|
Problem removing rootkit
|
|
|
raebie
Suspended due to non-functional email address
|
28. May 2009 @ 11:04 |
Link to this message
|
I recently installed bitdefender antivirus 2009 on my pc and ran a scan. It has picked up 2 things one which it failed to disinfect and it found a rootkit hidden and it looks like it has not been able to remove it.C:\WINDOWS\system32\lowsec Rootkit-Hidden Items Hidden
I have copied my report below and if anyone can help please let me know, thanks.
BitDefender Log File
Product : BitDefender Antivirus 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 27/05/2009 15:45:20
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1243435520_1_02.xml
Scan Paths:
Path 0000: C:\
Scan Options:
Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:
Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:
Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : Log as not scanned
Scan engines summary
Number of virus signatures : 3171380
Archive plugins : 45
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7
Overall scan summary
Scanned items : 61617
Infected items : 1
Suspicious items : 0
Resolved items : 0
Unresolved items : 2
Password-protected items : 0
Overcompressed items : 0
Individual viruses found : 1
Scanned directories : 3613
Scanned boot sectors : 2
Scanned archives : 356
Input-output errors : 1
Scan time : 00:31:51
Files per second : 31
Scanned processes summary
Scanned : 36
Infected : 0
Scanned registry keys summary
Scanned : 710
Infected : 0
Scanned cookies summary
Scanned : 2
Infected : 0
Remaining issues:
Object Name Threat Name Final Status
C:\WINDOWS\system32\sdra64.exe Gen:Trojan.Heur.Dropper.E1B24D4D4D Disinfect Failed
C:\WINDOWS\system32\lowsec Rootkit-Hidden Items Hidden
p.raeburn
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
29. May 2009 @ 08:03 |
Link to this message
|
Hi raebie,
If you haven?t been able to resolve your problems, try this:
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
MBAM is good to remove malware and Trojans but If MBAM cannot remove the rootkit, it can be removed with ComboFix, but it will have to be done manually.. So please run ComboFix, post the Logs and I will give you instructions to remove it..
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
Also, please post the MBAM Log and a fresh HJT log in your next reply.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
raebie
Suspended due to non-functional email address
|
29. May 2009 @ 12:57 |
Link to this message
|
I ran mbam i have had it installed on my pc for ages it picked up 23 infections here is the log
Malwarebytes' Anti-Malware 1.37
Database version: 2192
Windows 5.1.2600 Service Pack 3
29/05/2009 17:20:06
mbam-log-2009-05-29 (17-20-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 106262
Time elapsed: 32 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Quarantined and deleted successfully.
I am not going to run combo fix the file you gave me a link to is infected i use this online virus maleware scanner http://virusscan.jotti.org/en and it picked up this inside the file
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 Pua.Hideexec 2009-05-29 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
2009-05-29 BATCH.Virus 2009-05-27 Found nothing
2009-05-29 Found nothing 2009-05-29 Found nothing
Here is my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:36, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 6043 bytes
p.raeburn
|
|
mauro125
Newbie
|
29. May 2009 @ 13:58 |
Link to this message
|
to remove nasty virus and spyware I use a combination of superantispyware, mbam, spybot sd, and spyware doctor, and it gets every single one, just google them install them and let them do a complete scan, for spyware doctor you might have to get it from torrent or pay for it, but it's a very good program.
|
AfterDawn Addict
|
29. May 2009 @ 14:09 |
Link to this message
|
raebie,
The file I gave you is NOT infected!!! Some AntiViruses pick it up as an infected file. just disable your Bitdefender while you run it.. It happens to be the best program around for cleaning up rootkits and trojans that other programs miss...
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
29. May 2009 @ 14:36 |
Link to this message
|
|
As the old geek said I downloaded the combofix file and norton found it just fine! !
This message has been edited since posting. Last time this message was edited on 29. May 2009 @ 14:37
|
AfterDawn Addict
|
29. May 2009 @ 15:15 |
Link to this message
|
If you will run ComboFix from the command line, as I directed you, it will disable the AV and do it?s thing as it should..
To keep from having messages that bother you, Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
Hi garmoon, good to see you?
For the newbies out there, you may have noticed that Spy Sweeper, Spyware Doctor, Spybot, and Ad-Aware are not mentioned in any of my threads. At one time all of them were considered premier tools. A lot has changed over the years, as malware has become much more complex, and all of the aforementioned programs have inferior detection/removal capabilities compared to the tools I use. Please do not waste your time using them.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
29. May 2009 @ 23:22 |
Link to this message
|
good to see you oldgeek. What say you about ccleaner??
|
AfterDawn Addict
|
30. May 2009 @ 05:52 |
Link to this message
|
Hey garmoon,
Ccleaner is a great, safe, efficient way to clean up and keep down the trash build-up..
It has some very good extra features like including special folders for it to clean and has a command-line parameter ? /AUTO ? so you can schedule it to run whenever you please.
See here ->
http://www.techsupportalert.com/how_to_s...tomatically.htm
I have mine scheduled for a couple of times a day and just prior to a scheduled de-frag..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
30. May 2009 @ 12:05 |
Link to this message
|
|
I run mine before defrag and always after going off line.
|
AfterDawn Addict
|
30. May 2009 @ 12:41 |
Link to this message
|
|
garmoon,
it's a good idea to run it in SAFE mode so it can kill the temp files that are in use and can't be deleted while running....
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
raebie
Suspended due to non-functional email address
|
30. May 2009 @ 13:36 |
Link to this message
|
here is my combofix log did you even bother 2 check my hijack this
and malewarebytes log above to see if eveything was ok it's just you never mentioned them to me
ComboFix 09-05-30.01 - Raebie 30/05/2009 18:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.667 [GMT 1:00]
Running from: c:\documents and settings\Raebie\desktop\combofix.exe
Command switches used :: /killall
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.
2009-05-29 16:55 . 2009-05-29 16:55 -------- d-----w c:\program files\Trend Micro
2009-05-27 13:51 . 2009-05-30 17:20 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-27 13:44 . 2009-05-27 13:44 -------- d-----w c:\documents and settings\Raebie\Application Data\BitDefender
2009-05-27 13:43 . 2009-05-27 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-05-27 13:43 . 2009-05-27 13:43 -------- d-----w c:\program files\BitDefender
2009-05-27 13:41 . 2009-05-27 13:44 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-27 13:34 . 2009-05-27 13:35 -------- d-----w c:\program files\SpywareBlaster
2009-05-27 13:31 . 2009-05-27 13:31 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-27 13:09 . 2009-05-27 13:09 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-27 13:09 . 2009-05-27 13:08 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-27 13:09 . 2009-05-27 13:09 314200 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-05-27 13:09 . 2009-05-27 13:09 348496 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-05-27 13:09 . 2009-05-27 13:09 25440 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-05-27 13:09 . 2009-05-27 13:09 169312 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-05-27 13:09 . 2009-05-27 13:09 15688 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-27 13:09 . 2009-05-27 13:09 294240 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-05-27 13:09 . 2009-05-27 13:09 83808 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-05-27 13:09 . 2009-05-27 13:09 1630048 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-05-27 13:08 . 2009-05-27 13:08 40288 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-05-27 13:08 . 2009-05-27 13:08 212848 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-05-27 13:08 . 2009-05-27 13:08 73064 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-05-27 13:08 . 2009-05-27 13:08 64160 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-27 13:08 . 2009-05-27 13:08 640360 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-05-27 13:08 . 2009-05-27 13:08 559464 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-05-27 13:08 . 2009-05-27 13:08 540536 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-05-27 13:08 . 2009-05-27 13:08 2352456 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-05-27 13:08 . 2009-05-27 13:08 627536 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-05-27 13:08 . 2009-05-27 13:08 518488 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-05-27 13:08 . 2009-05-27 13:08 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-05-27 13:07 . 2009-05-27 13:07 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-27 13:07 . 2009-01-18 21:43 2892112 -c--a-w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-27 13:06 . 2009-05-27 13:06 -------- d-----w c:\program files\Lavasoft
2009-05-14 14:55 . 2009-05-14 14:55 -------- d-----w c:\program files\Realtek
2009-05-08 12:51 . 2009-05-08 12:51 -------- d-----w c:\documents and settings\Raebie\Application Data\AdobeUM
2009-05-08 12:50 . 2009-05-08 12:50 -------- d-----w c:\documents and settings\Raebie\Local Settings\Application Data\Adobe
2009-05-08 12:47 . 2006-06-02 14:59 81408 ----a-r c:\windows\system32\drivers\Rtnicxp.sys
2009-05-08 12:47 . 2009-05-08 12:47 -------- d-----w c:\windows\OPTIONS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 13:35 . 2008-03-09 17:20 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 13:34 . 2007-05-26 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 13:22 . 2008-03-09 17:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 13:21 . 2008-03-09 17:22 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-27 12:57 . 2008-07-12 13:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-26 12:20 . 2008-07-30 13:09 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 12:19 . 2008-05-13 15:32 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 15:45 . 2007-10-15 07:04 -------- d-----w c:\documents and settings\Raebie\Application Data\Azureus
2009-05-14 14:55 . 2007-05-26 21:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 08:26 . 2007-05-26 22:10 -------- d-----w c:\documents and settings\Raebie\Application Data\Vso
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"System Mechanic Popup Blocker"="c:\program files\iolo\System Mechanic 6\PopupBlocker.exe" [2006-12-20 752128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-04-23 2158592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-22 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-27 518488]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27/05/2009 14:09 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1005904]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-05-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:08]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.co.uk/
IE: &AOL Toolbar search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 18:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-05-30 18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 17:32
Pre-Run: 112,637,882,368 bytes free
Post-Run: 112,624,807,936 bytes free
165 --- E O F --- 2009-05-13 16:30
p.raeburn
|
AfterDawn Addict
|
30. May 2009 @ 15:52 |
Link to this message
|
raebie,
Originally posted by raebie:
here is my combofix log did you even bother 2 check my hijack this
and malewarebytes log above to see if eveything was ok it's just you never mentioned them to me
If I wasn?t going to check the Logs, I wouldn?t have asked for them.
Why should I have mentioned them? You can?t read them anyway and probably wouldn't know what I was talking about..
I really don?t have to bother myself with Simi-Illiterate Malware Collectors, I only do it because I care that your generation doesn?t have a clue on how to keep from being infected with malware and then cry for someone to help them without taking the time to research and learn how to do it for themselves.
Your ComboFix Log is Clean with no sign of a rootkit?. I didn't see it in MBAM so, it was probably a false alarm..
You will need to un-install ComboFix so it can re-set some things in your computer and it is not to be used if you haven?t been trained on it. You can bork your computer to the point of no return, if you don?t know what you?re doing..
This may or may not work if you did not follow the instructions and download it to your desktop as instructed, if it doesn?t work, then go to where you have Combofix and drag it to the trash.
? Click START then RUN
? Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
? When shown the disclaimer, Select "2"
The above procedure will:
? Delete ComboFix and its associated files and folders.
? Reset the clock settings.
? Hide file extensions, if required.
? Hide System/Hidden files, if required.
? Reset System Restore.
Have a Happy!
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
raebie
Suspended due to non-functional email address
|
31. May 2009 @ 12:23 |
Link to this message
|
|
i was not being ungrateful i just was wondering why you did not mention them 2 me and by the way this is not my pc i am just doing a favour for my mother who is 70 and does not have a clue. I dont get any infections on my pc i do know a bit about stuff like this but i thought i better ask someone that knew more than what i did and thanks for all the help and the things that got picked up was not false on the machine i could see the files before mbam removed them. i am not an idiot just so you know no need to say cheeky things like that. like i am maleware illiterate
what do you mean my generation i am 37 years old not 10 and i do know how to keep my pc clean but it is not mine. what a cheek you have
i only came here to ask for advice not to have you taking the mickey
look thanks for the help i am very grateful minus taking the mickey.
next time think before you blab off 2 people i was only asking you a question about the logs not saying you asked for them for nothing ok
p.raeburn
This message has been edited since posting. Last time this message was edited on 31. May 2009 @ 13:50
|
AfterDawn Addict
|
1. June 2009 @ 10:39 |
Link to this message
|
raebie,
Statements like ?did you even bother 2 check? appears to be un-grateful and turns most people off. The art of getting someone to do something you want done because they WANT to do it requires a little stroking, lol.
When I refer to ?your generation?, I mean anyone that I have kids or grand kids older than or maybe even Socks, older than? : )
In your Bitdefender log there was:
Quote:
Remaining issues:
Object Name Threat Name Final Status
C:\WINDOWS\system32\sdra64.exe Gen:Trojan.Heur.Dropper.E1B24D4D4D Disinfect Failed
C:\WINDOWS\system32\lowsec Rootkit-Hidden Items Hidden
MBAM cleared these but, they were not classified as a rootkit and that is Why I requested ComboFix to see if a rootkit remained?.. it didn?t.
In most of the tests I have seen, Bitdefender failed the VB100 tests and has a lot of missed viruses and heaps of false positives? you would be wise to choose another AV. Googling reviews and tests ran by independent testers can help you decide on a better AV. Three (free) AV?s that are better than Bitdefender are: Avira AntiVir, Avast and AVG.
In three words I can sum up everything I?ve learned about life: ?it goes on.?
Strive to be Happy, and work on your PR..: )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
raebie
Suspended due to non-functional email address
|
1. June 2009 @ 17:44 |
Link to this message
|
I use to have avg then later i had avast the only reason i got bitdefender cause the reviews told me it was the top 1 and others in the top 5 and also i got it for £11. That was the first time i ever bought an antivirus prog i have always used free ones. It cant be that bad cause it picked up sdra 64 exe file and lowsec files that are rootkits and both files are connected to each other even i know that and by the way you said i am maleware illiterate and you are not, avg never picked them up and i know this is a rootkit that disables your firewall amongst other dodgy things. Why not do some research on this sdra64.exe file yourself and you will see it is a rootkit just because bitdefender did not state it is a rootkit it does not mean it is not. My firewall was getting disabled all the time until mbam removed it all. Thanks a lot for your help. And i think also you need to work on your pr. Talking like that to people calling them illiterate and all that is not on if someone said that to my face i probably would of decked them. Peace and thanks for all the help you gave me and i hope my mothers pc does not get infected again
p.raeburn
This message has been edited since posting. Last time this message was edited on 1. June 2009 @ 18:27
|
AfterDawn Addict
|
1. June 2009 @ 20:10 |
Link to this message
|
@raebie
Did you take another wrong PMS pill this morning again?
Quote:
It cant be that bad cause it picked up sdra 64 exe file and lowsec files that are rootkits and both files are connected
It can't be that good either, since the pc got all screwed up on its watch!
Why couldn't you let all the $hit just drop. You had to get the last word in. I would have not helped after your first outburst.
Quote:
here is my combofix log did you even bother 2 check my hijack this
Geek was right about your rudeness, just in the tone of your question. Which might have been better-Did you find anything of help in my log file?? Make nice, you just got excellent professional FREE f**king help, and you're still bitching! Geek didn't need any defensive help from me, he handled it gentlemanly, me not so much.
This message has been edited since posting. Last time this message was edited on 1. June 2009 @ 20:11
|
|
varnull
Suspended permanently
|
1. June 2009 @ 21:59 |
Link to this message
|
I saw mwntion of ccleaner earlier..
just wanted to mention that it will uninstall and screw up bt-hohub (pimping your wifi to the neighbourhood) drivers and settings for some unfathomable reason... perhaps because the bt setup/install disk comes with a trial of some bitdefender trash? .. version I saw on callout did anyways.
|
|
raebie
Suspended due to non-functional email address
|
2. June 2009 @ 13:36 |
Link to this message
|
duh mate i had just put bitdefender in that day i sent the log into afterdawn. If you took time to read the thread properly instead of just jumping into peoples threads and talking crap.I had avg in this pc for years and it did not pick it up.
I had just installed bitdefender that day i sent the logs into this site and straight away it picked these infections up duh listen to what people say.you thought i had bitdefender on this pc all along no i had avg the free antivirus and it did not pick this infection up so there u go avg free is not that good either.And by the way i know i got pro help and it is well appreciated.But it is not appreciated idiots like u jumping on other peoples threads talking crap without even reading the posts properly idiot. Bitdefender was not keeping watch on my pc when it got infected it was avg duh.And i get called illiterate what does that say for you i rest my case.And for your info i have used this site for ages and i have never been called illiterate or anything else or even ended up arguing with anyone for that matter so of course i was going to come back and say something what a cheek.I only came on this site for some help not 2 have idiots take the crap and others trying to back it up when they dont even know what they are talking about
p.raeburn
This message has been edited since posting. Last time this message was edited on 2. June 2009 @ 14:21
|
AfterDawn Addict
|
2. June 2009 @ 15:33 |
Link to this message
|
|
not worth my time
|
|
LauraAnne
Junior Member
|
2. June 2009 @ 20:56 |
Link to this message
|
I agree that avira and avast are good, the best antivirus is nod 32. I dont agree avg is good, if you look at how many viruses etc it misses you will know why. Here is a link to the graphs of what the top antiviruses miss and what they actually picked up and avg misses more than any other antivirus out there
http://www.eset.com/products/compare-NOD32-vs-competition.php
And also only 17 out of 37 antivirus programs passed the VB100 tests
so it's not just bitdefender. 2oldgeek was wrong because if you look at the graphs on the link bitdefender missed less viruses than avg
but avg passed more tests than bitdefender.Avg missed over 745 on acccess and 234 viruses on demand and bitdefender missed 32 on access and 82 on demand so avg is not better
This message has been edited since posting. Last time this message was edited on 3. June 2009 @ 04:23
|
AfterDawn Addict
|
3. June 2009 @ 11:41 |
Link to this message
|
@LauraAnne,
I agree that I should not have included AVG (that was just a typo or brain fart)
If you compare AV?s then it is better to use data from an independent, impartial reviewer and not the company that sells it.. You will notice your link is from eset.com and in no way could it be biased.. lol
You will notice also, that they are only comparing based on ?in the wild? known viruses that have already been corrected. A true test uses new viruses that have popped up over the last few months in order to see if they have been keeping up and updating.
From your link:
Quote:
VB100 Awards for Detection of All In-the-Wild Viruses in the VB Test Sets Without Any False-Alarms
Not a true test! Think about it..
My favorite one liner is: ?Never kick a cow chip on a hot day?. In other words, if you stir it up, it?s going to stink!
I wasn?t going to mention this, but since raebie kicked the cow chip, I will.
@raebie,
I guess you are the ?Bright Spark? that installed Azureus.exe, on your Mom?s computer, that shows up in the ComboFix Log. You can run but you can?t hide?
Quote:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
It?s a P2P program for downloading Torrent files, infested with malware, like that that showed up in your logs, for your poor old Mother to have to put up with.. Real bright??
No more need be said except; May you be blessed with Hindsight to know where you have been, Foresight to know where you are going and the Insight to know when you have gone too far?.
Have a beautiful, rewarding day..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
raebie
Suspended due to non-functional email address
|
3. June 2009 @ 13:29 |
Link to this message
|
i have never even bothered using azureus and the file itself is not infected but some things you download through it can be. I'm unsubscribing from this thread now. All i wanted to do was ask for help, maybe i asked in the wrong way but there was no need to respond the way you did. Anyway forget about it, thanks for the help, much appreciated bye
p.raeburn
This message has been edited since posting. Last time this message was edited on 3. June 2009 @ 13:59
|
|
rarthurb
Newbie
|
3. June 2009 @ 13:44 |
Link to this message
|
|
I would like to thank 2oldGeek For the advice he gave to the ungrateful user who he helped getting rid of the viruses and rookits by using Combofix.exe. While the advice to the user wasn't appreciated it really did help me removing an infection that I had not been able to get rid of. Sometimes when helping others you end up helping a lot of others(like me). Most just come here and learn from the wise ones and never interact, just sit back in the corner and listen (like me). Thank You Very Much, Your advice was right-on and correct!
Robert....
just me
|
|
Advertisement
|
|
|
AfterDawn Addict
|
4. June 2009 @ 11:28 |
Link to this message
|
|
@rarthurb,
No, Thank you very much, Robert, for this reply?. It is so gratifying to know that all is not in vain. After over 40 years of programming, rebuilding and Geeking computers, that someone can benefit from my input on this forum is pay back enough. I guess you know the pay here ?sucks pond water? lol.
If you ever need any extra help just post to: ?for 2oldGeek? and I?ll pick it up as soon as possible?.. I am Simi-retired and work weird hours? Guess I?ll still be working when they pat me on the belly with a shovel. LAMO?
Thanks again, Robert..
Live simply. Love generously. Care deeply. Speak kindly. Leave the rest to God.
2oldGeek - That?s ?2? not ?Too?, old with a small ?o? and Geek with a Capital ?G?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
