Jump to content

Soft Soldier on my computer-no result on malwarebytes

verveine

By verveine
in Resolved Malware Removal Logs

 Share

Recommended Posts

verveine

verveine

Posted
Posted

Hi,

my computer seems to be infected with Soft Soldier, which opened in my IE browser window. I ran a scan with Windows Defender and Malwarebytes (with newest update) and both didn't find any malware. My notebook is working really slow and I can't update Antivir.

Could someone please look at the Malwarebytes log file and the Hijackthis Log File? I'm sure Soft Soldier didn't just disappear by itself. Thanks in advance!

Last Malwarebyte Log:

Malwarebytes' Anti-Malware 1.41

Datenbank Version: 2999

Windows 6.0.6002 Service Pack 2

20.10.2009 21:45:41

mbam-log-2009-10-20 (21-45-41).txt

Scan-Methode: Vollst

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Hi,

Update MBAM definitions thru update tab. Then run a quick scan (let MBAM remove found items) and post resultant report.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites
verveine

verveine

Posted
  • Author
Posted

Hi,

thanks for your help!

Here's the malwarebytes Log. The programm didn't find any infected objects and therefore removed none.

Malwarebytes' Anti-Malware 1.41

Datenbank Version: 3038

Windows 6.0.6002 Service Pack 2

27.10.2009 08:40:47

mbam-log-2009-10-27 (08-40-47).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 93651

Laufzeit: 5 minute(s), 25 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites
verveine

verveine

Posted
  • Author
Posted

Hi,

thanks for your reply. I won't be able to download and run ComboFix before tomorrow evening. One question though: Do the Log files I posted here give any indication for an infection of my computer? I'm asking this because it runs totally without fault after I started working with Firefox instead of IE and I haven't encountered any warnings from Soft Soldier so far. Plus I can now update antivir without problems.

I'm feeling a bit uneasy about ComboFix, too, because I really need my notebook for work and because I'm crap with computer problems (i.e. fixing things if ComboFix damaged something)

What do you think?

Anyway, if you still think it's neccesarry to run ComboFix (I'm not questioning your expertise, mind you!) I'll be back tomorrow evening with the required files.

Thanks!

regards,

verveine

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites
verveine

verveine

Posted
  • Author
Posted

Hi,

ok, then I'll run Combofix tonight and trust that you won't let me hang if my notebook decides to crash. :)

One question though, the Combofix tutorial instructs me to install the Winows recovery console and if this won't work through the combofix process, I can do this manually. The recovery console seems to be a tool for XP. I have Vista - and a pre-installed version on top, meaning I don't have a Vista CD. Is there an equivalent for Vista and how will this work for me?

"Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds.txt log."

Does this mean I should run DDS again to create the new dds.txt log?

Sorry about my permanent questions but I'm a real amateur when it comes to my computer!

Thanks!

I'll be back tonight.

regards,

verveine

Hi,

If issue still appears with IE then there's still a problem and using Firefox is just circumventing it.

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted
I have Vista - and a pre-installed version on top, meaning I don't have a Vista CD. Is there an equivalent for Vista and how will this work for me?

Hi,

Recovery console part can be skipped over.

Does this mean I should run DDS again to create the new dds.txt log?

Yes, after ComboFix run.

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Hi again,

First before I forget.. please use t_reply.gif button while replying. That way whole previous post won't get quoted :)

Are you familiar with C:\A folder?

Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Uninstall this vulnerable Java:

Java™ 6 Update 2

Download ATF (Atribune Temp File) Cleaner

Link to post
Share on other sites
verveine

verveine

Posted
  • Author
Posted

Hi,

ok, BIG problem: I disabled the antivirus programms as last time, draged the saved CFScript into the ComboFix icon and the program launched. during the process ist told me it detected rootkit activity and had to reboot. pressed ok and the computer restarted and restarted all antivir programs, too.

after this no sign of combofix. what now?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.