Jump to content

Change Mode

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Thanks for taking the time to let us know, here is some information that may help you in the future. Happy New Year Here is some great information from experts in this field that will help you stay clean and safe online. http://users.telenet.be/bluepatchy/miekiem...prevention.html http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitstop.com/about/sup
  2. Sorry to be the bearer of bad news but you have some very bad trojans here: C:\WINDOWS\system32\ntos.exe http://www.symantec.com/security_response/...-99&tabid=1 Infostealer.Banker.C is a Trojan horse that may steal sensitive information from the compromised computer. C:\WINDOWS\repair\smrs.exe http://www.sophos.com/virusinfo/analyses/w32agobotrc.html Turns off anti-virus applications Allows others to access the computer Steals information Downloads code from the internet Reduces system security Records keystrokes There is more that I can't identify! A Backd
  3. I am not seeing any evidence of malware in the HJT log. Any symptoms on your end? http://www.symantec.com/security_response/...-050111-3914-99 http://www.bleepingcomputer.com/forums/topic90734.html Do you own AVG Anti-Spyware? Thanks...Phil
  4. Looks good, follow the instructions to clean your System Restore files and review the links I posted, they will give you good advice to help you stay clean. Safe surfing
  5. Looks great I see you updated the Java but the Java scheduler does not appear to be working: C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe I turn it off on my computer, it does not work and uses resources. You can make that call. The HJT log looks clean, how is the computer running? If it is ok with you, I would like to run one more scan to check for hidden junk. First remove Vundofix and Vundofix backups from your computer, the scan will see those as infected. You may also rename HJT if you wish. Run this online scan using Internet Explorer: Kaspersky Online Scanner from
  6. First let me point to this information: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Look at the information in the Vundofix report: Java version is 1.4.2.5 Old versions of java are exploitable and should be removed.and you will have a better idea of why you got infected. Download the newest version and uninstall ALL old versions in Add Remove programs. With the exception of the fact it looks like you ran vundofix because the last file was removed: C:\WINDOWS\system32\ssttt.dll (file missing) You have not completed the balance of the instructions. Please go thro
  7. Thanks for returning your information and the feedback. You still have the Vundo infection. Look at the the ones that say (file missing) they are deleted, the active infection looks like this: O2 - BHO: (no name) - {95241967-5AE2-4C80-B22E-9A62EA3FB60F} - C:\WINDOWS\system32\ssttt.dll O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll The junk can also morph. You seem to be comfortable on your computer so I will give you all instructions at once. It is important to read and follow them carefully, take the time you need, do not rush. 1) Thanks to Atribune and any others w
  8. Welcome to the forum, this trojan can be hard to remove. Please read and follow these directions. 1) F:\zz_remove sranje\VundoFix.exe <<< remove Vundofix from your computer, I may want it download to your Desktop new and I will tell you when. 2) HJT must run from a drive and you are running it from here: F:\zz_remove sranje\hijackthis\HijackThis.exe I want you to move it here: C:\HJT\HijackThis.exe. Here are tutorials if needed: http://russelltexas.com/malware/createhjtfolder.htm http://www.bleepingcomputer.com/forums/tutorial94.html Once you have it moved, I want yo
  9. Thanks for returning your infomation and the feedback. Your HJT log looks fine, I would like to run one additional scan that will take an hour or so to look for anything that may be hidden. If you do not feel this is necessary, that will be fine also. If you wish to run the scan: Run this online scan using Internet Explorer: Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner Next Click on Launch Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. * The program will launch and then begin downloading the lat
  10. You are still infected and it looks like a variety. Before we start, and I may use some of the tools later but want the new if I do, remove all combofix and Vundofix including quarantine and backups from your computer. Please read and follow these directions carefully. 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating
  11. Thanks or returning your information, you did not tell me if that was the problem? System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Some good information for you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html http://users.telenet.be/bluepatchy/miekiem...prevention.html Here is some great information from Tony Klein, Texru
  12. Welcome to the forum, you have a pretty nasty dialer running from your DPF's: (Progetto1.int_ver34) - htXX://advnt01.com/dialer/int_ver34.CAB http://www.castlecops.com/ActiveX.html Progetto1.int_ver34 X A1426AC5-8CE5-4A00-B71E-011D35709AC6 int_ver34.CAB Added by Porn-Dialer.Win32.VB.j DIALER! as reported by Kaspersky Anti-Virus That is likely your problem, but you have other issues also, let's try to address them all, and clean you up while we are at it. 1) See this: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 D:\Program Files\Java\jre1.5.0_06\ Your Java program
  13. Member never supplies required information. They commented they fixed the issue. Topic is closed.
  14. Resolved and closed Thanks
  15. It's what everyone else that is using this forum: http://forums.pcpitstop.com/index.php?showforum=25 but you has posted. I posted the link for you but it's at the top of the page where you first posted: Before Posting Your Hijackthis Log - Read This! http://forums.pcpitstop.com/index.php?showtopic=36065 Additional examples: http://russelltexas.com/malware/createhjtfolder.htm http://www.bleepingcomputer.com/forums/tutorial94.html http://forums.security-central.us/showthread.php?t=112for
  16. Please stay in the original topic using "new reply" NOT "new topic" I suggest you follow the instructions and post a HJT log. That infection is rarely alone and chances are you have other junk the HJT log will show. Thanks
  17. I see you installed a new BHO, read about it here: http://www.bleepingcomputer.com/startups/G....exe-16278.html I personally believe Google is trying to take over to much and is becoming a resource hog. Myself, I run the basic toolbar/popup blocker and nothing else, but that's your option. The HJT log looks fine, keep up the good work and be careful, it's a cyber-jungle out there. Thanks
  18. Welcome to the forum, you need to follow the instructions in this link: http://forums.pcpitstop.com/index.php?showtopic=36065 Then if you feel comfortable following a self-help tutorial, use these instructions since you said Spylocked: http://www.bleepingcomputer.com/forums/topic85376.html Thanks
  19. Looks good, let's do this: 1) Check your Java program for an update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 2) You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas.com/malware/images/unsafefolder.gif Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 3)
  20. No response since 10:03pm Thu Mar 8 2007 Topic is closed Thanks
  21. Sounds good, might not be a bad idea to do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on: http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/
  22. Thanks for your feedback, seems there is a problem with this link: http://www.pcpitstop.com/pcpitstop/NoSessi...?host=1.4.22.25 You can try again to post it if you wish, or you can post any questions about the results here: http://pcpitstop.invisionzone.com/index.php?showforum=6 I suggest you look carefully at the report, much information is available, but you must click through to see it. Look especially for red flags and then for the yellow ones. Thanks
  23. Welcome to the forum, your HJT log looks good. That does not mean some junk could not be hiding and we will look if need be. Let's do a couple of things first. 1) Looks like you used AVG Anti-Spyware recently, assuming it was not something you purchased, the program is still running from your services and that's a waste. O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Now this is the guard and if you know it is running then you need to make me aware before you proceed. Something would be wrong at that poin
  24. Hello Steven and welcome to the forum, let's take a look. The first thing I see are all of these programs running. I don't see any real malware, but that is probably because there is not place for the junk to put itself. Windows Defender SUPERAntiSpyware Spyware Doctor ProcessGuard WinPatrol Spyware Terminator While it may not be now, Spyware Terminator was just on the Rouge Spyware list here: http://www.spywarewarrior.com/rogue_anti-spyware.htm You are also running SpywareGuard and TeaTimer which do basically the same thing. While we know that only one anti-virus program and
  25. Thanks for the feedback, cookies are part of life on the internet, I still get asked to install cookies when I go to a new site. I can choose to block that one cookie, or block them always. This is something you will have to do with the information I provided. I once blocked my banks cookie and could not access my account until I over-rode those instructions. SpywareBlaster: Did you review the links from experts I posted? That is covered in them, I use it on all of my computers and kept updated it will block a lot of junk, but not all cookies, here is a tutorial if it helps: http://w
×
×
  • Create New...