inzanity

Experts
  • Content count

    176
  • Joined

  • Last visited

About inzanity

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Philippines
  1. Still hoping for another round of giveaways for this lol
  2. Are you using firefox? If so, you can try running it with add - ons disabled through Help -> Restart with Add-ons Disabled... then try logging on to your account again. Same thing happens to me in firefox with HTTPS-Everywhere enabled.
  3. Hi, Try the steps provided in the first post here: http://forums.malwar...?showtopic=7038
  4. Hi, My Avast (Free) just detected c:\windows\system32\drivers\mbamswissarmy.sys as rootkit and the default action for this is delete. We may be having someone have Avast inadvertently delete this file. Edit: Haven't had this detection prior to the update. Thanks.
  5. Hi Dixie, It would be better if we continue cleaning up computer when you have the time. For now, I'll have this thread closed. Thank you.
  6. Hi, Before we proceed, I would just like to confirm if you are seeing something like this: And unable to boot your computer?
  7. Hi RaymondB, Please read here: http://forums.malwarebytes.org/index.php?showtopic=9573 Then start your own thread. One of the malware fighters will help you with your computer issues. Thanks.
  8. Hi, It's been several days. Do you still need help on this? This thread will be closed if you don't respond within 48 hours.
  9. Hi, Newer variants tends to be more powerful than their predecessors. Do you need help in cleaning them from your computer?
  10. Hi, That infection is quite old, and yes, we've seen those infections before. Do you need help in cleaning it out from your computer? If so, please note the following: I will be helping you remove malware on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine. Do not install/uninstall anything on your computer unless advised. Do not run any other scanning tools other than those instructed for you to use. Follow the instructions on the order they are given. Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer. If you are being helped regarding this problem on another forum please advice us so that we can close this thread. If you do not reply within 3 days after my last response, I will be asking you whether you still need assistance and if you still don't reply within 48 hours then the topic will be closed. And lastly, if you have any questions, please ask before proceeding with any of the advised fixes. _________________________________________________ If you are using Vista/Win 7, you will need to right click and choose "Run as Administrator" to run the tools we will use. Do the following please: Please download DDS by sUBs from one of the following links and save it to your desktop. DDS.scr DDS.pif [*]Disable any script blocking protection (How to Disable your Security Programs) [*]Double click DDS icon to run the tool (may take up to 3 minutes to run) [*]When done, DDS.txt will open. [*]After a few moments, attach.txt will open in a second window. [*]Save both reports to your desktop. --------------------------------------------------- Post the contents of the DDS.txt report in your next reply Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. --------------------------------------------------- Please include the contents of the following in your next reply: DDS.txt Please attach the second file; Attach.txt. To attach a file, do the following: Under the reply panel is the Attachments Panel. Browse for the attachment file you want to upload, then click the green Upload button. Once it has uploaded, click the Manage Current Attachments drop down box. Click on to insert the attachment into your post Please post both DDS logs in your next reply. --Next-- Download the GMER Rootkit Scanner. Unzip it to your Desktop. Click the image to enlarge it Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double click GMER.exe. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan.. In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Click the image to enlarge it [*] Then click the Scan button & wait for it to finish. [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" [*]Save the log where you can easily find it, such as your desktop. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Please copy and paste the report into your Post. To post in your next reply: 1. DDS logs. 2. GMER log.
  11. Thank you so much. Keep safe.
  12. Hi, I don't use Roxio and I don't find a way on how to disable it aside from just uninstalling it. Perhaps posting regarding this in PC Help sub-forum would provide more answers. Let's do a little clean up before you go. Delete the following: DDS GMER Systemlook MBRCheck All the logs we've created. You can keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan. --Next-- The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall --Next-- Open CA and remove every exception rules you applied to Combofix as there are infections out there that masks as CF and it is highly inadvisable to run Combofix without proper supervision. --Next-- To keep your operating system up to date visit Secunia Software inspector to check your program update status. Microsoft Windows Update . Here are some tips to reduce the potential for spyware infection in the future: 1. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. 2. Make your Internet Explorer More Secure From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab. Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt. Change the Download unsigned ActiveX controls to Disable. Change the Initialise and script ActiveX controls not marked as safe to Disable. Change the Installation of desktop items to Prompt. Change the Launching programs and files in an IFRAME to Prompt. Change the Navigate sub-frames across different domains to Prompt. When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. [*]Next press the Apply button and then the OK to exit the Internet Properties page. 3. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open. 5. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 6. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. 7. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs. 8. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website. 9. Some excellent free firewalls. Note: Use only one firewall at a time. Agnitum Outpost Firewall Online Armor Personal Firewall 10. And finally, please read these excellent articles: Limited User Accounts Malware: Help prevent the Infection by Sandi Hardmeier Preventing Malware - Tools and Practices for Safe Computing We will keep this thread open for a couple of days. Please post back if you have any problems or questions or when you have finished so this thread can be marked as "Resolved". Good luck, happy computing and stay clean!
  13. Hi, It seems that those are located in your registry that hasn't been shown in the previous logs. You may empty your quarantined files if you wish. Yes, install chrome and see how it goes. If everything is good then let's do some clean up.
  14. Hi, Am not seeing any malware on your log but what your CA quarantined is a rogue AV. Can you post the last scan log you did? Open View On-demand scanner log then press Ctrl+C at the same time to copy the log then post it here. Thanks.
  15. Hi, One of those infections found by Kaspersky is already quarantined, hence, it no longer posses a threat and the other one is in your system restore. We will be clearing both when we're through checking for other infections. Roxio's system rollback data has been infected and so is your AIM's address book. We'll both be removing them. You are no longer using Norton? Do the following to clean up those services left by Norton: Please download the Norton_Removal_Tool from HERE Save it to your desktop Double-click Norton_Removal_Tool.exe and the removal tool will start automatically. Note: Windows Vista users must right-click and select Run as Administrator. Once the removal tool is finished, you will be prompted to restart your computer. If you choose to restart later, your McAfee product will not be fully removed until you do. Wait for the computer to restart. --Next-- Please do the following: -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs -------------------------------------------------------------------- 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.