Jump to content

Recommended Posts

Hi All,

I have windows xp sp3 on intel core 2 duo desktop. I have Symantec Entpoint Protection version 11.0.4402.75 with latest virus definition files and Adaware v8.2.4 with latest definitions as well. I am the only user(ashu) on this desktop with Admin rights and others have only normal users right.

I got the first symtops of problem when Textpad and Editplus stopped working for my login. MBAM was also not working. All these work in other logins. There were some files in my 'temporary internet files' that were not getting deleted any way, finally I deleted those using windows disk cleanup utility. Some other observations:

1. All these applications incling mbam works fine in other users.

2. If I give admin right to other users but remove access to administrators from my 'C:\Documents and Settings\ashu' then also all these applications work in that user login.

3. If I give admin rights and also access to 'C:\Documents and Settings\ashu' then this user will also face same problems.

4. If I DON'T give admin right but only access to 'C:\Documents and Settings\ashu' then also he faces the problems.

5. As soon as I again remove access to 'C:\Documents and Settings\ashu' his issues are removed.

6. If I remove admin rights from my login, I still have the problems.

I am not sure but I doubt that I got infected when I visited www.omkrishnadevelopers.com as my virus scanner reported virus on this website and also files from this website were not getting deleted from temporary internet files.

Adaware and SEP are not able to catch any problem.

If I try to run GMER, it freezes after 25 mins and I have to hard reset my computer.

RootRepeal ran once but now gives Decompression error(5) while initializing and eson't run.

RootKitRevealer from Microsoft doesn't run.

SuperAntiSpyware v 4.38.1004 with latest definitions also didn't find any issues.

Online scanner from fsecure didn't find any issue

RKill was reporting that RKill got terminated while running but now it closes in 2 seconds.

I have tried SDFix fix also but no luck.

I tried to run dds.scr(Size 513 KB (525,824 bytes), size on disk: 516 KB (528,384 bytes)) but it doesn't run.

I have tried renaming gmer, rootrepeal, rootrevealer, dd.scr, but still same.

I have removed most of items from my startup list using CCleaner, leaving only RTHDCPL.exe and CCApp.exe and wonderfl.exe

I am able to run hijackthis.

The attachment has following files:

Hijackthis logs

RootRepeal log and report (may be of different times)

SDFix Report

Avenger report

One error reported by Symantec when running SuperAntiSpyware

Please help urgently, I am badly struggling with this.

Thanks,

Ashu

logs.rar

Link to post
Share on other sites

Some more important points:

1. In my previous email I mentioned the windows username as 'ashu', but actual username was 'shiva', so that the logs are not confusing. I wanted to hide actual username.

2. Today I tried many things. I shared C$ of this desktop on my laptop and ran MBAM on laptop to scan network drive, but it didn't find anything.

3. Also I managed to run RootRepeal and its logs are attached.

4. I noticed that though I had removed Mcafee antivirus, its common framework service was still running, so I removed it as well (after I created new user a/c).

5. Since problem was related to one particular folder C:\Documents and Settings\shiva, whichever user gets access to this, started facing this problem and once access is removed, it was fine and also I was badly tired, so I decided to delete this user and create a new one, though this was main user on the desktop and has lots of data. I renamed the folder to 'C:\Documents and Settings\shiva1' as new user with same name will have its own separate folder. Again this login had the problem, though it didn't have access to old problem folder. So another conclusion is that if the username is shiva or any user which have access to that folder faces this problem. So finally I created user with different name and copied desktop, my documents and favorites from old user profile. Not sure which file may be the culprit, so not copying the entire contents.

6. I tried running GMER on my laptop (which should not be infected and also I don't see any symptoms of infection) and it froze after 20 mins, so it may be an issue with GMER and not necessarily related to infection.

7. I managed to run DDS as well and logs are attached.

Though the new user doesn't show any problem yet and also I plan NOT to have admin rights this time and will keep admin rights only with Administrator and will use Administrator account only when really needed and not while accessing internet to be safe, but the original problem may still be there.

Hope all this informations gives more idea about problem.

Thanks.

logs.rar

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.