Jump to content

ShadowPuterDude

Honorary Members
  • Posts

    82
  • Joined

  • Last visited

Reputation

0 Neutral

About ShadowPuterDude

  • Birthday 12/04/1960

Profile Information

  • Location
    Northern, NY

Recent Profile Visitors

9,267 profile views
  1. Saddened by the news of Matt's passing. Matt you will be missed.
  2. Thanks I must really log in more often.
  3. As Bruce has pointed out A2AM and MBAM are not the same class of applications. Now as far as they dint get it. I know from personal experience that the EMSI Software developers do get it, at least the ones I have spoken with at one point or another. Any speculation, by anyone, about what happened or did not happen between the person recently terminated by EMSI and EMSI management is just that speculation. The job of a security application can be broken down to 3 things: 1. Prevention (A2AM excels at this) 2. Detection (A2AM has problems with False Positives, as do many other AV/AS/AM applications. Most notably McAfee, a few weeks back a McAffee update was responsible for rendering inoperable quite a few windows servers, some of them were mission critical servers, all over the globe. The McAfee update incorrectly identified several critical Windows system files as malicious and deleted them. In A2AM's defense the false positives are quickly corrected, once EMSI has been notified of the FP.) 3. Mitigation (A2AM fails to remove some of the nastier infections, as do most of the other AV/AS/AM applications, that's if they even detect the infection in the first place. However, A2AM informs the user when it fails to remove a particular infection and refers them to the a-squared support forums, for assistance in removing the malware.) DISCLAIMER: Other than being an ESMI Software affiliate, and the head of their Malware Removal forum; I have absolutely no financially ties to EMSI Software, and I am not employed by EMSI Software. As Marcin posted earlier in this thread, he had spoken with Christian and that Christian had properly dealt with the situation. If Marcin is satisfied with how this was handled by EMSI Software, then who are we to demand anything differently.
  4. The individual responsible for those postings is no longer an employee of EMSI Software. His employment was terminated upon learning of the postings. I can't make any further comments, as I have no direct knowledge of what transpired. http://forum.emsisoft.com/Default.aspx?g=posts&t=5771
  5. I'm a little late in seeing this. Thanks everybody. My daughter showed up at the Fire Department meeting that night with cake and ice cream.
  6. It appears that the Visual Basic Scripting Engine is broken on this system. You were able to successfully run ComboFix, twice, which relies on vbs for several of it's functions. You haven't been able to run anything that calls VB since. I've had you register the VB runtimes, rebuild and then reinstall WMI/WBEM to no effect. I believe it is time for a repair install of the operating system.
  7. Took me a little while to figure out what the error "(null): 0x80041003" means. That error code is "WMI: access denied". This indicates that your user account does not have the Remote Enable WMI security permission. Since all members of the local administrators group have this automatically, your account is somehow not being recognized as a member of the local administrators group. 1. From the main Windows Desktop, click on START >> SETTINGS >> CONTROL PANEL 2. Choose ADMINISTRATIVE TOOLS . 3. From the Administrative Tools dialogue, select COMPUTER MANAGEMENT 4. Click on the
  8. Copy the contents of the below code box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*). REGEDIT4 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"ShowDeskFix"=-"IE7-10"=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]"ShowDeskFix"=-"IE7-10"=-Close Notepad. Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry. Delete: C:\Documents and Settings\All Users\Application Data\{DB67A7C2-632D-4A8E-8BB3-5B4814B91B48} Reboot Move DSS to your Desktop, that is where it is supposed to be. Attach fresh logs for: DSS ISeeYouXP
  9. Looks like Malware is most likely the culprit here. Most of the tools we normally use rely of VB script and WMI to do some of the needed tasks. Going to have you use a different tool to take a look at the system. Download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  10. Download VB6 SSubTmr Binary.zip (11K) to our Desktop. Unzip SSubTmr6.dll to C:\WINDOWS\System32 Download VB6 ImageList Control Binary.zip (32K) to our Desktop. Unzip vbalIml6.ocx to C:\WINDOWS\System32 Download VB6 SGrid 2 Binary.zip (173K) to our Desktop. Unzip vbalSGrid6.ocx to C:\WINDOWS\System32 Do the following: Start -> Run type: cmd.exe click 'OK' The command console will open. Enter the following commands at the command prompt pressing the enter key after every command: regsvr32 SSubTmr6.dll regsvr32 vbalIml6.ocx regsvr32 vbalSGrid6.ocx exit The Command Console will close. Download Dial-a-Fix to our Desktop. Unzip Dial-a-fix-v0.60.0.24.zip to your Desktop Open the Dial-a-fix-v0.60.0.24 folder Double-click Dial-a-fix.exe Click-on the Tools button, looks like a hammer. Scroll down and select 'Reset WMI/WBEM' Click 'GO' Exit Dial-a-fix Run ISeeYouXP If you are still getting errors run Dial-a-fix again.Click-on the Tools button, looks like a hammer. Scroll down and select 'Reinstall WMI/WBEM' Click 'GO' NOTE: You may be prompted for your installation media. Exit Dial-a-fix Run ISeeYouXP
  11. Do the following: Start -> Run type: cmd.exe click 'OK' The command console will open. Enter the following commands at the command prompt pressing the enter key after every command: regsvr32 vbalgrid.ocx regsvr32 vbscript.dll exit The Command Console will close. If there are any error messages I need to know that and what they are. If the dll and activex control registered properly, run ISeeYouXP again. If ISeeYouXP ran successfully attach that log.
  12. Download and install Windows Script 5.7 for Windows XP; and then run ISeeYouXP again. See if that makes a difference.
  13. That log has been edited to remove information that is vital to properly diagnosing the system. Run ISeeYouXP and attach the log here, unedited. If the log is too large then zip the log and attach it. Do NOT upload the log to any third-party services.
  14. Why do you insist on editing your logs? Your Runscanner log is missing the following information: 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) 005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup) Your previous HijackThis logs have been edited as well, to remove the Startup information. What are you hiding? By not providing complete information the individual helping you can not make an accurate assessment and provide a proper solution. Because, they do not have all the information. Start Runscanner and select Beginner Mode. Click 'OK' Click 'Start full scan' When prompted save the binary .run file to your Desktop as drgill_co.run. When prompted save the runscanner scan log to your Desktop as drgill_co.log. Now attach both files in your next reply. DO NOT edit your runscanner log.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.