Jump to content

fatsheep

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

About fatsheep

  • Birthday 07/11/1981
  1. ¡Muchas gracias!! You helped me get rid of the trojan, and even fix a couple problems I created by trying to do it on my own instead of asking for help sooner! From now on, anytime I have this kind of trouble, I know exactly where to come. Donation will be coming through on the wire post haste!

  2. Ok, I ran AdwCleaner and deleted what it found. Here is the log from Security Check: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 31 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. Everything seems to be working fine. I did remove the 2 files found in the Malwarebytes scan. Here is the AdwCleaner Log: # AdwCleaner v2.109 - Logfile created 01/27/2013 at 08:53:54 # Updated 26/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : andrea - ANDREA-HP # Boot Mode : Normal # Running from : C:\Users\andrea\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-11016286-215750117-2961158577-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [1214 octets] - [27/01/2013 08:53:54] ########## EOF - C:\AdwCleaner[R1].txt - [1274 octets] ##########
  4. Ok, the full scan detected 2 malicious files: C:\TDSSKiller_Quarantine\26.01.2013_17.40.56\mbr0000\tdlfs0000\tsk0002.dta C:\TDSSKiller_Quarantine\26.01.2013_20.35.30\tdlfs0000\tsk0002.dta
  5. It was still scanning when you told me to reboot, so I'm running it again now.
  6. Ok, rebooted. No longer getting that error message when trying to open Explorer.
  7. Sorry about that, don't know why I missed it. Rebooting now.
  8. Unfortunately, I didn't catch that one. I was following another thread where the user was infected with the same virus, and mistakenly (I assume) followed the same instructions given in that instance. I didn't see any warnings on the ComboFix instruction other than to be sure all antivirus/spyware is disabled, and don't keep trying to run it. So... if the files were 'marked for deletion' by ComboFix, is there no way to go 'un-mark them for deletion'? Guess I may have gotten myself into a little predicament here. I've got the $$ if you've got the time...
  9. Yup, I had to change the parameters to find it. Deleted that file. Now, the McAfee software I have is picking up and quarantining the following files, and I'm not sure what it means: C:\TDSSKiller_Quarantine\26.01.2013_17.40.56\mbr0000\tdlfs0000 C:\TDSSKiller_Quarantine\26.01.2013_20.35.30\tdlfs0000 Also, since I ran ComboFix, a lot of my system files (explorer shortcut, etc) are giving me this error message: "C:\Program Files (x86)\Internet Explorer\iexplore.exe Illegal operation attempted on a registry key that has been marked for deletion." Then, when I close the window, another pops up and says, "Can't open this item - It might have been moved, renamed, or deleted. Do you want to remove this item?" I've been clicking 'No'. At this point, I am opening files and programs by using the 'New Task' option in Task Manager.
  10. Thanks for the quick reply, Mr. Charlie! Do I need to change parameters to detect TDLFS file system when I runTDSSKiller again?
  11. Hi, I've got a trojan agent posing as svchost.exe. I've been following some instructions from this thread, but I think I need a little bit more individualized help here, as I don't want to damage my OS. So far, I've downloaded and run aswMBR.exe, TDSSKiller.zip, and ComboFix, and have attached the resulting logs in .txt file format. I updated Malwarebytes Anti-Malware, and am currently running a full scan. I will post the log as soon as it finishes. Thanks in advance for any help!! fatsheep.logs.1.26.13.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.