sambora1984

Hi Conspire, Thanks for all your help trying to sort this one. I guess it won't do any harm to start the machine from fresh anyway...it will keep me busy for half a day! Thanks again, Sambora1984

Hi Conspire, Ok made sure it was the right file name this time sorry about that! Thanks ComboFix 11-05-23.02 - Ishbel 24/05/2011 19:58:26.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.982 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ishbel\Desktop\CFScript.txt FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\windows\Explorermgr.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))

Hi again, here are the results from the latest run of ComboFix as requested... thanks ComboFix 11-05-18.04 - Ishbel 23/05/2011 18:31:28.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.946 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ishbel\Desktop\CFScriptv2.txt FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 ))))))))))

Hi, Couldn't download from link again but managed to send it via email from another machine! Thanks aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-22 16:03:45 ----------------------------- 16:03:45.109 OS Version: Windows 5.1.2600 Service Pack 3 16:03:45.109 Number of processors: 1 586 0x401 16:03:45.109 ComputerName: EMMA UserName: 16:03:46.375 Initialize success 16:04:14.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:04:14.515 Disk 0 Vendor: SAMSUNG_SP0802N TK200-04 Size: 76351MB Bus

Hi there, Scan doesn't appear to have found anything. Forgot to say I've had trouble open the first two links of the virus file scanners you posted and as well I couldn't access this TDSSKiller link (had to use previous download of the program)...is this a concern? Also noticed a system tray notification style box popped up yesterday saying malicious software was not completed removed...click here to resolve. I decided not to in case it was false although the first screen of it suggested it was a Microsoft thing...wasn't convinced by it though. Thanks 2011/05/21 18:42:14.03

Hello, Here are the results of the virscan and combofix as requested...couldn't get either of the first two links to run so used virscan. thanks VirSCAN.org Scanned Report : Scanned time : 2011/05/20 21:12:35 (BST) Scanner results: 5% Scanner(s) (2/37) found malware! File Name : null0.19106781029606734.exe File Size : 100958 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : b0fa2f95250378c192b479f045e59164 SHA1 : 333ac1b30d4cd1a8ed695e7f745546d71188fe3e Online report : http://file.virscan.org/rep

Hi Conspire, Got this combofix run...ZoneAlarm somehow re-enabled half way through but it seemed to get to the end ok after i disabled it again. Thanks ComboFix 11-05-18.04 - Ishbel 19/05/2011 18:05:50.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.997 [GMT 1:00] Running from: c:\documents and settings\Ishbel\Desktop\ComboFix.exe FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documen

Hi Conspire, Sorry I've not replied yet I am once again away from this machine but hope to carry out the next steps tomorrow evening. I will post results asap! Thanks

TDSS Report: Rebooted immediately after scan finished. Thanks 2011/05/15 10:15:11.0031 1684 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/15 10:15:11.0718 1684 ================================================================================ 2011/05/15 10:15:11.0718 1684 SystemInfo: 2011/05/15 10:15:11.0718 1684 2011/05/15 10:15:11.0718 1684 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/15 10:15:11.0718 1684 Product type: Workstation 2011/05/15 10:15:11.0718 1684 ComputerName: EMMA 2011/05/15 10:15:11.0718 1684 UserName: Ishbel 2011/05/15 10:15:

Hi Conspire, Forgive me for posting everything but I cannot see where I can attach any files in the reply dialog...am I being stupid?! Anyway here are the requested logs. I look forward to your reply. Many thanks DDS------------------- . DDS (Ver_11-03-05.01) - NTFSx86 Run by Ishbel at 17:38:33.25 on 14/05/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1527.908 [GMT 1:00] . FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\

Hi thanks for replying. I'm not currently with the infected machine. I won't be able to run these logs until saturday unless I get to the machine before then. I'd Appreciate if you would keep this thread open as I will reply as soon as I can. Thanks

Hi Please help with this nasty little recurring virus thing. I have spent hours deleting startup entries running malwarebytes, spybot etc but with no luck. The offending item can be seen in the log below at F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\ddbndqyl\ljsaqqic.exe I've even tried replacing the system.ini and win.ini from the C:\windows\pss folder but this didn't have much effect. After every reboot any file that has been deleted simply re-appears! Please help. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:02:3

Hi Guys, No luck, it detected the USB device but couldn't load drivers. No joy this time. I think I will install it onto a new internal, nice and easy and use the big usb drive as a general storage device. Thanks

Try a firmware upgrade. I have looked on the Linksys website and it is less than clear as to where you will find it. Maybe someone else will know... I had problems with a linksys wireless router and the customer help wasn't great.

Do you have any wireless encryption enabled? Also, do you have DHCP enabled?