Jump to content

illukka

Trusted Malware Techs
  • Content Count

    20
  • Joined

  • Last visited

About illukka

  • Rank
    Member

Previous Fields

  • Teams:
    Nothing Selected
  1. hi clean it is Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above Make your Internet Explorer more
  2. hi go to this page http://www.atribune.org/content/section/4/30/ and download winsockfix transfer it to the infected computer, then run it reboot post a new hijackthis log as you have noticed, many of these tools can be harmful if used improperly
  3. hi go to this page http://securityresponse.symantec.com/avcen...moval.tool.html read the instructions carefully and download the trojan vundo removal tool disconnect the infected machine from networks, and run the removal tool reboot run the tool again reboot again rescan with hijackthis and post a fresh hijackthis log
  4. hi yes, just delete it. good news then, nothing hiding there, we can mark this as solved Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore
  5. well hows that hijackthis log then, i'd like to take a look
  6. hi jeeezz that log looks good lets do an online virus scan to make sure there are no other nasties present: do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard) Scan
  7. hi the log looks clean ! as for avg not detecting the svkp.sys, well they know better.. it is not a malicious file i suggest that you try to reinstall registry medic, either from a fresh download or from an existing installer. let me know if that fixes it svkp it self is an useless program, unless you write or distribute software i really hope NAV will fix that false positive
  8. the answer is simple: it is protected by this svkp.sys. the software wont run if it is not present. you see if the driver is not there svkp will assume that its being reverse engineered and thus refuses to run the key to most of these problems is NAV stopping to detect this stupid false positive i can understand why this file was added. it (svkp ) has been used in some nasties to protect the worm or trojan. but it is still not a malicious file contrary to popular belief i dont think norton av is a bad antivirus, but perhaps it would be best to replace it with something else until the
  9. hmm looks odd the lines indicating the infection are still there , could be that ms antispy is preventing the vundofix from doing its job lets try one more time but Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection: Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye). Click on "Security Agents Status". Click on "Disable real-time protection". Next, open Microsoft Anti-Spyware. Click on the Options menu, then Settings. Select "Real Time Protection" from the left column
  10. did you download the fixvundo tool? all you need to do is to disconnect the machine from the net, then run the fixvundo tool, then reboot, run the tool again reboot again, then rescan with hjt and post a fresh log
  11. hi go to http://securityresponse.symantec.com/avcen...moval.tool.html follow the instructions there to download and run the trojan vundo removal tool after you've run it twice, rebooting in between , reboot again then rescan with hijackthis and post a fresh log
  12. hi the hacktool rootkit detection is a false positive of norton the file svkp.sys is a known file, it belongs to svkprotector. svkprotector is a tool that is used in shareware applications to protect them against cracking/reverse engineering more info on it can be found here: http://www.wilderssecurity.com/showthread....9282#post589282 http://www.dslreports.com/forum/remark,14616513 looks like registry medic is one of its(svkprotector) users i have that file on my computer too, i've the svkprotector installed edited: i see that there are some items in the hjt log though.. it
×
×
  • Create New...