Jump to content

IndiGenus

Honorary Members
  • Posts

    358
  • Joined

  • Last visited

Everything posted by IndiGenus

  1. Ahh good point, you're probably right on that. Good enough. In addition to updating and using what you currently have you may want to consider the following: Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide better security than the Windows Firewall. Online-Armor Outpost Firewall For a tutorial on Firewalls and a listing of some other available ones see the link below: Understanding and Using Firewalls Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Install Winpatrol - Use Winpatrol to take control of your PC and provide another layer of security. Help file and tutorial can be found Here Block unwanted parasites with a custom hosts file - http://www.mvps.org/winhelp2002/hosts.htm Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released. Keep your applications up to date - Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack. I'll leave the thread open a few days in case you have questions or issues. Regards, Dave
  2. nslookup should be in your C:\Windows\system32 folder. You can check to see if it's in there.
  3. You may need to re-install the program if it was damaged. You could also use the opportunity to switch to one of the other free "A's", Avira or Avast, both which I think are better than AVG. You can see the rest of the updates you need in red. Here are some instructions on Java if you need. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says JDK 6 Update 21 ( JDK or JRE). Click the "Download JRE" button to the right. Select your Operating System. For you simply select Windows. Check the box that says: "Accept License Agreement". Click the Continue button. Click on the link to download Windows Offline Installation and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Did you knowingly delete that file?
  4. Interesting? Can't find much on it. It's listed as an Adobe Plugin in your DDS log earlier, but I don't think so... FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - d:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D} I would suggest you go ahead and delete that CLSID. Worst case is you'll have to re-install Adobe Flash for Firefox, but I doubt it. Uninstall Combofix Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. LOL on the batch file. So you were an aspiring script kiddie at one point in your life? Too funny... Figured as much on the .rar file.
  6. Kaspersky does, yes. Just by the nature of mIRC and VNC, which is another false positive, and what they do can make them appear malicious. As long as you know about them then your okay. I'm curious about another file that was found. Can you upload it to virustotal as you did earlier and post the results. D:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul Any idea what these are? D:\Documents and Settings\Doog\My Documents\AIM Downloads\old\Dalak.bat D:\Documents and Settings\Doog\My Documents\Downloads\281546_12.rar There's also some infections in your Java cache. See the link on how to remove them. http://support.f-secure.com/enu/home/virus...javacache.shtml
  7. Other than DDS not running this last time how is the computer running? Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  8. Doesn't look like combofix was run from the desktop: d:\documents and settings\Doog\Taskbar Menu\collage\ComboFix.exe Please drag it from that location to the desktop and do the following: 1. Open Notepad 2. Now copy/paste the entire content of the codebox below into the Notepad window: File:: d:\windows\system32\stjxvn.dll 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new DDS log. Just DDS.txt. .
  9. Just so I know, did you have to run winsockfix, or did simply rebooting fix the internet issue? Looks like the file is bad. My concern is that it is in your LSP stack and simply removing it will break your internet again. Let's take a look with HijackThis. Download, run, and post a HijackThis log from the link below. http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.
  10. Have you tried rebooting? Is this with both IE and Firefox? If rebooting doesn't solve we can try this: WinsockFix to restore internet connectivity. http://www.spychecker.com/program/winsockxpfix.html The Winsockfix Utility will:
  11. Please go to http://www.virustotal.com/en/indexf.html click on Browse, and upload the following file for analysis: d:\windows\system32\stjxvn.dll Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.
  12. If you are pretty confident that it's been disabled then proceed with combofix. If you have problems I may advise that you temporarily remove AVG.
  13. Hi Frank and welcome to the forums. My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. The logs that we ask for can sometimes take a while to research so please be patient and I'd be grateful if you would note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Malware and the removal process can pose a risk of data loss. Also, with some infections we may advise you to reformat and re-install Windows. I recommend you make a backup of any data that you have created, such as documents, pictures, music, etc... before we begin the fix if possible. ++++++++++++++ Please run this tool in Normal Mode if possible. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
  14. Hello mbozzo and welcome to the forums here at MalwareBytes. Please follow the instructions at this link. Then post the logs from MBAM, DDS, and GMER back to this link. Do not start a new topic.
  15. It likely stopped it from dropping the payload. A good thing. What is the name of the file? And exact location? You could upload it to virus total or one of the online scanners to get "other opinions" if it is found again.
  16. Hello boomerfreak1 and welcome to the forums here at MalwareBytes. The problem you have is a clear sign of infection, and probably rootkit related. Please follow the instructions at this link. Then post the logs from MBAM, DDS, and GMER back to this link. Do not start a new topic. NOTE: If MBAM is coming back clean you can skip that step.
  17. Hello sup and welcome to the forums here at MalwareBytes. Not sure if false positive or not. Please follow the instructions at this link. Then post the logs from MBAM, DDS, and GMER back to this link. Do not start a new topic. You said you've already run MBAM and it comes back clean, so you can skip that step.
  18. Great, glad that sorted it out. Would also be a good idea to run a virus scan. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  19. Hello dklfjlfklkdklfjadlfs and welcome to the forums here at MalwareBytes. What seems to be the problem? You need to have MalwareBytes fix those items that it's finding. If you're still having trouble, Please follow the instructions at this link. Then post the logs from MBAM, DDS, and GMER back to this link. Do not start a new topic.
  20. Hello William and welcome to the forums here at MalwareBytes. First, let's fix your file association issue. Backup Your Registry with ERUNT * Please use the following link and scroll down to ERUNT and download it. http://aumha.org/freeware/freeware.php * For version with the Installer: Use the setup program to install ERUNT on your computer * For the zipped version: Unzip all the files into a folder of your choice. Click Erunt.exe to backup your registry to the folder of your choice. Note: to restore your registry, go to the folder and start ERDNT.exe ******************************* Download DougKnox's .exe file association fix. Unzip the folder onto the desktop. Run the .reg file by double clicking and confirm okay when it asks to merge into registry. Now reboot and try running .exe files again. Also let me know how it's running overall.
  21. Now that you are clean please take some time to read through TonyKlein's So how did I get infected in the first place?
  22. I can't edit your post, bu don't worry about the font size, no big deal. Didn't need to put my glasses on to read it anyway... Did you have a chance to run the security check I had asked for in my last post? Please post that. Uninstall Combofix Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore.
  23. Great, glad it seems to be okay. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. ************************ Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  24. How is it running now? I see you've installed MalwareBytes. Have you had a chance to update and run it? If so please post the log and if not then do so.
  25. Okay thank you. First off, we don't recommend running combofix without the guidance of an expert as misuse can cause serious system damage. With that said, let's use combofix to try and clear this up. You first need to move combofix to the desktop as right now it's in your downloads folder: c:\documents and settings\Dell\My Documents\Downloads\ComboFix.exe You can simply copy and paste, or drag it from there to the desktop. Next, 1. Open Notepad 2. Now copy/paste the entire content of the codebox below into the Notepad window: Rootkit:: c:\windows\system32\bacc.sys Driver:: bacc 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new DDS log. Just DDS.txt. . NOTE: Unless they are unusually large there's no need to attach the logs.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.