Jump to content

Yourhighness

Experts
  • Posts

    156
  • Joined

  • Last visited

Reputation

0 Neutral

About Yourhighness

  • Birthday 07/19/1981

Contact Methods

  • Website URL
    http://www.mytidbits.de
  • ICQ
    0

Profile Information

  • Location
    Hamburg, Germany
  • Interests
    Too many things for too little time :p
  1. Then Need Corporate Licensing is "benötigen Sie Unternehmenslizenzierung?"
  2. Sorry, we like it complicated and have the "-" and other things to make it confusing . - edit- are you after "company license" or "company licensing"?
  3. Hello kapoor and welcome to Malwarebytes.org! My name is Johannes and I will be dealing with your log today. Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange. Please also take note of the following: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent DNA). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Step #1 Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version. Step #2 Download OTViewIt to your desktop. Close all windows and double click OTViewIt Place a tick in the Scan all Users box In the File Age drop down box select 90 days Click Run Scan and let the program run uninterrupted On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post. Thanks, YoHi
  4. thanks. just a silly thought of a silly german. no need to put it top priority. just something i would find dandy in the future . danke.
  5. Update issue resolved for me too it seems. Here I go and wonder why I kept getting a "connection error." Would it be possible to have the automatic update scheduler to either include 30 minute steps, or to have the ability to manually enter the time and may be use an up and down arrow thing next to the text box to change the time. I use automatic update, because I d forget to do so otherwise . Example given: , but for time. Is that a lot of extra coding?
  6. Hi Germish, sorry for this very late reply. Lots of things been happening over the long weekend. I see you solved your problems with some new software. Good to see that it worked out for you this way. Let me just give you a few things on the way to keep you away from malware in the future . Please navigate to: Start >> Run... and type Combofix /u and hit Enter. Thanks. Please also have a look at the following links, giving some advice and suggestions for preventing future infections: So How did I get infected?Microsoft - 'Security at home' Miekies' prevention suggestions I recommend you regularly visit the Windows Update Site! Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating. By updating your machine, you have one less headache! Update ALL Critical updates and any other Windows updates for services/programs that you use. If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates. Note that it will download them for you, but you still have to actually click install. If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com. It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements. Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps: Double-click the Downloaded installer and install the tool to a location of your choice Via the Startmenu, navigate to HostsMan and run the program.Click "Hosts" in the menu Click "Manage Updates" in the submenu Out of the three, select atl east one of them (I have MVPS Host as my main one) Click "Add Update." After that you will only need to click on the following button to retrieve updates: Click the X to exit the program. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us! Thanks and merry christmas. Johannes
  7. Hi Schwick, welcome to Malwarebytes.org! Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange. Please also take note of the following: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Step #2 Please download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Step #1 Please post back with log.txt and info.txt. Thanks .
  8. Hi Germish, no problem. Kindly check if you can locate the following logs: C:\MsnCleaner.txt C:\ComboFix.txt C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Not sure what you mean with "aray of various things." Johannes
  9. Hi Germish, Could you post the log it produced? Dont worry about the online scan for now. Lets do this: Download MsnCleaner.zip to your Desktop, but don't use it yet. http://www.forospyware.com/Msncleaner/MsnCleaner.zip (Copy/Paste the URL into the address bar or use "Save Target As") Extract the content of MsnCleaner.zip to your Desktop. Now reboot into Safe Mode Double-click MsnCleaner.exe to run it. Click the Analyze button. A report will be created once after you finish scan. If it finds an infection, click the Deleted button. Now, please reboot back to normal mode. Please post the contents of C:\MsnCleaner.txt in a reply to this post. Then do these steps: Update Malwarebytes Antimalware, run it and let it fix all it finds. Run ComboFix again. When it asks to update itself, let it do so. Now post back with the MsnCleaner.txt, the MBAM log, and the Combofix log. Thanks!
  10. hi germish, As of Java Runtime version 6 update 10, the updates are deleted on new installs. All Java versions prior to that need manual removal. Its only been updated to v6u11 recently. Thats ok, we just take a different one: Please do a scan with Kaspersky Online Scanner (You need to use InternetExplorer or enable IEView in Firefox) Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. the msn worms are getting spread more and more. Your friend's pc might be compromised and used for spreading the worm itself. One needs to be very careful what links to click these days . Dont worry too much regarding the p2peer software. Its a common source for infection and its usage with proprietary work is illegal and thus needs to be pointed out. Sorry for the delay. With normal weekend stuff and further edu on Saturdays, I am falling behind schedule at times. Not a good excuse, but still thought I d try to hide my failing in replying in an acceptable time frame. johannes
  11. Hi Ralph, Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Step #1 Open notepad and copy/paste the text in the codebox below into it: DirLook::C:\documents and settings\Ralph\Application Data\Uniblue File::C:\sqmnoopt16.sqmC:\sqmdata16.sqm Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouse click combofix's window whilst it's running. That may cause it to stall Step #2 You may update to Java update 11. Make sure you uninstal all previous versions though, as they are a source of infections. Step #3 Please go to Eset Onlinescan (NOD32) (You need to use InternetExplorer or enable IEView in Firefox) You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of UseNow click Start Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes Click Start (the Onlinescanner will now prepare itself for running on your pc) To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications" Press Scan The Onlinescan will now start and scan your pc (this could take a while) When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt The Scanresults will now open in Notepad Click into the text area, right-click and chose "select all" (or use ctrl+a) Right-click again and chose "copy" (or ctrl+c) Close Notepad [*]Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.) Step #4 Lets see those reports. As for your settings gone, I will need to check on something before we continue on that part. Thanks YoHi
  12. Hi HurrHurr, Step #1 Open notepad and copy/paste the text in the codebox below into it: http://www.malwarebytes.org/forums/index.php?showtopic=7918&pid=37727&st=0entry37727 Collect::c:\windows\SYSTEM32\dinizuha.dllc:\documents and settings\Jiquori Roberson\Application Data\ozibydi.sysc:\documents and settings\Jiquori Roberson\Application Data\ydud.datc:\program files\Common Files\laxifif._dlc:\program files\Common Files\imededa.infc:\documents and settings\Jiquori Roberson\Application Data\oreve.binc:\program files\Common Files\olagym.scrw c:\documents and settings\Jiquori Roberson\Application Data\nyhohaji.scrc:\documents and settings\All Users\Application Data\dufokymaju.pifc:\documents and settings\Jiquori Roberson\Application Data\iqyzadom.scrc:\program files\Common Files\fijosoqu.dllc:\program files\Common Files\ebepub.infc:\documents and settings\All Users\Application Data\bevewanuji.exec:\program files\Common Files\asetewemo.regc:\documents and settings\All Users\Application Data\pamexime.sysc:\documents and settings\All Users\Application Data\ximeguk.comc:\documents and settings\All Users\Application Data\doha.batc:\documents and settings\All Users\Application Data\hygefyrec.dllc:\documents and settings\Jiquori Roberson\Application Data\ceqejus.pifc:\documents and settings\All Users\Application Data\rojaz.dllc:\documents and settings\Jiquori Roberson\Application Data\hobyve.comc:\documents and settings\Jiquori Roberson\Application Data\usyse.binc:\documents and settings\Jiquori Roberson\Application Data\tovyfe.regc:\documents and settings\All Users\Application Data\volef.sysc:\program files\Common Files\tyqedete.pifc:\documents and settings\All Users\Application Data\tipitudod.regc:\program files\Common Files\qynilubo.dllc:\documents and settings\All Users\Application Data\izikadelo.sysc:\program files\Common Files\ucocakow.regc:\program files\Common Files\ihevav.dlc:\documents and settings\All Users\Application Data\amoged.scr DirLook::c:\program files\Dl_cats Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouse click combofix's window whilst it's running. That may cause it to stall Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip Please submit this file via the html page that should popup after running ComboFix. Please include a link to this topic in the message. Step #2 Please navigate to McAfee. Then kindly follow all listed steps. Make sure you save a log file. You can do this by clicking: the File menu and select Save report to file Make sure you name it in a manner that is easy for you to remember. Then save it to a place that will also be easy for you to remember (ie. desktop). Then select the complete contents of that file and post it in your next reply, along with any other logs that may have been requested to be posted. Thanks! Step #3 Please go to Eset Onlinescan (NOD32) (You need to use InternetExplorer or enable IEView in Firefox) You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of UseNow click Start Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes Click Start (the Onlinescanner will now prepare itself for running on your pc) To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications" Press Scan The Onlinescan will now start and scan your pc (this could take a while) When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt The Scanresults will now open in Notepad Click into the text area, right-click and chose "select all" (or use ctrl+a) Right-click again and chose "copy" (or ctrl+c) Close Notepad [*]Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.) Step #4 Please post back with the combofix, stinger and nod32 onlinescanner log. Thanks!
  13. hi there, yes please do install that update. it includes some security patches. that some of the HJT entries were missing, is ok. i am a bit in a hurry and unfortunately was not able to reply to you last night. please have the following scan also being carried out: Download and Save Blacklight to your desktop: Double-click blbeta.exe then accept the agreement, click > scan then > nextYou'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers). Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe" i will reply then with more information tonight. thanks. yohi
  14. hi HurrHurr, Your Panda scan suggests that you have had / have a serious infection aboard! Bagle Step #1 Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version. Step #2 Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player. Step #3 Your logs show that you have (a) online poker programme(s) installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps: Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it. If you are unsure of anything, please dont hesitate to ask. Step #4 Run HijackThis, press Scan, and put a check mark next to all these entries: O2 - BHO: (no name) - {8982ea39-f685-4832-832d-740a2ded7f4a} - C:\WINDOWS\system32\godadoju.dll (file missing) O4 - HKUS\S-1-5-19\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [dupunizome] Rundll32.exe "C:\WINDOWS\system32\gayuhiyu.dll",s (User 'NETWORK SERVICE') O20 - AppInit_DLLs: karina.dat c:\windows\system32\yinonude.dll Close all other windows and browsers, and press the Fix Checked button. Step #5 Please download ComboFix from one of these locations: ComboFixForoSpyware GeeksToGo * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks!
  15. Hi there, Step #1 Run HijackThis, press Scan, and put a check mark next to all these entries: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKUS\S-1-5-19\..\Run: [vasateneso] Rundll32.exe "C:\WINDOWS\system32\larifise.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [vasateneso] Rundll32.exe "C:\WINDOWS\system32\larifise.dll",s (User 'NETWORK SERVICE') O20 - AppInit_DLLs: c:\windows\system32\dalotuhu.dll c:\windows\system32\modopodu.dll Close all other windows and browsers, and press the Fix Checked button. Step #2 Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version. Step #3 Please download ComboFix from one of these locations: ComboFixForoSpyware GeeksToGo * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.