Jump to content

12056

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by 12056

  1. The safest way is to run the command CHKDSK /F "Another way to do it is to edit the Registry directly and remove the AUTOCHK command. To do this, navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager in the Registry and look for a REG_MULTI_SZ value with the name BootExecute. Set the value of BootExecute to a null value. This will prevent AUTOCHK from running on next reboot."
  2. Try booting into Safe Mode, Press F8 just after your computer displays the BIOS information. You may have installed software or drivers that have caused damage to your system.
  3. 1. Diable The Proxy Setting Changed By The Virus: If you have firefox: Open up the Internet using Firefox and go to Tools, then Options. Click on Advanced. Click on Network. Where it says Connections, click on Settings. It will have the options of: No proxy Auto-detect proxy. Manual configure proxy. [b]Select: No Proxy, then Apply / OK [/b] In IE: Open Internet Explorer Look for the Tools Drop-Down Menu Select Internet Options On The Connections Tab, [b]Uncheck the box next to "Use Proxy Server.[/b]"
  4. I found some more, NONE of the are currently detected!
  5. It all started after a port scanner, scanned my PC, then... *I am infected with Adware.eSeller, it has two .dll files on my computer, C:\Windows\System32\eseller.dll and C:\Windows\System32\esellercore.dll *Norton AntiVirus 2009 detected "Perfect Keylogger (Spyware.Perfect)" and Spyware.Ardakey which were automatically removed. * I found files that have been downloaded by some bot! tiny.exe (backdoor), which I have uploaded to UploadNET. keylogger.exe (keylogger), which I have uploaded to UploadNET backdoor.exe (backdoor), which I have uploaded to UploadNET And tools used to hide them: Encrypters Process Killers I'm sure it has more than two files on my computer, so I used Hijackthis -- see the attachments. Please help me! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:54:13 PM, on 12/30/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Users\Rhett\Desktop\Malware\Keyloggers\keylogger\bin\svchost.exe C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll O4 - HKLM\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b O4 - HKCU\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [WengoPhoneNG] C:\Program Files\WengoPhone\qtwengophone.exe -b (User '?') O4 - HKUS\S-1-5-21-746021148-1913252787-1857551035-1000\..\Run: [majmonitor] C:\Program Files\MajMonitoring1\majmonitoring.exe (User '?') O4 - S-1-5-21-746021148-1913252787-1857551035-1000 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User '?') O4 - S-1-5-21-746021148-1913252787-1857551035-1000 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{68EB49BA-A4E3-46CF-99E0-CECFF98CB6B7}: NameServer = 205.188.146.145 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 4359 bytes Rhett Trappman trappmanrhett@yahoo.com
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.