Jump to content

maheshgiri

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    bangalore
  1. i rebooted the mobile in safe mode and disabled netalpha App then used stubborn trojan killer app which asked to on the WIFI or internet than the malware got activated and the got caught and deleted. as per my knowledge (i dont know what was the process) but the virus got deleted. so no infection detected till now, i also on the "app permission" under Settings
  2. i installed stubborn trojan killer app and it cleaned the malwares and now the malware bytes are also not detecting these virus, i will keep you updated.
  3. hi all. my old MobiLe had bugged me a lot. I bought a new smartphone. but now I factory reset It and all the installed apps were gone but than i installed malwarebytes and scanned and found some malware still running. when I select to delete them. It was it possible! . *** uninstall u successful *** please help me. and you know what was happening before I reset this mobile. Each and every second some pop up or alert would come up and I couldn't do a thing other than switch it off. Later I I saw malware blocking net alpha virus or bug. I went to SAFE MODE and disabled & force stopped it. and after reseting mobile I reinstalled malwarebytes and scanned but now I can't remove the bugs as I said before. so please help me remove them.
  4. about the gsyzq.exe with the instructions you have said, i can see the gsyzq.exe folder now. when i try to delete it it says it is being used by another person or program any advice to proceed further
  5. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5468 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/6/2011 1:32:04 PM mbam-log-2011-01-06 (13-32-04).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|) Objects scanned: 205628 Time elapsed: 32 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: d:\english movie\nero 7.10.1.0 by m3zkal\nero 7.10.1.0 keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. g:\^^_software_files_^^\bittornt active {danger}\zone alarm pro 7.0.483 incl keygen\Keygen\zonelabs products keygen v2.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully. g:\^^_software_files_^^\bittornt active {danger}\zonealarm 8.0.2 plus keygen\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
  6. i followed every procedure, but in clearing java plug-in cache, i didn't find "java Plug-in" in control panel other then java icon (i have gone through java cache cleaning) i was using Malwarebytes & it was not showing any virus before. but after when i removed and reinstalled it again, now it has shown 1 virus & i have removed it. but that website is popping from nowhere i have started to use Google Chrome and it have started to pop in that also. that website will pop up by changing the last words of the website like LINKS removed and so on ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5468 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/6/2011 11:35:42 AM mbam-log-2011-01-06 (11-35-42).txt Scan type: Quick scan Objects scanned: 130267 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. hi, excuse me i couldn't find any way to find or to delete the mentioned file. c:\documents and settings\administrator\gsyzq.exe in my administrator folder that doesn't show up. plz tell me a method to find it & delete this file. i have attached a snap shot of what appears.
  8. DDS (Ver_10-12-12.02) - NTFSx86 Run by Administrator at 9:58:46.98 on Mon 01/03/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.471 [GMT 5.5:30] AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\runservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\WordWeb\wweb32.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com uSearch Page = ${URL_SEARCHPAGE} mDefault_Page_URL = hxxp://www.yahoo.com mSearch Page = ${URL_SEARCHPAGE} mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 mWinlogon: Taskman=c:\documents and settings\administrator\gsyzq.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: {3CA3DBC5-54CB-4361-9F5E-EB59F7B2AD9D} = 218.248.255.141,218.248.255.139 Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0cuetjsl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng) FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/webhp FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-9-15 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-9-15 188168] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-9-15 99280] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-15 312912] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-15 165456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-15 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384] R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-8-3 2560] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-6-30 20480] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-7-20 16640] S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-9-15 119200] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-15 40384] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-9-10 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-9-10 30104] =============== Created Last 30 ================ 2011-01-02 04:28:40 -------- d-----w- c:\docume~1\admini~1\applic~1\PriceGong 2010-12-31 13:31:12 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Conduit 2010-12-31 07:37:39 204288 --sh--r- c:\documents and settings\administrator\gsyzq.exe 2010-12-21 10:57:59 -------- d-----w- c:\docume~1\admini~1\applic~1\Transcend 2010-12-21 06:57:07 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2010-12-21 06:57:07 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2010-12-21 06:57:07 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2010-12-21 06:57:07 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2010-12-21 06:57:07 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2010-12-21 06:57:04 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2010-12-21 06:57:03 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2010-12-17 02:44:55 1409 ----a-w- c:\windows\QTFont.for 2010-12-16 19:52:43 -------- d-----w- c:\windows\system32\QuickTime 2010-12-12 06:21:12 -------- d-----w- C:\1 2010-12-10 02:00:34 -------- d-----w- c:\windows\cache-cache 2010-12-08 16:09:44 148776 ----a-w- c:\windows\system32\ImageDrive.cpl ==================== Find3M ==================== 2011-01-03 04:00:39 865 --sha-w- c:\windows\system32\mmf.sys 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 9:59:31.12 =============== Attach.rar
  9. hi i have not attacched any scan results, and i don't know which to copy and paste (i didn't get you) however i downloaded ATF cleaner and run it for Main and Firefox, The PC will NOT slower to boot the first time or two, BUT the screen sort of snaps at the very beginning of the Boot. and when i tried to open firefox the popping website reappeared again, AND i got new problems now, Gmail is not opening in it's standard mode, it only opens in HTML mode, even youtube page shows open in basic html page (i have a high speed internet, but Google chrome is working properly) , this problem appeared immediately after i ran ATF cleaner, i don't know what went wrong after ATF cleaner ran i did not proceed to DDS.scr or DDS.pif what shall i do. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.