IndiGenus

Experts
  • Content count

    358
  • Joined

  • Last visited

About IndiGenus

  • Rank
    True Member

Contact Methods

  • Website URL
    http://www.malware-analysis.net
  • ICQ
    0

Profile Information

  • Location
    New England, USA
  1. Ahh good point, you're probably right on that. Good enough. In addition to updating and using what you currently have you may want to consider the following: Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide better security than the Windows Firewall. Online-Armor Outpost Firewall For a tutorial on Firewalls and a listing of some other available ones see the link below: Understanding and Using Firewalls Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Install Winpatrol - Use Winpatrol to take control of your PC and provide another layer of security. Help file and tutorial can be found Here Block unwanted parasites with a custom hosts file - http://www.mvps.org/winhelp2002/hosts.htm Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released. Keep your applications up to date - Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack. I'll leave the thread open a few days in case you have questions or issues. Regards, Dave
  2. nslookup should be in your C:\Windows\system32 folder. You can check to see if it's in there.
  3. You may need to re-install the program if it was damaged. You could also use the opportunity to switch to one of the other free "A's", Avira or Avast, both which I think are better than AVG. You can see the rest of the updates you need in red. Here are some instructions on Java if you need. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says JDK 6 Update 21 ( JDK or JRE). Click the "Download JRE" button to the right. Select your Operating System. For you simply select Windows. Check the box that says: "Accept License Agreement". Click the Continue button. Click on the link to download Windows Offline Installation and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Did you knowingly delete that file?
  4. Interesting? Can't find much on it. It's listed as an Adobe Plugin in your DDS log earlier, but I don't think so... FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D} I would suggest you go ahead and delete that CLSID. Worst case is you'll have to re-install Adobe Flash for Firefox, but I doubt it. Uninstall Combofix Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. LOL on the batch file. So you were an aspiring script kiddie at one point in your life? Too funny... Figured as much on the .rar file.
  6. Kaspersky does, yes. Just by the nature of mIRC and VNC, which is another false positive, and what they do can make them appear malicious. As long as you know about them then your okay. I'm curious about another file that was found. Can you upload it to virustotal as you did earlier and post the results. D:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul Any idea what these are? D:\Documents and Settings\Doog\My Documents\AIM Downloads\old\Dalak.bat D:\Documents and Settings\Doog\My Documents\Downloads\281546_12.rar There's also some infections in your Java cache. See the link on how to remove them. http://support.f-secure.com/enu/home/virus...javacache.shtml
  7. Other than DDS not running this last time how is the computer running? Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  8. Doesn't look like combofix was run from the desktop: d:\documents and settings\Doog\Taskbar Menu\collage\ComboFix.exe Please drag it from that location to the desktop and do the following: 1. Open Notepad 2. Now copy/paste the entire content of the codebox below into the Notepad window: File:: d:\windows\system32\stjxvn.dll 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new DDS log. Just DDS.txt. .
  9. Just so I know, did you have to run winsockfix, or did simply rebooting fix the internet issue? Looks like the file is bad. My concern is that it is in your LSP stack and simply removing it will break your internet again. Let's take a look with HijackThis. Download, run, and post a HijackThis log from the link below. http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.
  10. Have you tried rebooting? Is this with both IE and Firefox? If rebooting doesn't solve we can try this: WinsockFix to restore internet connectivity. http://www.spychecker.com/program/winsockxpfix.html The Winsockfix Utility will:
  11. Please go to http://www.virustotal.com/en/indexf.html click on Browse, and upload the following file for analysis: d:\windows\system32\stjxvn.dll Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.
  12. If you are pretty confident that it's been disabled then proceed with combofix. If you have problems I may advise that you temporarily remove AVG.
  13. Hi Frank and welcome to the forums. My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. The logs that we ask for can sometimes take a while to research so please be patient and I'd be grateful if you would note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Malware and the removal process can pose a risk of data loss. Also, with some infections we may advise you to reformat and re-install Windows. I recommend you make a backup of any data that you have created, such as documents, pictures, music, etc... before we begin the fix if possible. ++++++++++++++ Please run this tool in Normal Mode if possible. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
  14. Hello mbozzo and welcome to the forums here at MalwareBytes. Please follow the instructions at this link. Then post the logs from MBAM, DDS, and GMER back to this link. Do not start a new topic.
  15. It likely stopped it from dropping the payload. A good thing. What is the name of the file? And exact location? You could upload it to virus total or one of the online scanners to get "other opinions" if it is found again.