453 Posted Topics
 | Hey Scott, I didn't see you were back - should've dropped a PM on me :) Looks like you and Judy are cruising along. -- That baddie removed by MBAM is an older "banker" trojan designed to harvest passwords and other sensitive info. We couldn't tell you what or how …  |
| | [QUOTE=huegs;1141996] Would it do any good to delete the file by going through the process found at the following link (tells how to take control of a file and then you can delete it).? [url]http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-system-file-in-windows-vista/[/url] Thx in advance for any assistance you might be able to offer. [/QUOTE] Hi Nathan, …  |
| | [QUOTE=jholland1964;1146519]Run another HiJackThis and post the log.[/QUOTE] Why not run an ARK tool, as well? Plus, there are some odd items that bear scrutiny: LSA: Notification Packages = scecli [B]fisprml.dll[/B] c:\windows\[B]Mxaleter.dat[/B] c:\windows\[B]Fkeyiresoxiwuvur.bin[/B] You might scan these at Jotti - if they are infected, they could point you in the right … |
| | Re: Virus lsasrv.dll [QUOTE=lhope2007;1146738] PLease let me know if there is anything I can do toget rid of this stupid thing. [/QUOTE] At quick glance, I do not see any malware in that log. Can you tell us what you are trying to remove? -- Are you able to provide any of the … |
| | Are you able to post the requested scanlogs as per the linky below? [B][url]http://www.daniweb.com/forums/thread134865.html[/url][/B] Give that a try and hopefully one of our volunteers will be able to aid you in fixing this. Cheers :) PP |
| | Re: HELP! S.O.S.! [QUOTE=Tech B;1144421] If [B]all else[/B] fails, you'll have to nuke the system and reinstall your OS.[/QUOTE] Indeed - but let's remember that "all else" encompasses a whole lot of options and reinstalling OS is not always a practical option if the user does not have a copy of the OS..... … |
| | [QUOTE=bossy marmalade;1062106]nope nothing is better it just wont go away and when i connect to the internet my computer slows wayyyyyy down or feezes i hate this[/QUOTE] Are you able to download the attached [B]FindWPP.zip[/B] and [B][I]Extract[/I][/B] the FindWPP Folder from the ZIP and place it on your ill computer? … |
 | [QUOTE=yellowdemon327;1135784]pc runs fine for a while, but the longer it runs, the slower it gets before it eventually locks up. [/QUOTE] You should probably try to rule out over-heating as an issue as well as what Judy suggests.... PP:) |
| | [QUOTE=BobLewiston;1132723]Please excuse my naiveté: exactly what types of websites am I supposed to steer clear of to avoid contracting malware infections?[/QUOTE] The obvious answer is: Any site dealing with Porn/Warez/Cracks. In my experience, though, nothing is truly "safe." There are just varying degrees of safety. Malware targets youngsters via sites … |
| | [QUOTE=jsalisbury;1132856] Sorry this is such a long post, I have tried to give as much information as possible and hopefully someone may be able to help. My IT knowledge is limited but i have tried to be as specific as I can and appreciate any help. Thanks.[/QUOTE] No worries - … |
| | [QUOTE=BobLewiston;1132044]What's the best software to prevent malware infections? The best to detect infections? The best to eradicate them? The best single all-in-one product?[/QUOTE] Wow . . . Is that ever a loaded question :) I am going to give you a very unpopular answer - I kinda like [URL="http://www.emsisoft.com/en/software/download/"][B]a-squared[/B][/URL]. It … |
| | [QUOTE=BobLewiston;1130645]Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.[/QUOTE] Most experts would tell you that, when cleaning rootkits, you should never assume you got all the baddies. Essentially, … |
| | [QUOTE=nw5052001;1040490]it seems this has helped alot of people and there are alot of people out there with this issue. i am finding that it works but i have to do the same thing everytime i reboot. is there something else that needs to be done to stop this? if there … |
| | Re: Something [QUOTE=lynnjohn;1105954] a box come on and said it was going to run a virus scan. When he clicked the x it went ahead and ran the program anyway . . . .[/QUOTE] I doubt anything actually "ran." Most often, these "scans" are flash video made to look like a scanner …  |
| | [QUOTE=JoHarvey;1104548] I can't even get it to reboot and read a CD...[/QUOTE] Hi Jo, Sounds like quite a mess. If you cannot get the machine to boot, I doubt there is much we can do to help. -- Are you able to boot to Safe Mode? (Tap F8 upon restart) … |
| | [QUOTE=mdk2k4;1001901]I thought the Thread title says, Infected computer Please Help....huhhh[/QUOTE] Did you see anything in the HJT or MBAM logs that warrants running Combofix? I once had a poster tell me that a virus had turned his cursor into a dinosaur......LOL! Can't always take things at face value :) I … |
| | Re: Please help [QUOTE=theshotts;1082567]Hi, I think my computer has some problrms. Please help if you can. [/QUOTE] You've got some baddies. -- Please delete your current HJT. It is outdated. No need for new version at this time. -- Please post the scanlogs requested in the linky below and I or one of … |
| | [QUOTE=matt1028;1094385] F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe[/QUOTE] You should probably post a DDS log as per the "Read Me" sticky post because it looks like MBAM missed this..... |
| | [QUOTE=chess77;1090131]Hi I got a thread from a tech at malwarebytes and loaded. 1st scan had 155 threats, now I'm down to 1 which keeps restarting. It's a rootkit and I was told to run combofix. . . . [/QUOTE] If you are being helped in another forum, you should continue … |
| | [QUOTE=greenhorn;1090599] Thanks for your response.[/QUOTE] I generally recommend that, when you come across a suspicious file, you should upload it for analysis at either [B][url]http://virusscan.jotti.org/en[/url][/B] or [B][url]http://www.virustotal.com/[/url][/B]. Let us know what you find. Cheers :) PP |
| | [QUOTE=MPRadamacue;1086370] Error loading C:\Windows\TEMP\msxm192z.dll [/QUOTE] If I am not mistaken, this is a WOW keylogger. Looks like MBAM or another tool has removed it, hence the error when it tries to load. -- Can you post your MBAM log? [B]Let's look to see if any other nasties remain:[/B] -- Please … |
| | Hi Scott, That looks like an extremely nasty infection with many possibly modified system files. -- Any way to get a more current version of MBAM to run? That's an old build with ancient definitions. -- Can you tell me what this is? Do you recognize it as business related … |
| | Your HJT log looks OK for the most part, though HJT alone is inadequate to diagnose today's malware. Do you know what this is? C:\WINDOWS\TEMP\[B]GNCF1E.EXE[/B] Since your other scans have not turned up anything, please try the following and post the logs for us: [B]FIRST:[/B] Please run a scan with …  |
| | Hi Nate, Please post the scanlogs requested in the linky below and I or one of the other volunteers will have a look as time permits. [B][url]http://www.daniweb.com/forums/thread134865.html[/url][/B] Things are a bit hectic this time of year, so responses may be a bit slow. PP:) |
| | [QUOTE=scraddock;1047485]I am running the paid version of MBA-M, not SAS.[/QUOTE] Hey Judy - You guys need to run GMER & Combofix to sort this problem out. PP :) |
| | [QUOTE=eva5;1081094]Dude! Ya' think?! Anyone have the latest scoop on antivirus software / suites? Help please Happy Holidays Eva5[/QUOTE] Best "for pay" options: [B][URL="http://www.eset.com/smartsecurity/"]ESET Smart Security 4[/URL] [URL="http://usa.kaspersky.com/products_services/internet-security.php?icid=50000028"]Kaspersky Internet Security 2010[/URL][/B] Best free option: [URL="http://personalfirewall.comodo.com/download_firewall.html"][B]Comodo Firewall + AV[/B][/URL] Cheers :) PP |
| | [QUOTE=Salincer;1073129]:( anything i can do to get this thing eliminated? I looked at the sticky's, and tried running those programs, but no luck. I also cant go into safe mode. It just restarts.[/QUOTE] Sorry for the lack of replies - it's the holidays and most of the regular volunteers are … |
| | [QUOTE=kronos2;1082307]Is there anyone out there who can help ? I have an Acer 1644 laptop, lately the laptop has been getting very hot. Now however when the laptop gets hot it has started loosing the output to the screen, is there anything I can do or is it on it's … |
 | [QUOTE=jonsca;1080373] or is it still possible that something has severed the ties between Windows and the AV or worse?[/QUOTE] It's probably just Vista being Vista.... If you haven't solved this already, you can try this: -- Open an [URL="http://www.vistax64.com/tutorials/181765-elevated-command-prompt.html"][B]Elevated Command Prompt[/B][/URL] -- At the prompt, [I]type:[/I] [B]net stop winmgmt[/B] ENTER … |
| | [QUOTE=sklingb1;1066627] They are inducing labor on my wife tomorrow so I might not get to reply for a couple days but at least you guys can give me some ideas for when I get the terminal in my hands again. [/QUOTE] Congratulations :) See if you are able to download … |
| | [QUOTE=laughingman9;1074175] Any help would be greatly appreciated[/QUOTE] [B]Do you have any reason to suspect malware? Let's try this:[/B] -- Download [URL="http://download.bleepingcomputer.com/sUBs/dds.scr"][B]DDS by sUBs[/B][/URL] and save it to your [B]Desktop[/B] -- If your AV has a script blocker, please disable it -- DoubleClick on [B]dds.scr[/B] to run the tool [I] * … |
| | Re: Viruses [QUOTE=primero;1073077]....... which a friend is going to do for me as I do not have the Windows XP program plus the other programs that I had installed on there.[/QUOTE] That is not a good idea because, in essence, you will be pirating Windows and if you and your friend are … |
| | [QUOTE=r3l1c;1065508]What anti-virus software are you using? Also what operating system?[/QUOTE] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:46, on 29/11/2009 [COLOR="Red"]Platform: Windows XP SP3 (WinNT 5.01.2600)[/COLOR] MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe. . . . . . C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program … |
| | [QUOTE=wheland;1066460] O23 - Service: EAOVVXVITMQ - Sysinternals - [url]www.sysinternals.com[/url] - C:\Users\Danny\AppData\Local\Temp\EAOVVXVITMQ.exe O23 - Service: IHJRGEKFK - Sysinternals - [url]www.sysinternals.com[/url] - C:\Users\Danny\AppData\Local\Temp\IHJRGEKFK.exe O23 - Service: NJBVC - Sysinternals - [url]www.sysinternals.com[/url] - C:\Users\Danny\AppData\Local\Temp\NJBVC.exe O23 - Service: WGB - Sysinternals - [url]www.sysinternals.com[/url] - C:\Users\Danny\AppData\Local\Temp\WGB.exe O23 - Service: YAUCRHW - Sysinternals - [url]www.sysinternals.com[/url] - … |
| | [QUOTE=khwhitaker;1041735]ok, I'm sorry but I guess I need directions for "place the file in the C:/Windows directory"[/QUOTE] RightClick on Junction.zip and [I]extract[/I] Junction.exe to your Windows Folder ([B]C:\Windows[/B]). Or, if easier, extract Junction.exe to the Desktop and then Cut&Paste it into the C:\Windows Folder. Then, open a command prompt (START … |
| | Re: Nothing working [QUOTE=Stonehands;1044071]Update: As of this morning after cleaning out temp user files all of the security warning pop up windows have stopped. While currently trying to run a scan off the trendmicro website the screen returned to the desktop. The download progress window remained open but progress slowed. The a window … |
| | [QUOTE=Richard V;1061159]I am afraid I do not know how to "boot to safe mode"[/QUOTE] Hi Richard, -- What is the OS? -- Are you posting from a clean computer? -- Do you have a USB thumb drive? -- Are you able to get a command prompt on ill machine? (START … |
| | [QUOTE=anotherhour;1060421]Hey Crunchie I am having the same problem with my internet browser google searches where they show the little green planet icon and then redirect me. . . . .[/QUOTE] Hi anotherhour, I split your post off into a new thread - please reply in this one. Please provide the … |
| | [QUOTE=adub;982170]If anyone has any info on fixing this I would appriciate it.[/QUOTE] See if you can boot the ill machine to [B]Safe Mode with Networking[/B] and access the forum that way. Let us know. I'll probably be gone until Thursday night, but another volunteer ought to be able to help … |
| | [QUOTE=FirstTimeUser;1042220]I seem to have gotten rid of the Vundo infection, however explorer.exe shows as running but is not appearing at the bottom of the screen.[/QUOTE] You HJT is out of date - go ahead and delete it. -- Can you post your MBAM scanlog? -- Please download [URL="http://download.bleepingcomputer.com/sUBs/dds.scr"][B]DDS by sUBs[/B][/URL] … |
| | [QUOTE=stranoblaze;1043359] i need help removing this thing. [/QUOTE] [B]See if you are able to do this:[/B] Please download [url=http://www.besttechie.net/tools/mbam-setup.exe][color=Green][b]Malwarebytes' Anti-Malware (MBA-M)[/b][/color][/url] to your Desktop. [B][I]What I want you to do, though, is this:[/I][/B] When you download it and it asks you to "Save File As," rename mbam-setup.exe to [B]iexplore.exe[/B] and … |
| | [QUOTE=beddou4;1052516]aujourd'hui j'ai constaté que vers 15 h chaque que je connecte, mes pages web sont bloquer par "OpensDNS" "this domain is blocked". "Egalement ma boite E-mail. Je vous remercie de votre aide, qui m'éclairerais[/QUOTE] You might have better luck posting here: [B][url]http://forum.zebulon.fr/[/url] [url]http://forum.zebulon.fr/securite-f40.html[/url][/B] Cheers :) PP |
| | [QUOTE=crunchie;1043704]Thanks, but PhilliePhan should head that list. [i]I've[/i] just been here longer :D.[/QUOTE] I think somebody's being a bit modest.. .. .. Your 700+ solved threads might beg to differ :) |
| | [QUOTE=nw5052001;1041156] i replaced the hard drive and loaded the original OS, drivers, etc from the original disc's. then installed windows XP upgrade. . . . i ran microsoft security essentials program and it removed worm conficker so it said......(problem still occurs).[/QUOTE] Hi NW, So this is a clean install? I … |
| | [QUOTE=alejito;1044338]I can't access microsoft.com, hotmail.com, hijack this webpage, and sometimes other seemingly random webpages like bbc news, met office, gametrailers etc. Most other webpages work fine though[/QUOTE] I am a bit "over-extended," so hopefully another volunteer can jump in and run with this, but to get started, please do the … |
| | [QUOTE=jholland1964;1041228]I honestly see nothing in your HJT log pointing to the redirect page. [/QUOTE] Hey Judy, You guys need to run a GMER scan (or skip directly to combofix). I suggest GMER first: Please download [B]GMER Rootkit Scanner[/B]: [B][url]http://www.gmer.net/download.php[/url][/B] -- DoubleClick the .exe file and, if asked, [I]allow[/I] the gmer.sys … |
| | [QUOTE=jw22;1037224]I also tried to run anti-spyware and nothing came up[/QUOTE] I'm curious about this one: Please navigate to the file in bold below and upload it here for analysis and let us know what you find ---> [URL=http://virusscan.jotti.org/][COLOR=DarkGreen][SIZE=14][B]http://virusscan.jotti.org/[/B][/SIZE][/COLOR][/URL] c:\windows\system32\[B]windrv.sys[/B] I'd also suggest a GMER run, if crunchie concurs... PP:) EDIT: … |
| | [QUOTE=BoJo20;1014783]Hmm, no responses. [/QUOTE] Sorry - It happens. We are all [I]volunteers[/I] with real lives to worry about + most support forums are overwhelmed with requests for help these days..... [B]Let's just cut to the quick and do this:[/B] If you already have[B] Combofix [/B]on your machine, [B]DELETE[/B] it. Then … |
| | While you are waiting for crunchie to check back, please give this a go: Please download [B]GMER Rootkit Scanner[/B]: [B][url]http://www.gmer.net/download.php[/url][/B] -- DoubleClick the .exe file and, if asked, [I]allow[/I] the gmer.sys driver to load. -- If you receive a warning about Rootkit Activity and GMER asks if you want to … |
| | [QUOTE=genegold;1040932] Is there any truth to the webmaster's claim?[/QUOTE] NO. He/she's blowing smoke up your skirt. PP :) |
The End.