Jump to content

fathippo

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks Steven, no problem, appreciate your response!
  2. Hi, this is a popular children's toy website. I'm trying to access the site which I've been to many times without problem but ever since installing malwarebytes I can no longer access it. I couldn't imagine them hosting malware. I believe this is a false positive but you never know I guess. Please unblock if no threats found. Thanks! 89.202.118.143 http://www.playmobil.com
  3. Hi, just wondering if anyone else has experienced this. Whenever I go to the main download page for mediafire and click on the link to download something malwarebytes pops up saying that it blocked a potentially dangerous IP from accessing my computer. Does this mean the virus is coming through mediafire or does it mean there's a trojan hiding on my machine that tries to launch whenever I access the mediafire page? I've run Malwarebytes and it says my system is clean. I couldn't find anything on the web about it. I figured if it was happening to me then it must be happening to others. Thanks in advance.
  4. Please close this topic. Help no longer needed. Tnx.
  5. Had a virus called Skynet, I ran Malwarebytes, don't know if it was removed but now every time I launch an app or file on my cpu I get a message that pops up saying "The application or DLL globalroot\systemroot\system32\SKYNET\pwbhbnn.dll is not a valid WIndows image. PLease check against your installation diskette." It won't stop popping up. Below is my HijackThis log and Malwarebytes scan log. Any help appreciated, thanks! Malwarebytes' Anti-Malware 1.38 Database version: 2330 Windows 5.1.2600 Service Pack 3 6/24/2009 7:43:03 PM mbam-log-2009-06-24 (19-43-03).txt Scan type: Full Scan (C:\|) Objects scanned: 257725 Time elapsed: 56 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Temp\SKYNETibcrvjucbr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. c:\WINDOWS\system32\SKYNETfealvtxy.dll (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\SKYNETlpwbhbnn.dll (Trojan.Agent) -> Delete on reboot. c:\WINDOWS\system32\drivers\SKYNETvgkuwjpp.sys (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:52:59 PM, on 6/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\STacSV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090205 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234419453193 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234491428000 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1c98d998a4a476a) (gupdate1c98d998a4a476a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13635 bytes
  6. awesome, thank you Miekie. Sorry I guess I just get nervous and until I hear you say those words...you know how it is. Thanks so much!
  7. Hi Miekie - After updating Malwarebytes this has been fixed but I've been getting viruses every once in a while even though I'm not going anywhere different really in my browser. I thought it was good to just post the log anyway as I thought maybe something was hiding on my system still. Does my log look okay to you? Thanks for responding.
  8. First off thanks for a wonderful product. Malwarebytes is truly one of the best if not THE best malware eliminators. I own a copy of Malwarebytes and had an issue with a virus. Right now Malwarebytes is saying everything is clean but I don't believe it is. I think there's something hiding on my machine and would love if someone could analyze my log file. Here's what happened: I had Protection Enabled on startup. When my cpu turned on, Malwarebytes popped-up a window that said it had blocked a process from accessing the internet (C:\System32\MSCTF.dll: rootkit.Goldun). It gave me the option to quarantine the virus but the pop-up window froze and my system locked up so I was never able to quarantine it. It's worked fine in the past, just seemed to have a problem with this virus. What's also strange and concerning to me is when I disabled protection at startup and ran a scan with Malwarebytes on it's own it said that it found no malicious programs on my cpu. As soon as I enabled the protection again, the window popped-up saying it found the rootkit.Goldun again and would freeze. I took a chance and ran McAfee which I'm not a fan of but it did find one trojan that malwarebytes didn't called Arftemis!C6216C66E6EB. I don't know what happened with the original rootkit.Goldun virus that Malware was freezing on which makes me think it's still here. Anyway, McAfee quarantined the Artemis trojan and now Malwarebytes works fine with no pop ups on startup and when I run a scan it says everything is clean. Thing is I'm still afraid that something is on here because for the past few days I keep getting virus alerts when I haven't gone anywhere differently on the web. Malwarebytes removes it and then the next day a new one shows up. I think something is hiding on my cpu. Any help would be greatly appreciated! Log file and MBAM logs below. Thanks! Malwarebytes' Anti-Malware 1.37 Database version: 2219 Windows 5.1.2600 Service Pack 3 6/3/2009 11:48:12 AM mbam-log-2009-06-03 (11-48-12).txt Scan type: Full Scan (C:\|) Objects scanned: 248265 Time elapsed: 1 hour(s), 20 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) =================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:20 PM, on 6/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\STacSV.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Darin Galgano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\FileZilla FTP Client\filezilla.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090205 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234419453193 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234491428000 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1c98d998a4a476a) (gupdate1c98d998a4a476a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13627 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.