#1
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
[Resolved] Desktop Infected
During routine virus scan ,I found desktop infected, There has been no warning signs of a virus according to the person who uses it, no change in operatinng,Dss , Kerpersky, I will post in the order of the scan, This computer is primarily for emails, surfing the web and book keeping, very little downloading is done.
Didn't find the information you thought to find?Similar Threads
#2
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
Malwarebytes' Anti-Malware 1.37
#3
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
DDS (Ver_09-05-14.01) - NTFSx86 HJT Report ===============http://favorites.live.com/quickadd.aspx AMD Athlon(tm) XP 1600+ | Socket A | 1400/133mhzSP2 (KB927978)SP2 (KB936181)SP2 (KB954430)
#4
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
KASPERSKY ONLINE SCANNER 7.0 REPORT
#5
Malware Analyst
Profile: Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,603
Computer Experience:
Please download ComboFix from Here Here **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop** Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Very Important! disable your anti-virus , script blocking and any anti-malware real-time protection before "unpredictable results" .Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Make sure, you re-enable your security programs, when you're done with Combofix.
#6
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
I absolutely cannot download combofix, when I attempt to use the links, the page page cannot be found, when I attempt to download from another site, it tells me an error has occurred. I have searched my computer and I can find no evidence of Combofix on the computer. I put Combofix /u in run, nothing happened here. What to do?
#7
Malware Analyst
Profile: Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,603
Computer Experience:
I'm about to send you PM with my private download link.
#8
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
I couldn't download recovery console.0 .4334.34.14\comps\acs\ecuinst.exe0 .4334.34.14\comps\tb\tbsetup.exe0 .4334.34.14\comps\ocp\instSup.dll0 .4334.34.14\comps\afix\wsfinst.exe0 .4334.34.14\comps\sm\stmninst.exe0 .4334.34.14\comps\ocp\ocpinst.exe0 .4334.34.14\comps\ocp\ocpchk.dll0 .4334.34.14\comps\afix\WinsockFix.exe0 dailahttp://favorites.live.com/quickadd.aspx http://www.gmer.net
#9
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
Logfile of Trend Micro HijackThis v2.0.2SP3 (WinNT 5.01.2600)http://go.microsoft.com/fwlink/?LinkId=69157 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=54896 http://go.microsoft.com/fwlink/?LinkId=69157 http://favorites.live.com/quickadd.aspx http://fpdownload2.macromedia.com/ge...nt/swflash.cab
#10
Malware Analyst
Profile: Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,603
Computer Experience:
1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.
copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Tasks\ParetoLogic Privacy Controls_{49D6332A-E522-11DD-A87D-00038A000015}.job
c:\windows\Tasks\ParetoLogic Update Version2.job
c:\windows\Tasks\Symantec NetDetect.job
Folder::
c:\program files\ParetoLogic
c:\program files\Common Files\ParetoLogic
c:\program files\Symantec
Driver::
Registry::
RegLockDel:: Save the above as CFScript.txt drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.http://users.pandora.be/bluepatchy/m...s/CFScript.gif Combofix.txt A new HijackThis log .
#11
Malware Analyst
Profile: Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,603
Computer Experience:
Quote:
I couldn't download recovery console.
What happened?
#12
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
The box came up before I attempted to download CF . when I clicked the yes prompt, nothing happened, when I clicked the no, same thing, seemed to be frozen. This is the only time the installation was requested.
#13
Malware Analyst
Profile: Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,603
Computer Experience:
Run Combofix script from my previous reply.HJT log THIS time.http://support.microsoft.com/kb/310994 http://209.85.48.8/228/109/upload/p4357307.gif Transfer all files you just downloaded, to the desktop of the infected computer. http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.http://img.photobucket.com/albums/v7...7/whatnext.png
At the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.
C:\ComboFix.txt , and fresh HijackThis log in your next reply.
#14
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
I am reading over these directions and I don't think I'm capeable of doing this. One thing they don't have a download for sevice pack 3 and I have never understood photobucket when I have tried to use it in the past.
#15
Senior Member
Profile: Join Date: Jul 2008
Location: wilmington,NC
Posts: 461
Computer Experience:
ComboFix 09-06-17.02 - Dee 06/17/2009 22:47.20 - NTFSx860 _days.htm0 .4334.34.14\comps\acs\ecuinst.exe0 .4334.34.14\comps\tb\tbsetup.exe0 .4334.34.14\comps\ocp\instSup.dll0 .4334.34.14\comps\afix\wsfinst.exe0 .4334.34.14\comps\sm\stmninst.exe0 .4334.34.14\comps\ocp\ocpinst.exe0 .4334.34.14\comps\ocp\ocpchk.dll0 .4334.34.14\comps\afix\WinsockFix.exe0 dailahttp://favorites.live.com/quickadd.aspx http://www.gmer.net
All times are GMT +1. The time now is 08:32 .
HCP Discovery Service
