I discovered the malware, and everything seems to be operating normally. Just for safe measure, I am currently performing a full system antivirus scan and will follow up with a Malwarebytes scan. Would you still like for me to download and run OTL? I most likely did not phrase my original post exactly how I should have; I am more curious as to why the first 3 or 4 outlined steps as described by "maniac" did not and would not work for me. Please get back to me at your convenience. Thanks again, and I look forward to chatting again.
  6. Hi there maniac, I am not intending to hijack the original poster's thread, however I too am experiencing the same issue being caused by the same rogue program, System Tool 2011. I have followed each and every one of your outlined steps without any success. The details can be read by examining the following thread in which I just created: System Tool 2011 - Malwarebytes Forum Thank you very much for taking the time to review the above thread and offer any suggestions. I look forward to receiving your response(s).
  7. Greetings to the Malwarebytes.org Community, Tonight, an end-user reported a malware/spyware infection on one of the multiple PCs in which I support. The PC is running Windows XP SP3, with all current updates, Symantec Endpoint Protection 12.0 (Small Business Version), and the latest database version of MalwareBytes. I observed the following rogue spyware program actively running on the desktop: System Tool 2011 Unable to launch and run the installed anti-virus program as well as mbam.exe, I searched the Malwarebytes.org Support Forum and attempted to resolve per the instructions/steps outlined in the following thread (which outlines steps to take to remove this rogue program for another Support Forum member using Windows XP SP3): System Tool 2011 - Malwarebytes Forum Per the instructions for procedure according to Malwarebytes.org Support Forum user "maniac", the first step is to download and run one of 6 process killer tools. I downloaded and ran every single tool listed and I am unable to locate the associated log file that should be "found at the root of your installed hard drive entitled rkill.log". I was still unable to locate this log file subsequent to showing hidden files and folders as well as subsequent to multiple reboots. Moving on to the second step outlined in the aforementioned thread, I was unable to execute or launch the MalwareBytes application. After rebooting in Safe Mode, I was able to execute mbam.exe and update the database. I performed a Full Scan (while in Safe Mode) and the only infected registry setting detected was the disabled Windows Security Center alert. I decided to resolve that anyway (remove the registry entry) and rebooted the PC. Therefore, I moved onto the third step found in that thread, which was to download and run dds.scr. After running dds.scr, the logfile only displays the version which was just installed. Nothing else. Moving on, according to the thread, I should download ComboFix, rename it to "Combo-Fix", when saving, and execute. Apparently, just as with every other attempt to run an application, the rogue program System Tool 2011, prohibits the application from being launched. Any suggestions? Thank you for taking the time to review this thread and offer any solution(s) or alternate steps to take. I look forward to receiving any and all responses.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.