Jump to content

Change Mode

BORICUABEATS

Members
  • Content Count

    70
  • Joined

  • Last visited

About BORICUABEATS

  • Rank
    Member

Previous Fields

  • System Specifications:
    eMachine T3120 AMD Sempron(tm) Processor 3100+ 1.81 Ghz 384 MB of Ram 100G Gb HD with CDRW
  1. Just found out that my laptop has trojan.0access on it. I tried to delete it but everytime I reboot, it pops up all over again. Any help would be greatly appreciated. Thanks in Advance!
  2. I am still receiving the pop-ups on certain sites and here is the log you requested. All processes killed ========== REGISTRY ========== Registry key HKEY_USERS\S-1-5-21-2322216334-2861174008-302321475-1003\Software\Microsoft\Search Assistant\ACMru\5603\ deleted successfully. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 150183 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Fil
  3. Did as you suggested and here is the log; Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 10/12/2010 10:29:21 PM for strings: ; 'clickpotato' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-2322216334-2861174008-302321475-1003\Software\Microsoft\Search Assistant\ACMru\5603] "001"="Clickpotato" ; End Of The Log...
  4. when I entered ComboFix /Uninstall I got an error saying that windows could not find ComboFix. I also ran OTC. ClickPotato is still popping up on certain sites
  5. I did exactly as you suggested and here are the 2 logs that you asked for: ******************************************************************************************************************************************************* Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4783 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.11 10/9/2010 2:17:43 AM mbam-log-2010-10-09 (02-17-43).txt Scan type: Quick scan Objects scanned: 153125 Time elapsed: 7 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modu
  6. When I'm the internet on certain sites I get this pop-up out of no where and then I have to click skip or on certain pages I get a pop-up ad for clickpotato not to mention that computer is running slow. I did exactly as you suggested, here are the logs: ****************************************************************************************************************************************************** DDS (Ver_10-10-05.01) - NTFSx86 Run by Owner at 12:00:41.26 on Fri 10/08/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.720
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:52:15 PM, on 10/7/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Progr
  8. Cold not find the file that you request I scan with virustotal however here are the other 2 logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4474 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2010-08-25 2:38:41 AM mbam-log-2010-08-25 (02-38-41).txt Scan type: Quick scan Objects scanned: 156670 Time elapsed: 6 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files I
  9. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:19, on 2010-08-23 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  10. _________________________________________________________________________________________ Ran Combo Fix, here is the log: ComboFix 09-08-27.A0 - Owner 08/28/2009 8:31.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.805 [GMT -4:00] Running from: c:\documents and settings\Owner\My Documents\Bueno's Pics\Standard\ComboFix.exe AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: *disabled* {94894B63-8C7F-4050-
  11. _________________________________________________________________________________________ Did as you requested and then rebooted the computer and the first thing to pop up was Norton, with the same message. Backdoor.Tidserv Remove failed. Then IE opened twice. First time it seemed to install an ebay toolbar and the other froze. As requested, the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:36:56 AM, on 8/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\S
  12. Here goes the HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:44:23 AM, on 8/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Fil
  13. _________________________________________________________________________________________ I did as you suggested and here are the logs requested: Combofix Log: ComboFix 09-08-25.05 - Owner 08/26/2009 10:27.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502.809 [GMT -4:00] Running from: c:\documents and settings\Owner\My Documents\Bueno's Pics\ComboFix.exe AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW:
  14. _________________________________________________________________________________________ Norton keeps popping up the same alert again. Backdoor.tidserv Remove Failed
  15. Here are the results of ESET Online Scanner; [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339) # OnlineScanner.ocx=1.0.0.6048 # api_version=3.0.2 # EOSSerial=e5cf8f8e0742d04aa0e5ccfa1ba24f2d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-08-19 05:57:08 # local_time=2009-08-19 01:57:08 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service P
×
×
  • Create New...