We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus Alert, help needed please?
Comments
-
Well where do all your downloads go?
Id guess C drive, USERS, 'LOGIN NAME', DOWNLOADS
Copy it to your DESKTOP and rename it from there:idea:0 -
blahblahdoh wrote: »I had this too - claimed to be 'Total Security' - started off as a pop-up but escalated.
Searched for 'Total Security' on C drive and in registry - deleted all occurences.
Rebooted in 'safe mode with network' (by holding down F8 key at startup) then ran free virus software 'SuperAntiSpyWare' and 'Ad-aware' - first one found and killed some viruses (Trojans).
Now OK except can't load Google!
"Firefox can't establish a connection to the server at www.google.com."
Same in Internet Explorer. Very odd, can get to other sites (like this one) using bookmarks. Ideas?
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program:idea:0 -
What, Combofix ?? Where did you tell your pc to save it to when you downloaded it ??......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Crikey, I can't find it. Have checked C drive, have done search and it won't come up. Eek...0
-
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
Clear, concise, and devastatingly effective - thanks a million AliEnRIK glad you visited planet MSE today :beer:0 -
blahblahdoh wrote: »Clear, concise, and devastatingly effective - thanks a million AliEnRIK glad you visited planet MSE today :beer:
id really suggest you run another FULL scan with malwarebytes though:idea:0 -
Info2 is the file that stores the names and deletion times of files put into the recycle bin. I've seen them thousands of lines long from people who don't realise if you don't empty recycle bins then the items just stay there (good for me in my job thoughJust a very quick update - I've downloaded the Malwarebytes programme and have managed to run a quick scan, but the scan process keeps sticking when I do a thorough scan on C:\RECYCLER\S-1-5-21-1078081533-963894560-682003330-1003\INFO2
). The long code starting S-1-5-21 is the account that this particular recycle bin belongs to.
Any chance you have something infected in your recycle bin? Might be worth emptying.0 -
ComboFix 09-10-20.03 - user 21/10/2009 14:26.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.446.183 [GMT 1:00]
Running from: f:\documents and settings\user\My Documents\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091020-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\driver
f:\documents and settings\user\My Documents\autobackup.reg
f:\documents and settings\user\My Documents\backup.reg
.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-21 13:11 . 2009-10-21 13:20
d
w- C:\qwerty.exe
2009-10-21 12:42 . 2009-10-21 12:42
d
w- c:\program files\Trend Micro
2009-10-21 09:21 . 2009-10-21 09:21
d
w- c:\documents and settings\user\Application Data\Malwarebytes
2009-10-21 09:21 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-21 09:21 . 2009-10-21 09:21
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 09:21 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 09:21 . 2009-10-21 09:21
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 08:09 . 2009-10-21 08:09
d
w- c:\documents and settings\user\Application Data\EPSON
2009-10-21 06:42 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-21 06:42 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-19 17:44 . 2009-10-19 17:44
d
w- c:\program files\ESET
2009-10-17 17:47 . 2009-10-17 17:47
d
w- c:\program files\iMesh Applications
2009-09-23 07:10 . 2009-09-23 07:10
d
w- c:\program files\iPod
2009-09-23 07:10 . 2009-09-23 07:11
d
w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-23 07:03 . 2009-09-23 07:07
d
w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 13:17 . 2008-07-03 20:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-21 12:30 . 2009-07-23 08:41
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 08:10 . 2009-02-24 08:51
d
w- c:\program files\TuxPaint
2009-10-17 19:02 . 2009-09-10 11:42
d
w- c:\documents and settings\user\Application Data\Auslogics
2009-10-17 18:58 . 2009-06-03 07:03
d
w- c:\program files\iTunes
2009-10-17 18:57 . 2008-10-12 09:10
d
w- c:\program files\Common Files\Apple
2009-10-15 12:57 . 2009-01-31 17:58
d
w- c:\program files\Java
2009-09-16 17:36 . 2008-07-03 14:15
d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 17:33 . 2008-07-03 14:14
d
w- c:\program files\Common Files\InstallShield
2009-09-16 17:32 . 2009-09-16 17:32
d
w- c:\documents and settings\All Users\Application Data\UDL
2009-09-16 17:31 . 2009-09-06 18:06
d
w- c:\program files\EPSON
2009-09-16 17:25 . 2009-09-16 17:23
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-11 14:18 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 16:22 . 2009-07-23 08:41
d
w- c:\program files\Spybot - Search & Destroy
2009-09-04 21:03 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 10:27 . 2009-09-03 10:26
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 10:25 . 2008-10-03 18:52
d
w- c:\program files\Auslogics
2009-08-29 08:08 . 2007-08-23 13:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 12:31 . 2009-08-27 12:31
d
w- c:\documents and settings\user\Application Data\Windows Search
2009-08-26 08:00 . 2007-08-23 13:22 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2008-07-24 08:24 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-07-24 08:24 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-07-24 08:24 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-07-24 08:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-07-24 08:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-07-24 08:24 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-07-24 08:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-07-24 08:24 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-07-24 08:24 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 18:24 . 2008-07-03 14:03 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-07-03 14:03 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-07-03 14:03 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-08-23 13:22 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-07-03 14:03 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2007-08-23 13:20 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-07-03 14:03 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2008-07-03 20:27 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2008-07-03 14:03 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 18:23 . 2007-08-23 13:22 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44 . 2007-08-23 13:21 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2007-02-28 01:15 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 04:23 . 2009-01-31 17:59 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-7-3 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/07/2008 09:24 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [03/07/2008 15:12 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/07/2008 09:24 20560]
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{2F72DD43-CA4F-418E-A80F-50B7C5EF5776}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.orange.co.uk/emailandcommunicate/?linkfrom=hp4&link=email_and_communicate
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 14:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-21 14:40
ComboFix-quarantined-files.txt 2009-10-21 13:40
Pre-Run: 16,006,873,088 bytes free
Post-Run: 15,848,534,016 bytes free
- - End Of File - - A57BCF5ABA7D6ABC7C6979746FD8F1100 -
Sorry for delay, two toddlers with nose bleeds (head on collision), pc crashed...managed it eventually. Didn't save combofix first few times, ran it instead, d'oh.
Will also empty recycle bin, thanks for the advice!
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards