Jump to content

Change Mode

Timewalker

Members
  • Content Count

    10
  • Joined

  • Last visited

About Timewalker

  • Rank
    Member
  1. Yeah, her laptop seems fine. I am leaving MBAM on it for frequent checks, along with the other spyware programs. There was an Avast warning on Thanksgiving, but the files were easily moved to the chest, unlike the previous buggers, and MBAM didn't ping anything. That said, I kept checking on reboot the next several days in case any of the rootkit behavior started again. I dug into the source code on her page and pulled out anything that looked like Javascript. Would you mind trying it again? Thanks again for all your help Essexboy!
  2. I can't believe I hadn't seen your reply until today. My e-mail notification stopped working apparently. Anyway, all seems well. Clean restore point and everything. One more tiny request - can someone check out my wife's business homepage. http://www.jaylabeta.com ? A friend said his browser was getting a warning when he visited (virus? hijack attampt), and I wasn't sure if the rootkit/trojan may have attacked her web editor/hosting login/password stuff. I'm not seeing anything bad on my PC in either IE or Fox, but something else it being loaded when the page loads up. I don't know if it is
  3. No obvious problems as of now. I noticed the G--- W--- as well. What happened was an anonymyzier in the original log I sent you. I was advised several years ago to not post identifying information when I posted on forums like this, so it's a habit now to blank out her name when I post things like that. I didn't notice it in the code, or I would have changed it back. I did after the last post, but the results were mostly the same - file not found. Here is the log for the last code youposted ========== PROCESSES ========== Process Explorer.EXE killed successfully. ========== FILES ===
  4. Moveit log ========== PROCESSES ========== Process Explorer.EXE killed successfully. ========== FILES ========== C:\WINDOWS\System32\TDSSitpe.dat moved successfully. C:\WINDOWS\System32\texnjkxy.ini moved successfully. C:\WINDOWS\Temp\TMP1E.exe moved successfully. C:\WINDOWS\Temp\TMP2A8.exe moved successfully. C:\WINDOWS\Temp\TMP2AC.exe moved successfully. C:\WINDOWS\Temp\TMP2AD.exe moved successfully. C:\WINDOWS\Temp\TMP2AE.exe moved successfully. C:\WINDOWS\Temp\TMPF.exe moved successfully. File/Folder C:\Documents and Settings\G--- W---\Local Settings\Temp\SIntf16
  5. I used the same settings for OTScanIt as the first instructions - all users, 90 days, rootkit, etc. OT Scan it log http://www.mediafire.com/?sharekey=4703677...2db6fb9a8902bda HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:46 PM, on 11/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svch
  6. Oops, word wrap was on afterall. Here is the fixed OT Scan file http://www.mediafire.com/?sharekey=4703677...2db6fb9a8902bda (well, I thought I fixed word wrap....)
  7. Ok, my wife got up before me and ran Superantispyware and got this log. Just thought you should know. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/16/2008 at 00:54 AM Application Version : 4.21.1004 Core Rules Database Version : 3639 Trace Rules Database Version: 1622 Scan type : Complete Scan Total Scan Time : 00:24:11 Memory items scanned : 584 Memory threats detected : 0 Registry items scanned : 5024 Registry threats detected : 6 File items scanned : 19055 File threats detected : 32 Adware.Tracking Coo
  8. Here are the RSIT results, log and info. This looks like it contains the HJT results within it. I have deleted all temporary files. She hasn't been doing any online banking or shopping. We're changing passwords. What else should I do while I await your guidance? Thanks in advance, Joe log Logfile of random's system information tool 1.04 (written by random/random) Run by G--- W--- at 2008-11-15 22:52:02 Microsoft Windows XP Professional Service Pack 2 System drive C: has 59 GB (73%) free of 81 GB Total RAM: 1022 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan sav
  9. Hi all, My wife stumbled onto a bad site a month or so ago, and her avast started yelling at her. So we shut everything down, did some research after running a full scan, and downloaded MBAM and ran it. Sure enough, there were some trojans infesting her system. But after running MBAM, and then re-running Avast and checking one of the online sites (Kapersky, I think), everything was checking out ok. Then earlier this week, when she had only been to her site, gmail, and yahoo, she started getting warnings again from avast. I ran MBAM again and got more trojans and a rootkit warning this time.
×
×
  • Create New...