Jump to content

heir

Experts
  • Posts

    295
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Please post the logs in a reply. This topic will be closed unless you still need help.
  2. We need to run some more scans before we tackle this. Step 1. RKU: Please Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here. Note** you may get the following warning, just click OK and continue. "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?" Step 2. aswMBR: Download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply Step 3. Things I would like to see in your reply: The content of Attach.txt (on your desktop) from when you ran DDS. The content of the log from RKU in step 1. The content of the log from aswMBR in step 2.
  3. Hey there, ! OK! Well done, your log is clean again! :thumbsup: Time for some housekeeping. Step 1. Clean up: We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer. First: Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. Second: Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. Now delete any tools/logs that is left over after you ran OTC. Step 2. Prevention: OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections. First: Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack. Please go to the link below to download an update. http://www.adobe.com/products/acrobat/readstep2.html Remove the older versions and install the latest. Second: One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Automatic Updates for Windows Click Start. Select Settings and then Control Panel. Select Automatic Updates. Click Automatic (recommended) Choose a day and a time when you know the computer will be on and connected to the Internet. Click Apply then OK. Third: Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month. Anti Spyware SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here. SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here. . Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup. Fourth: Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system. Personal Firewalls Comodo is a free fully functional firewall Online Armor (Free edition) personal firewall Fifth: Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN): Instant Messengers Trillian or, Miranda-IM Lastly: To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. I will keep this log open for the next couple of days, so if you have any further problems post another reply here. OK, all the best, and stay safe!
  4. setupa.exe belongs Traktor 2 Setup from Native Instruments that you've installed on your computer. Is activeX enabled? Link on how to enable activeX Make sure that activeX is enabled, then try ESET Online Scanner again.
  5. Do you recognize that file as something you've put there on purpose? c:\windows\setupa.exe Step 1. CFScript: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: http://forums.malwarebytes.org/index.php?showtopic=85154 Suspect::[103] c:\windows\setupa.exe FileLook:: c:\windows\setupa.exe Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. Step 2. ESET Online Scanner: Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Step 3. Things I would like to see in your reply: The answer to the question in the beginning of this post. The content of C:\ComboFix.txt from step 1. The content of the log from EOS in step 2.
  6. Sorry about the delay. Got tied up. Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. There are basically two types of these programs: On-Access and On-Demand On-Access Scanners As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine. On-Demand Scanners As the name implies, are scanners that only run when you ask them to. Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine. Step 0. Filescan: Please go to: VirusTotal On the page you'll find a Browse - button. Click on the Browse button. In the Choose File to Upload window which opens, copy and paste this into the File Name box. c:\windows\setupa.exe Next, click the Open button. Then click the Send File - button just below. This will scan the file. Please be patient. If you get a message saying File has already been analyzed: click Reanalyze file now Once scanned, copy and paste the link to the results page in your next reply. Step 1. Uninstall program: Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
  7. Your computer has caught a Rootkit. Lets' begin with these two tools for starters. Step 1. TDSSKiller: Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Step 2. ComboFix: We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Step 2. Things I would like to see in your reply: The content of the log from TDSSKiller in step 1. The content of C:\ComboFix.txt from step 2
  8. Has ESET been scanning for a week now? If so end the scan and post the log. Then do the steps in this post
  9. I do use Skype regularly. Are there any vulnerabilites that Skype has that I should avoid exacerbating in the future? Let me google that for you Doubt that it's java, more likely that cache has been emptied. Should be better after you've used it a while.
  10. Hey there, Alton ! OK! Well done, your log is clean again! Time for some housekeeping. Step 1. Clean up: We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer. First: Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. Second: Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. Now delete any tools/logs that is left over after you ran OTC. Step 2. Prevention: OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections. First: Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack. Please go to the link below to download an update. http://www.adobe.com/products/acrobat/readstep2.html Remove the older versions and install the latest. ------- Upgrading Java: Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME Upgrading Java : Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 . Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right. Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.") Second: One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Automatic Updates for Windows Click Start. Select Settings and then Control Panel. Select Automatic Updates. Click Automatic (recommended) Choose a day and a time when you know the computer will be on and connected to the Internet. Click Apply then OK. Third: Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month. Anti Spyware SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here. SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here. . Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup. Fourth: Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN): Instant Messengers Trillian or, Miranda-IM Lastly: To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. I will keep this log open for the next couple of days, so if you have any further problems post another reply here. OK, all the best, and stay safe!
  11. Step 1. CFSCript: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: Folder:: C:\33eb6f99a1baf6cb15d9d069 C:\eb1269ec251a9d539f3ecec0 C:\0f06eb576931c20a224f67e57d013a09 C:\7cec38b2894e9eec52f5f156bb Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Step 2. Scan with MBAM: Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Step 3. Scan with ESET Online Scanner: Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Step 4. Things I would like to see in your reply: The content of C:\ComboFix.txt from Step 1. The content of the report from MBAM from Step 2. The content of the report from ESET Online Scanner from Step 3. Information on how your computer is running after those steps.
  12. Hey there, SanderZ ! OK! Well done, your log is clean again! Time for some housekeeping. Step 1. Clean up: We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer. First: Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. Second: Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. Now delete any tools/logs that is left over after you ran OTC. Step 2. Prevention: OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections. First: Older versions of Adobe Acrobat Reader are vulnerable to attack. Please go to the link below to download an update. http://www.adobe.com/products/acrobat/readstep2.html Remove the older versions and install the latest. Second: One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Automatic Updates for Windows Click Start. Select Settings and then Control Panel. Select Automatic Updates. Click Automatic (recommended) Choose a day and a time when you know the computer will be on and connected to the Internet. Click Apply then OK. Third: Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month. Anti Spyware SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here. SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here. . Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup. Fourth: Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system. Personal Firewalls Comodo is a free fully functional firewall Online Armor (Free edition) personal firewall Fifth: On to personal Anti Virus programs. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. Anti Virus Programs avast! Free Edition an excellent free AV. Avira AntiVir PersonalEdition, yet another good free AV. Sixth: Nearly done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN): Instant Messengers Trillian or, Miranda-IM Lastly: To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. I will keep this log open for the next couple of days, so if you have any further problems post another reply here. OK, all the best, and stay safe!
  13. Has it detected anything?When it's done post the log and then continue with the steps in my previous post.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.