Change Mode

sambora1984
Advanced Member-
Content Count
1,198 -
Joined
-
Last visited
About sambora1984

-
Rank
Have a Nice Day!
- Birthday 05/19/1984
Contact Methods
- MSN
-
Website URL
http://
-
ICQ
0
Profile Information
-
Location
Scotland
Previous Fields
-
Teams:
PC Builders Club
-
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi Conspire, Thanks for all your help trying to sort this one. I guess it won't do any harm to start the machine from fresh anyway...it will keep me busy for half a day! Thanks again, Sambora1984 -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi Conspire, Ok made sure it was the right file name this time sorry about that! Thanks ComboFix 11-05-23.02 - Ishbel 24/05/2011 19:58:26.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.982 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ishbel\Desktop\CFScript.txt FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\windows\Explorermgr.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))) -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi again, here are the results from the latest run of ComboFix as requested... thanks ComboFix 11-05-18.04 - Ishbel 23/05/2011 18:31:28.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.946 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ishbel\Desktop\CFScriptv2.txt FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))) -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi, Couldn't download from link again but managed to send it via email from another machine! Thanks aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-22 16:03:45 ----------------------------- 16:03:45.109 OS Version: Windows 5.1.2600 Service Pack 3 16:03:45.109 Number of processors: 1 586 0x401 16:03:45.109 ComputerName: EMMA UserName: 16:03:46.375 Initialize success 16:04:14.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:04:14.515 Disk 0 Vendor: SAMSUNG_SP0802N TK200-04 Size: 76351MB Bus -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi there, Scan doesn't appear to have found anything. Forgot to say I've had trouble open the first two links of the virus file scanners you posted and as well I couldn't access this TDSSKiller link (had to use previous download of the program)...is this a concern? Also noticed a system tray notification style box popped up yesterday saying malicious software was not completed removed...click here to resolve. I decided not to in case it was false although the first screen of it suggested it was a Microsoft thing...wasn't convinced by it though. Thanks 2011/05/21 18:42:14.03 -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hello, Here are the results of the virscan and combofix as requested...couldn't get either of the first two links to run so used virscan. thanks VirSCAN.org Scanned Report : Scanned time : 2011/05/20 21:12:35 (BST) Scanner results: 5% Scanner(s) (2/37) found malware! File Name : null0.19106781029606734.exe File Size : 100958 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : b0fa2f95250378c192b479f045e59164 SHA1 : 333ac1b30d4cd1a8ed695e7f745546d71188fe3e Online report : http://file.virscan.org/rep -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi Conspire, Got this combofix run...ZoneAlarm somehow re-enabled half way through but it seemed to get to the end ok after i disabled it again. Thanks ComboFix 11-05-18.04 - Ishbel 19/05/2011 18:05:50.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.997 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documen -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi Conspire, Sorry I've not replied yet I am once again away from this machine but hope to carry out the next steps tomorrow evening. I will post results asap! Thanks -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
TDSS Report: Rebooted immediately after scan finished. Thanks 2011/05/15 10:15:11.0031 1684 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/15 10:15:11.0718 1684 ================================================================================ 2011/05/15 10:15:11.0718 1684 SystemInfo: 2011/05/15 10:15:11.0718 1684 2011/05/15 10:15:11.0718 1684 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/15 10:15:11.0718 1684 Product type: Workstation 2011/05/15 10:15:11.0718 1684 ComputerName: EMMA 2011/05/15 10:15:11.0718 1684 UserName: Ishbel 2011/05/15 10:15: -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi Conspire, Forgive me for posting everything but I cannot see where I can attach any files in the reply dialog...am I being stupid?! Anyway here are the requested logs. I look forward to your reply. Many thanks DDS------------------- . DDS (Ver_11-03-05.01) - NTFSx86 Run by Ishbel at 17:38:33.25 on 14/05/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.908 [GMT 1:00] . FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\ -
Hjt Log For Recurring Exe File Hijacking Browser
sambora1984 replied to sambora1984's topic in Solved Malware Logs
Hi thanks for replying. I'm not currently with the infected machine. I won't be able to run these logs until saturday unless I get to the machine before then. I'd Appreciate if you would keep this thread open as I will reply as soon as I can. Thanks -
Hi Please help with this nasty little recurring virus thing. I have spent hours deleting startup entries running malwarebytes, spybot etc but with no luck. The offending item can be seen in the log below at F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\ddbndqyl\ljsaqqic.exe I've even tried replacing the system.ini and win.ini from the C:\windows\pss folder but this didn't have much effect. After every reboot any file that has been deleted simply re-appears! Please help. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:02:3
-
Installing Win2000 on an external Hard drive
sambora1984 replied to sambora1984's topic in User to User Help
Hi Guys, No luck, it detected the USB device but couldn't load drivers. No joy this time. I think I will install it onto a new internal, nice and easy and use the big usb drive as a general storage device. Thanks