Jump to content

tyler

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tyler

  • Rank
    New Member
  1. ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/03/09 23:24 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEFC54000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8BD3000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
  2. ok heres my latest highjack this and the other program showed no viruses. ps im not sure if step 2 worked corectly because, on the black screen it showed a few files and then said access dinide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:35:24 AM, on 2/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Progr
  3. oh yah when i ran the reboot program there was a duck in top corner before program loaded not sure if this was normal.
  4. My system is running ok. Before I did the stuff yesterday my system was rebooting itself by closing down windows, no it seems the system might be running a bit slower but everything seems good. so you know i got this virus from antivirus 2008 if that helps. Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 5.1.2600 Service Pack 3 2/6/2009 8:16:33 PM mbam-log-2009-02-06 (20-16-33).txt Scan type: Quick Scan Objects scanned: 60932 Time elapsed: 5 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Regis
  5. ok i ran program and here is log cheching master boot record of drive 128 129 error (2): cannot read record auto excluding /sys/ from scans ( is a special fs) auto excluding /proc from scans ( is a special fs) chking /mt/then some bell security archive stuff comes up warning: archive not completely scaned: content encrypted /mnt/hda1/docume~1/user/desktop/combofix.exe ALERT:[APPL/PsExec] /mnt/hda1/docume~1/user/desktop/combofix.exe -- arrow 32788r22fwjfw (it the backward) /psexec.cfexe next there are zsnes files a bunch so i wont put all
  6. first i cant explain and i followed advise and heres the new hjt. im not a computer wis but im followinf all instuctions. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:23:47 AM, on 2/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bell\Security Manager\Fws.exe C:\WINDOWS\system32\LEXBCES.EXE C:\
  7. Malwarebytes' Anti-Malware 1.33 Database version: 1733 Windows 5.1.2600 Service Pack 3 2/6/2009 4:08:45 AM mbam-log-2009-02-06 (04-08-45).txt Scan type: Quick Scan Objects scanned: 59893 Time elapsed: 2 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (
  8. ok i did run scrip as shown and i lost combofix by accident. I just ran again using the same instructions heres results. and thanks for helping. ComboFix 09-02-05.02 - user 2009-02-06 3:02:39.5 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.320 [GMT -5:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated) FW: Sympatico Security Manager Firewall *disabled* * Created a new restore point FILE :
  9. i have now ran full malwarebytes and another hyjack this scan heres results Malwarebytes' Anti-Malware 1.33 Database version: 1732 Windows 5.1.2600 Service Pack 3 2/5/2009 6:16:49 PM mbam-log-2009-02-05 (18-16-49).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Objects scanned: 116480 Time elapsed: 23 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No ma
  10. Malwarebytes' Anti-Malware 1.33 Database version: 1732 Windows 5.1.2600 Service Pack 3 2/5/2009 5:24:00 PM mbam-log-2009-02-05 (17-24-00).txt Scan type: Quick Scan Objects scanned: 59001 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yogodjvv
  11. ok i used combofix here is result ComboFix 09-02-04.01 - user 2009-02-05 3:49:54.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.236 [GMT -5:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) AV: Sympatico Security Manager Anti-Virus *On-access scanning disabled* (Updated) FW: Sympatico Security Manager Firewall *disabled* . ((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 ))))))))))))))))))))))))))))))) . 2009-02-05 03:12 . 2008-10-16 14:06 208,74
  12. not sure i gave enough info both programs could not delete those malware for good whats next step.
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:52 AM, on 2/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bell\Security Manager\Fws.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
  14. OK I have downloaded hijaker and malware, By reading hijack report it seems that there are malwarebytes on my microsoft nt 2003 or xp, it says these are hard to remove. I have aslo used malware bytes and there are two malware they dellete succefuly but they come back in my next scan. I need help to remove this crap from my system what is my next logical step besides thoughing my computer in the garbage. and here are my logs. and quarintine does not work in malwarebyte, says error Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:58 PM, on 2/4/2009 Platform: Windows XP SP3 (WinNT 5.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.