Sign In
Create Account
Does anyone know a solution for this? I got this infection and really need help. Any help or input is deeply appreciated. Thanks, links on bottom.
http://www.malwareby...showtopic=28577
Thanks again.
2
New morphed edition of Security Tools, Mbam isnt fixing
Started by IT Expert, Oct 21 2009 05:24 PM
-
This topic is locked
Back to top
#22
Posted 22 October 2009 - 02:57 AM
-
- Honorary Members
-
- 105 posts
Advanced Member
- Gender:Male
- Location:Portland Oregon
- Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2
new problem: http://www.nicklocka...mboFixVirut.bmp
No way to run combofix, and tried to rename file to.
When I try and run sfc /purgecache it seems to work, but when i try and do a sfc /scannow the window just flash real quick and goes away before I can even see the scan. I have even tried to run the commands using dialafix with the same issues.
Malwarebytes is still missing the kbnet.dll is there anything else I can do
No way to run combofix, and tried to rename file to.
When I try and run sfc /purgecache it seems to work, but when i try and do a sfc /scannow the window just flash real quick and goes away before I can even see the scan. I have even tried to run the commands using dialafix with the same issues.
Malwarebytes is still missing the kbnet.dll is there anything else I can do
Malwarebytes Reseller
#23
Posted 22 October 2009 - 03:51 AM
-
- Honorary Members
-
- 105 posts
Advanced Member
- Gender:Male
- Location:Portland Oregon
- Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2
i was able to tell it to do a sfc /scanonce and on the startup its finally doing a scan, cant wait to see if that helps.
Another issues im seeing is data execution prevention error popups for i think the file is called logonui or something like that, going to have to try and shut that feature off for now i imagen
Another issues im seeing is data execution prevention error popups for i think the file is called logonui or something like that, going to have to try and shut that feature off for now i imagen
Malwarebytes Reseller
#24
Posted 22 October 2009 - 04:50 AM
-
- Malware Hunters
-
- 6,718 posts
Forum Deity
- Gender:Male
- Location:West Aussie
- Interests:Gardening and computers.
Well I've run every installer for Security Tool I have and MBAM seems to start and delete this rogue no probs.
If anyone has the installer could you upload here or share site please.
Windows Police Pro seems to match more closely to what this rogue disables.
If anyone has the installer could you upload here or share site please.
Windows Police Pro seems to match more closely to what this rogue disables.
#25
Posted 22 October 2009 - 06:12 AM
-
- Honorary Members
-
- 105 posts
Advanced Member
- Gender:Male
- Location:Portland Oregon
- Interests:Infection Detection & Removal, Developing & Programming of websites, Helping solve computer issues, American Muscle Cars, Big Block Chevys, Computer Gaming, Battlefield 2
I know it had both rogues, also this thing keeps dropping it, the damn this has this bot kbdnet.dll which is sticking it back on, I know security tools is still trying to stay alive because of the names of the keys in the registry, I have ran a few tools that are suppost to take down the virut worm, but no luck so far...
Malwarebytes Reseller
#26
Posted 22 October 2009 - 07:52 AM
-
- Moderators
-
- 18,860 posts
Malware BBQ'er
- Gender:Male
- Location:127.0.0.1
Ok folks let call order on this topic,
RogueNet is for uploading.sharing new undetected malware(s) for analysis and is not a removal forum persay when the fix's are failing due to malware borking the tools.
IT Expert i now have the file from your download link many thanks!
I will examine it and if signature is required i will then add in the next few hours.
Just for future reference should you continue assisting,all i would have needed to see was the bot file and any support data appertaining to that bot(e.g load entry+filepath)
The MBAM log and full HJT logs are not required for me to examine a file or write a signature for it.
Also just reminding you MBAM will not flush O20 - AppInit_DLLs: data values.
You need to confirm whether the file(s) that the data value(s) points to is infact still on the PC because it is quite possible the file (s) might have already been unloaded and just the *load* value persists.
Thanks for your understanding
RogueNet is for uploading.sharing new undetected malware(s) for analysis and is not a removal forum persay when the fix's are failing due to malware borking the tools.
Quote
Malwarebytes is still missing the kbnet.dll is there anything else I can do
IT Expert i now have the file from your download link many thanks!
I will examine it and if signature is required i will then add in the next few hours.
Just for future reference should you continue assisting,all i would have needed to see was the bot file and any support data appertaining to that bot(e.g load entry+filepath)
The MBAM log and full HJT logs are not required for me to examine a file or write a signature for it.
Also just reminding you MBAM will not flush O20 - AppInit_DLLs: data values.
You need to confirm whether the file(s) that the data value(s) points to is infact still on the PC because it is quite possible the file (s) might have already been unloaded and just the *load* value persists.
Thanks for your understanding
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
