Jump to content

Infected and need help


Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

ESET SCAN

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ec42029aa0b30e458a358a37e0899303

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-15 04:31:31

# local_time=2012-02-14 08:31:31 (-0800, Pacific Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=180031

# found=0

# cleaned=0

# scan_time=4012

Link to post
Share on other sites

I just noticed in this post:

http://forums.malwar...ndpost&p=525092

That..........

18:30:38.812 Disk 0 Windows 501 MBR fixed successfully

Did you hit the Fix MBR button??

----------------------------------------------

The log from the ESET SCAN is clean.

--------------------------------------------------

I want you to run Chkdsk on the drive to check for any errors, here's how to do that:

Open "My Computer" and right-click on the icon for the drive that is to be checked.

In the context menu that opens, choose "Properties".

Click the "Tools" tab at the top of the Properties window.

In the "Error-checking" section, click the button "Check now".

A box showing the options for running Chkdsk is then available as shown in the figure below.

chkdskgui1.gif

Make sure the option "Automatically fix file system errors" and "Scan and attempt recovery of bad sectors" is checked.

Let me know, MrC

Link to post
Share on other sites

Scan came back clean.

But I found something that suspicious.

From the START menu under my programs, there is a SYTEM RESTORE folder, if I do properties on the two files within, I get

"C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe"

yet the folder is really at

C:\Documents and Settings\me\Start Menu\Programs

I ran scans from MB and Avast and both showed no threats, what is suspicious to me is that the date on the files is the date when I got the system restore virus, i would think that system restore would have saved points since.

please advise

Link to post
Share on other sites

All my folders are set to show hidden files.

I think these are just left over shortcuts from the sytem restore virus, I checked the folder where the files are supposed to be but there is nothing.

Question:

If the threat is still there somehow, if from the properties box I ask to find the traget, would it activate anything.

Should I just delete the folder that contains the shortcuts?

is it normal to have a system restore folder under startup s this one is?

Link to post
Share on other sites

It's probably a .ink file.

We'll deal with it later.

Don't worry about "Google" or anyone else following the post.

-------------------------

Attached is a renamed ComboFix file that I zipped up.

So download and unzip it to your desktop

Please let me know when you have downloaded it, because I don't want to leave that attachment public!

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (or Press the Windows logo key + R to bring up the "run box")

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

If it won't run, just double click on sega.com and see if it runs.

MrC

Link to post
Share on other sites

Hi Chalie,

I got a big mess going here.

1- the sega.com expanded to my desktop as sega.com.exe

2- I renamed it sega.com after it was on desktop, and ran it, I disabled MB and Avast, and ran CF (aka sega.com) I got warning about avast still being active... Did not know wheteher to tswitch off or unistall avast.

3- I clicked ok and CF ran, I tried to uninstall by could not find file, I reinstalled CF as CF and then I was able to uninstall.

4- I ran svereal scans that came back negative, from avast and MB.

5- I checked disc which showed no errors.

6- The comp was running OK, but I had not updated for a while so I ran Windows Update and downloaded and installed 27 updates.

7 after restart, I noticed the recycle bin showed full, I opened and nothing was in there, I tried to empty trash and it asked if I wanted to delete WINDOWS, I opened and made verything visible including system files, nothins shows.

8- I restarted twice and did disc checks which showed no problems.

9 tried to empty RB again this time it asked if I wanted to delete the files inside, but did not specify what.

10- did nothing, waiting for you advise.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.