We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

trojan removed but?

13»

Comments

  • shaun40400
    shaun40400 Posts: 4,134 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    All processes killed
    ========== FILES ==========
    c:\users\user\appdata\roaming\Zyob folder moved successfully.
    c:\users\user\appdata\roaming\Ulogzo folder moved successfully.
    C:\sooi832.bin folder moved successfully.
    C:\users\user\appdata\local\Ilivid Player folder moved successfully.
    File/Folder c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
    File/Folder c:\program files\iLivid not found.
    c:\users\user\appdata\local\PackageAware folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\User\Downloads\cmd.bat deleted successfully.
    C:\Users\User\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    Restore point Set: OTM Restore Point

    OTM by OldTimer - Version 3.1.19.0 log created on 02032012_215554


    2nd log
    All processes killed
    ========== FILES ==========
    File/Folder c:\users\user\appdata\roaming\Zyob not found.
    File/Folder c:\users\user\appdata\roaming\Ulogzo not found.
    File/Folder C:\sooi832.bin not found.
    File/Folder C:\users\user\appdata\local\Ilivid Player not found.
    File/Folder c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
    File/Folder c:\program files\iLivid not found.
    File/Folder c:\users\user\appdata\local\PackageAware not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\User\Downloads\cmd.bat deleted successfully.
    C:\Users\User\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    Restore point Set: OTM Restore Point

    OTM by OldTimer - Version 3.1.19.0 log created on 02032012_222422
    WAS DEBT FREE & STILL BAAARRRRRKING :cool:
    hello my name is shaun,,,and im not so addicted to farmville,still addicted to football:o:o
    BAAAARRRRRRRRRRKING er insanely so :o
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    It looks like it did work on the first run, so that's ok.

    How's your original problem now?

    Update Malwarebytes and run a quick scan - let me know if it finds anything.

    One thing i noticed is your system drive is getting pretty full.
    C: is FIXED (NTFS) - 466 GiB total, 16.133 GiB free.
    Ideally you should have 15% free space.
  • shaun40400
    shaun40400 Posts: 4,134 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    been meaning to look at that lots of dvd on their that i intended to convert to avi and never did also my camera take large photos,,,but would say their loads of crap on their too,
    most web sites are ok, http://www.ja606.co.uk/ is still weired ,,,maybe its them?
    will do malwear now and will probably be back looking for help with the clean up..
    thanks for your help
    shaun
    WAS DEBT FREE & STILL BAAARRRRRKING :cool:
    hello my name is shaun,,,and im not so addicted to farmville,still addicted to football:o:o
    BAAAARRRRRRRRRRKING er insanely so :o
  • shaun40400
    shaun40400 Posts: 4,134 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Malwarebytes Anti-Malware 1.60.1.1000
    https://www.malwarebytes.org

    Database version: v2012.02.03.10

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: LUCANCOMPUTERS [administrator]

    03/02/2012 23:25:42
    mbam-log-2012-02-03 (23-25-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216137
    Time elapsed: 7 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    WAS DEBT FREE & STILL BAAARRRRRKING :cool:
    hello my name is shaun,,,and im not so addicted to farmville,still addicted to football:o:o
    BAAAARRRRRRRRRRKING er insanely so :o
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    No problem. The websites not rendering properly might be a temporary glitch - I've had it happen, i'm sure others have too. It's bound to make you slightly paranoid after an infection.

    Have a play and see how things are. We can make further checks if you want, it depends how far you want to go with it - I'm happy to help.

    Do you bank online? With the infection you had it's all about you being comfortable using the machine. The least I'd do is change your passwords when you feel it's clean. If there's any doubt and you lose confidence in its secureness then I'd consider reformatting the drive & reinstalling windows.

    The aswMBR log shows something that can be attributed to a rootkit infection, but I'm pretty certain it's your CD emulation drivers causing it (Daemon tools). It's easy to check - we can disable the driver then run aswMBR again (a shorter scan - no need for the Avast scan too).

    let me know.
  • shaun40400
    shaun40400 Posts: 4,134 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    hi
    yes i do bank on line but not very often 2-3 times a month,as you say change the pass words,,

    what is most worrying is that i did the normal Malwarebytes and super av and they still missed it? or did they just leave bits be hind?
    WAS DEBT FREE & STILL BAAARRRRRKING :cool:
    hello my name is shaun,,,and im not so addicted to farmville,still addicted to football:o:o
    BAAAARRRRRRRRRRKING er insanely so :o
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    It looks like they got the bits that mattered, so it was bits left behind - traces - harmless without the full body of the infection. It's better that they're removed though.
  • shaun40400
    shaun40400 Posts: 4,134 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    thank for all the help
    WAS DEBT FREE & STILL BAAARRRRRKING :cool:
    hello my name is shaun,,,and im not so addicted to farmville,still addicted to football:o:o
    BAAAARRRRRRRRRRKING er insanely so :o
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    No problem.
    µTorrent

    Pound to a penny that's the source.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture