Jump to content
control_tps

My XP "BackdoorBot"

Recommended Posts

Here is the first scan on my XP PC:

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 3:29:50 PM

mbam-log-2009-10-26 (15-29-50).txt

Scan type: Quick Scan

Objects scanned: 116806

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\EAL.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.

Here is the second scan on my XP PC:

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 3:41:51 PM

mbam-log-2009-10-26 (15-41-51).txt

Scan type: Quick Scan

Objects scanned: 116701

Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__15_41_51_.txt

Share this post


Link to post
Share on other sites

I hope I did this correct.

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 6.0.6002 Service Pack 2

10/26/2009 11:02:12 PM

mbam-log-2009-10-26 (23-02-12).txt

Scan type: Quick Scan

Objects scanned: 99657

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__23_02_12_.txt

Share this post


Link to post
Share on other sites

Please, let me know if I posted the correct developer log, Bruce. I noticed that there was new update. Here is the scan with new update.

Malwarebytes' Anti-Malware 1.41

Database version: 3038

Windows 6.0.6002 Service Pack 2

10/26/2009 11:25:37 PM

mbam-log-2009-10-26 (23-25-37).txt

Scan type: Quick Scan

Objects scanned: 99722

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Here is the new scan with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3038

Windows 6.0.6002 Service Pack 2

10/26/2009 11:34:24 PM

mbam-log-2009-10-26 (23-34-24).txt

Scan type: Quick Scan

Objects scanned: 99719

Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__23_34_24_.txt

Share this post


Link to post
Share on other sites
I did follow the step in how to save a log in developer mode. Sorry, I just don't understand how to do it, I guess.

Follow the steps 1 by 1 in the link I posted , you will get a log with additional information .

Without the file being detected or a developers log there is nothing I can do for you .

Share this post


Link to post
Share on other sites

Here is my Vista PC Full System Scan result with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3043

Windows 6.0.6002 Service Pack 2

10/27/2009 2:12:37 PM

mbam-log-2009-10-27 (14-12-37).txt

Scan type: Full Scan (C:\|)

Objects scanned: 252149

Time elapsed: 1 hour(s), 25 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\epson\PrinterDriverTemp\SCX6000\EAL.EXE (Backdoor.Bot) -> Quarantined and deleted successfully. [4948455830356668766980808315358085010707015538515242484730201301041504150415040

10707015253514247405230171301213722342217171717191717171717171721171717391717393

9

39391717171735251717171717171717171717171717211717171834171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717181717171735341817171717381839352117263637191835

2

51718213636371918261726172221232523262420191724172419233923242419231823371917233

7

24222420242119172319232219172419242223381917242223382321232224191917222423262338

2

02020191737173419212024171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

22172122171717172136171817251717182622382119193417171717171717171717171717171717

3

81717172538251817351718171918261717323232321717171732321717171717171717171717173

2

32323232321717171718171717171717173232323217171717171732323232171718171717171717

1

71719171717171718171717171717171717171717171717211717171717171717171717171717171

7

32323232171717171721171717171717171717171717171917171717171717171717323217171717

2

11717171717171717171817171717171817171717171717171717171717181717171717171717171

7

17171717171717171717171717171732323232171732323232171717171717323232321717171732

3

21717171717171717171717171717171717171717171717171717171717171717171717171717323

2

32321717323232321717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717173232323217171825171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717212021392121212217171717171717173232323232321717171718171717

1

71717173232323217171717172117171717171717171717171717171717171717171717171717171

7

17191717171717231721212118222121181717171717171717323232321717171717173232323217

1

71717323217171717171732323232171717171717171717171717171717171717171717171717171

7

21171717171736172119222022201717171717171717171732323232171717171717323232321717

1

71717171717171717173232323217171717171717171717171717171717171717171717171717171

7

17171717173617193823262321231824212318171717173232323217171717171732323232171717

1

73232171717171717323232321717171717171717171717171717171717171717171717171717211

7

17171717361719382421233624201717171717171717323217171717171717173232323217171717

1

71717171717171732323232171717171717171717171717171717171717171717171717171717171

7

17171736171938241923212318242123181717171718251717171717171717323232321717171717

1

91717171717173232323217171717171717171717171717171717171717171717171717172117171

7

17172217193824192322233623392320171717173232323217171717171732323232171717173232

1

71717171717323232321717171717171717171717171717171717171717171717171717211717171

7

17221719382419242024192320171717171717171732321717171717173232323217171717323217

1

71717171732323232171717171717171717171717171717171717171717171717171721171717171

7

22171717171717171717171717171717171717171717171717171717323232321717171717171717

1

71717173232323217171717171717171717171717171717171717171717171717172117171717172

2

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717211

8

1732323232173417232220242124192326233823242225]

mbam_log_2009_10_27__14_10_04_.txt

Share this post


Link to post
Share on other sites

Here is my XP PC Full System Scan result with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3042

Windows 5.1.2600 Service Pack 3

10/27/2009 2:37:59 PM

mbam-log-2009-10-27 (14-37-48).txt

Scan type: Full Scan (C:\|)

Objects scanned: 290325

Time elapsed: 1 hour(s), 46 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\epson\PrinterDriverTemp\SCX6000\EAL.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP370\A0095123.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP370\A0095215.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\WINDOWS\system32\EAL.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

mbam_log_2009_10_27__14_37_48_.txt

Share this post


Link to post
Share on other sites

Please zip and attach EAL.EXE to your next post , this should be fixed so I am going to need the file to see what is wrong here .

Share this post


Link to post
Share on other sites
Please zip and attach EAL.EXE to your next post , this should be fixed so I am going to need the file to see what is wrong here .

I'm sorry Bruce, but can you please provide a step by step instruction in how to do this. Because, I can't do it. Maybe, next time I can get it right. Also, did I post the developer log correctly? :) Thanks for all your help. :)

Share this post


Link to post
Share on other sites

I was asking for EAL.EXE , the file being detected , not a scan log , I did not need any more of them . I needed the file we were detecting .

Share this post


Link to post
Share on other sites
I was asking for EAL.EXE , the file being detected , not a scan log , I did not need any more of them . I needed the file we were detecting .

Yes, I understand now, but how do you find this EAL.EXE in my PC. Where do I look for it? Thanks you.

Share this post


Link to post
Share on other sites

Show Hidden Files and Folders:

  • Click Start and select My Computer
  • Click the Tools item from the menu at the top of the window (if you don't see Tools press the Alt key on your keyboard and it will appear)
  • Select Folder Options
  • Click the View tab and make sure Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Create a batch file to grab the file and upload it:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    copy %windir%\system32\EAL.EXE "%userprofile\desktop"


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file grab eal.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • The file should now be sitting on your desktop, right click on it and hover your mouse over Sent To and select Compressed (zipped) Folder
  • Attach the EAL.zip file to your next post for analysis by Mr Harrison

Share this post


Link to post
Share on other sites

@nosirrah - Confirm fixed. You're welcome, Bruce; happy to help.

@control_tps - The last log you posted showed the file had been quarantined and deleted. Hard to make a zipped copy after it's deleted! :) Uncheck the file the results window so you don't accidentally do that.

To get a detected file, all I do is right-click on the detected item in the results and select "Go to location" (I think that's the wording). I make a zipped copy with 7-zip (use whatever you've got) and move the .zip file to My Documents, where I can find it quicker. Then I attach it to my post here.

Share this post


Link to post
Share on other sites

I should have pointed out, you need to restore EAL.EXE from quarantine - I suspect it's needed in order to use your printer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.