Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About bigwater

  • Rank
    New Member
  1. I have removed Combofix and OTL and all the other associated files and programs I downloaded to my desktop to perform this repair. It's nice to see that you have been able to overcome this thing...it's been quite an learning experience for me to assist you in rooting this virus out. I'm impressed with the professionalism and efficiency in how you handled this. I think it will take me a few days to go through the startup files and determine what is needed and what is not. The links you provided will be very helpful in making those decisions. Right now the only oddity that remains is associat
  2. EOTL Extras logfile created on: 2/17/2011 8:54:08 AM - Run 1 OTL by OldTimer - Version Folder = C:\Users\Cathy Beck\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,013.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive%
  3. OLT part 2 ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System3
  4. In talking to my wife I discovered that I erroneously reported to you that a "blogger" icon was appearing on the task bar when connecting to blogger. I should have reported that it is the outlook icon. In checking my computer (identical to this one) I see that the outlook icon shows up on my task bar after opening as well so I assume this is a normal process. It was the blogger icon on the quick launch bar that changed to a red oval with a white dot a few days ago while we were in the middle of the process. It has not reappeared. Initially the malware on this computer installed an icon on
  5. Thanks for asking. We appreciate your continued interest in our situation. So far so good. We are not experiencing any of the Google redirects, spontaneous connections to random websites, blue screen of death, and inability to download vista updates that characterized the events I posted above. Windows continues to be a little sluggish but that may be due to us putting on avast (in the past virus software has slowed down my systems a bit). Right now windows is running 77 processes using 3% of of the CPU and 75% of physical memory. My wife observed some odd things happen like the familiar b
  6. I appreciate you finding an alternative scanner, it made my job easier. No threats were found after running the ESET Online Scanner
  7. I have executed all of the process except running the online scanner. After dropping the text file in ComboFix I got a message that an update was available for ComboFix. I selected yes and continued (would this affect the text file I dropped in?). Here is the log: ComboFix 11-02-12.02 - Cathy Beck 02/13/2011 8:33.3.2 - x86 Microsoft
  8. A point of clarification: I want to be clear on what you mean by "Overwrite the existing one" after downloading CFscript to my desktop. I don't want to make any assumptions about this step.
  9. I appereciate all the steps you have laid out for me to fix this problem. I merged the text file to combofix, ran a scan, and produced the following log: ComboFix 11-02-09.05 - Cathy Beck 02/10/2011 13:32:43.2.2 - x86 Microsoft
  10. Thanks again for your help; here is the combofix log: ComboFix 11-02-09.05 - Cathy Beck 02/10/2011 9:05.1.2 - x86 Microsoft
  11. Thanks for your help, one object was found; here's the report: 2011/02/09 17:25:49.0030 2456 TDSS rootkit removing tool Feb 1 2011 10:34:03 2011/02/09 17:25:50.0684 2456 ================================================================================ 2011/02/09 17:25:50.0684 2456 SystemInfo: 2011/02/09 17:25:50.0684 2456 2011/02/09 17:25:50.0684 2456 OS Version: 6.0.6002 ServicePack: 2.0 2011/02/09 17:25:50.0684 2456 Product type: Workstation 2011/02/09 17:25:50.0684 2456 ComputerName: CATHYBECK-PC 2011/02/09 17:25:50.0684 2456 UserName: Cathy Beck 2011/02/09 17:25:50.0684 2456 Wind
  12. I've got malware that is persistent after conducting an initial scan that provided the following log: Malwarebytes' Anti-Malware www.malwarebytes.org Database version: 5363 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18999 1/23/2011 9:10:28 PM mbam-log-2011-01-23 (21-10-28).txt Scan type: Quick scan Objects scanned: 147354 Time elapsed: 7 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.