We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Oh whats going on with computer??!!
Options
Comments
-
Oh dear...Its the Chinese again...
http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=180.129.148.107Feudal Britain needs land reform. 70% of the land is "owned" by 1 % of the population and at least 50% is unregistered (inherited by landed gentry). Thats why your slave box costs so much..0 -
C_Mababejive wrote: »Oh dear...Its the Chinese again...
http://www.dnsstuff.com/tools/ipall/?tool_id=67&token=&toolhandler_redirect=0&ip=180.129.148.107
Not necessarily. My IP address can make me in America
So anyone that finds my ip out, will only get as far as believing im in america, or whatever country i want to be in for that matter. Peter: Hey Lois... what's this word? Lois: Evil. Peter: And this one? Lois: Knievel. Peter: And this one? Lois: Was. Peter: And this one? Lois: Born. Peter: And this one? Lois: In.
Peter: And this one? Lois: Montana. Peter: Ah... oh, hey Lois did you know Evil Knievel was born in Montana? Family Guy - I Take Thee, Quagmire 04x210 -
looking at the log file you need to run this
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and post that log file , takes about 20 minutes to runEx forum ambassador
Long term forum member0 -
The bleepingcomputer thing looks too scary, sorry!!
Killerwatt I've downloaded from your link and its doing a full scan now.
Microsoft security essentials little icon on the bottom right of my screen is amber with exclamation mark saying potentially unprotected. I'm too scared to go on anything where I use passwords, should I be or am I a Drama Queen?0 -
Box just popped up with this:
microsoft security essentials detected 1 potential threat on your computer
click clean computer to remove this threat.
someone said earlier that this is the virus so should I click or not??0 -
Here is the log of the full malware scan. It said it found 33 harmful things so I clicked remove:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4122
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/05/2010 11:04:02
mbam-log-2010-05-21 (11-04-02).txt
Scan type: Full scan (C:\|)
Objects scanned: 253344
Time elapsed: 1 hour(s), 23 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Data Protection (Rogue.DataProtection) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscdexnt.exe (Rogue.DataProtection) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Data Protection (Rogue.DataProtection) -> Delete on reboot.
Files Infected:
C:\System Volume Information\_restore{4B5A32F4-26C8-48CC-B82F-5CE6BC897AB4}\RP887\A0139855.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kernel64xp.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\mscdexnt.exe (Rogue.DataProtection) -> Delete on reboot.
C:\WINDOWS\Temp\PRAGMA2159.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\topwesitjh (Rogue.DataProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM1C.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM26A.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Program Files\Data Protection\dat.db (Rogue.DataProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\manager\Local Settings\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Local Settings\Temp\asd36.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Local Settings\Temp\asd37.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\manager\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Data Protection\datext.dll (Rogue.DataProtection) -> Quarantined and deleted successfully.
I'm getting all sorts of pop ups saying computer infected from the microsoft security essentials, I don't know what to do, help me!!!! Cant believe all this from wanting a bl**dy song!!0 -
Where was the song from? If it was some kind of pirate music site then I guess that's a lesson well learnt!0
-
Zane Lowe said it was a free download on Sage Francis website!0
-
-
Malware said do restart after the full scan so I did but it wouldn't log off, ended up just switching off at the button. When I put it back on there were lots in the quarantine so I clicked delete all then tried another restart and got this message:
STOP: C0000219(fatal system error)
The windows logon process system process terminated unexpectedly with a status of Ox00000402(Ox00000000 Ox00000000)
the system has been shutdown
Couldnt do anything so switched off at the button again.
I'm doing another quick scan now0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards