1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Possible virus

Discussion in 'Malware and Virus Removal Archive' started by texastig, 2010/01/12.

  1. 2010/01/12
    texastig

    texastig Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    18
    Likes Received:
    0
    [Active] Possible virus

    I went to the dos prompt and typed in netstat -a -o and it says this:

    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 7up:epmap antivirus-fast-scan02.com:0 LISTENING 1236
    TCP 7up:990 antivirus-fast-scan02.com:0 LISTENING 616
    TCP 7up:2002 antivirus-fast-scan02.com:0 LISTENING 2076
    TCP 7up:2869 antivirus-fast-scan02.com:0 LISTENING 1448
    TCP 7up:1039 antivirus-fast-scan02.com:0 LISTENING 3864
    TCP 7up:1406 localhost:1407 ESTABLISHED 1720
    TCP 7up:1407 localhost:1406 ESTABLISHED 1720
    TCP 7up:1408 localhost:1409 ESTABLISHED 1720
    TCP 7up:1409 localhost:1408 ESTABLISHED 1720
    TCP 7up:5152 antivirus-fast-scan02.com:0 LISTENING 884

    TCP 7up:5152 localhost:15070 CLOSE_WAIT 884
    TCP 7up:5354 antivirus-fast-scan02.com:0 LISTENING 604

    TCP 7up:5679 antivirus-fast-scan02.com:0 LISTENING 208

    TCP 7up:7438 antivirus-fast-scan02.com:0 LISTENING 208

    TCP 7up:12025 antivirus-fast-scan02.com:0 LISTENING 3224
    TCP 7up:12080 antivirus-fast-scan02.com:0 LISTENING 3456
    TCP 7up:12110 antivirus-fast-scan02.com:0 LISTENING 3224
    TCP 7up:12119 antivirus-fast-scan02.com:0 LISTENING 3224
    TCP 7up:12143 antivirus-fast-scan02.com:0 LISTENING 3224

    I'm on Winxp sp3.
    What do you all think about that?
     
    Last edited: 2010/01/12
    texastig,
    #1
  2. 2010/01/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Read this post, then post the requested log(s).
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/01/12
    texastig

    texastig Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    18
    Likes Received:
    0
    How do I disable script blocking protection? When I run ddr.scr I get this info and no txt documents:


    MZ   ÿÿ ¸ @ € º ´ Ã!¸LÃ!This program cannot be run in DOS mode.

    $ PE L +I à  2 n h   @     0  ²        Ô  ´ .code   è  PEC2FO à.rsrc   ê à ¸¨$R Pdÿ5 d‰%
     
    texastig,
    #3
  5. 2010/01/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #4
  6. 2010/01/14
    texastig

    texastig Inactive Thread Starter

    Joined:
    2009/01/08
    Messages:
    18
    Likes Received:
    0
    The combofix worked and fixed everything.
     
    texastig,
    #5
  7. 2010/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I need both logs anyway :)
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...