vizion

Members
  • Content count

    23
  • Joined

  • Last visited

About vizion

  • Rank
    New Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    trans-national UK/US
  1. Thats good -- I did not have time to look at it closely to see what is going on.. just flagging up that there is a bug and if I can see so can others -- bad guys look for more when they find one!! Anyway I have done my bit <chuckles> david
  2. Suggest you report it to google analytics support. You could start in the forum http://www.googlecommunity.com/forum/other...ytics-bugs.html You should get some pointers there. I suggest you search relevant code and then open your site remotely on a machine equipped with debugging tools and paste the code and and the notifications into the forum. You should also check that the line numbers given in the notification coincide with the source (sometimes the notification gives the wrong line numbers!! It is worth watching these things -- hackers often start by looking at web site coding errors when they want to hack your site and my guess is that you malwarebytes could be an attractive target to some of those b******s - so I would recomend you give errors like this close attention. david
  3. It seems to be a widespread problem. On the homepage an example snippet may be: </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-3347303-1"); pageTracker._initData(); pageTracker._trackPageview(); </script> Most pages I open display this problem PS This bug is of course mainly apparent in Internet Explorer -- Chrome, Netscape do not exhibit similar difficulties -- MS$ & MS$ VS make it apparent. david
  4. My 64bit system is equipped with debugging tools that show all errors in scripts. I thought you might like to know there are multiple errors _gat is undefined. One example may be coming from this code segment: </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-3347303-1"); pageTracker._initData(); pageTracker._trackPageview(); </script> If you want more info let me know but I would think a quick search through the code for your main forum pages and the home page should put you on track. david
  5. Thanks very much for your observations - your point about start ups I felt to be very apt! Thank you. However I wanted to tell you that unless I missed something I found the other link very disappointing. I felt you should be aware of this before providing the link it to someone else in similar circulstances. That was because I only found that site using the "Keyhook error" as a label upon which to make strong pitch to purchase Registry mechanic. I found no information focussing the problem. Maybe I missed something, in which case I apologise, but maybe you did not realise the site that does not really seem to offer solutions to problems but only uses the existence of known problems as a "Hook" to sell a product that may or may not fix the problem!!!. I would caution other users about that site - whilst I am sure the product has genuine benefits and may be an excellent general registry tool (I actually have a licensed copy on one of my systems)-- however it does not really offer the ability to fix problems of this nature even though it uses the existence of any problem as an inducement to buy. Their website (however good their software may be) seems to me to be an example of poor marketing practices and I leave it with the feeling their administration is ethically challenged. A site to be only recomended with caution would be my conclusion. Thanks again David
  6. If someone who knows about these things could take a look at this one it would be appreciated. In another topic I referred to Sys2 and the reasons why I am posting these logs. This Topic is about Sys 3 which is a win XP 64 sys on the same local network in which extensive use is made of network shares. So the risk of cross infection is high. http://www.malwarebytes.org/forums/index.p...st=0#entry28996 This system does not show any overt sign of problems however the Event log is also showing problems with the Windows Search service (see the above thread on Sleuth). Here is the entry: Source Windows Search Service Category: Gatherer Event ID 3083 The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered Results from Microsoft support centre yields very lttle: Results for: Microsoft product: Windows Operating System; Version: 7.0.6001.16503; ID: 3083; Event Source: Windows Search Service; File name: tquery.dll.mui; Another event log error: Source Crypt 32 Category None Event ID 8 Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Results from Microsoft support centre yields nothing: A Kaspersky does not pick up any problems but I am not totally reassured by that <chuckles> Thanks in advance David hijackthis_Sleuth64.txt hijackthis_Sleuth64.txt
  7. OK I thought I would double check after Bruce found the way to clear one of my systems from a new and nasty rootkit. So, on Bruce's recomendation I post HiJackThis for each system starting with the two that did not appear clean. This system is called Sleuth. I would really appreciate it if someone could take a look at the logs. I know these damn trojans have a habit of infecting systems on the same network especially when, as in this case, there is extensive use of network shares. As we believe the infected machine is now clear one I would like to be reasonably sure about the others but Bruce's time is very precious and he needs to concentrate on other things. Attached is the HiJack this log file from Sleuth. This machine is sometimes extremely slow but I have no solid reason for believing it is infected. However it has a notification error after login: Keyhook.exe - Entry point not found The procedure entry point ? DDrawSupportGetDriverName@CSISEsc@@QAEHPADH@Z could not be located in the dynamic link library SiSApCom.dll There are also notices ofthe following type in the event log: Source Windows Search Service Event ID 1015 Time 5:47:26 AM Event ID 3013 for the Windows search service has been suppressed 100 times since 5:26:32 AM. This event is used to suppress Windows search events that have incurred frequently withinm a short period........ Event ID 3013 (NB the system is on drive E:\ not C:\) The entry <E:\CONFIG.MSI\77DAE.RBF> in the hash map cannot be updated. Context: Application, SystemIndexCatalog Details A device attached to the system is not functioning (0x8007001f) I am sorry to say I know more about administering Unix systems than MS$ so am not certain what to do about this... if I were to rely on instinct alone I would say this is not a malware related problem -- but instincts need to be disabused from time to time!!! <chuckles> Thanks David hijackthis_Sleuth.txt hijackthis_Sleuth.txt
  8. And last but not least the one from the machine that we worked on. You have three of a kind now can you turn it into a full house? <chuckles> David hijackthis_Pfast_2008_09_23.txt hijackthis_Pfast_2008_09_23.txt
  9. Here is the one from Sleuth 64. BTW I found gmer does not seem to like XP Pro win64. David hijackthis_Sleuth64_2008_09_23.txt hijackthis_Sleuth64_2008_09_23.txt
  10. OK I thought I would double check so I am running HiJackThis on each of the Systems starting with the ones that appeared clean. IF/when you get a chance I would really appreciate it if you could take a look at the logs. I know these damn trojans have a habit of infecting systems on the same network especially when, as in this case, there is extensive use of network shares. As we have cleared one I would like to be reasonably sure about the others. Attached is the HiJack this log file from Sleuth. This machine is soemtimes extremely slow and has the following notification error after login: Keyhook.exe - Entry point not found The procedure entry point ? DDrawSupportGetDriverName@CSISEsc@@QAEHPADH@Z could not be located in the dynamic link library SiSApCom.dll When you get a chance. Thanks David hijackthisSleuth_2008_09_23.txt hijackthisSleuth_2008_09_23.txt
  11. I updated and applied the update to each machine (1 XP Pro 64 [sleuth64]+ 1 x XP Pro 32[sleuth] + 1 Xp Pro 32 (PFast). Sleuth 64 & Sleuth passed completely clean HOWEVER your latest updated unearthed two more problems on PFast. I have attached the malwarebytes log file. Do you need any more info0? David mbam_log_2008_09_23__14_17_41_.txt mbam_log_2008_09_23__14_17_41_.txt
  12. Yep sure is .. Thanks to you Great work david
  13. That has been done see: http://www.malwarebytes.org/forums/index.php?showtopic=6455
  14. BTW is gmer.exe OK for XP 64? David
  15. Here it is.. You are right on the nail. The weird thing is that nhvjgpmc looked a bit odd to me but I had no way of checking it out.. Where do we go from here?? Thanks for sticking with this and pushing me in the right direction David gmer_log.txt gmer_log.txt