worms-2 trojens-several

View previous topic View next topic Go down

worms-2 trojens-several

Post by margory on Wed Mar 10, 2010 2:19 am

I was infected by two worms and several trojens. I got rig of them (I think) and now my pc is bringing up a window telling me I am infected and waiting removel/ a small window pops up asking me if I was to run setup_257.EXE from scan1.all-way-protection3.com

thinking it was from my pc I say ok. then I get a warning sorce can not be varified.


my question is shpuld I dl and run this EXE, or should I run from this EXE??

margory
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-10
OS OS : windows xp
Points Points : 24678
# Likes # Likes : 0

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by Dr Jay on Wed Mar 10, 2010 3:16 pm

Hello! We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
  • Cheetah log (3)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by margory on Wed Mar 10, 2010 10:08 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User.WINDOWS
AllUsersProfile REG_SZ All Users.WINDOWS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService.NT AUTHORITY.000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService.NT AUTHORITY.000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1078081533-413027322-839522115-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Margory.HOME-CD0469E9E2

SystemRoot REG_SZ C:\WINDOWS


[You must be registered and logged in to see this link.]


takes me to page not found then a window pops up and says it is a backdoor and is dangerous. I can not find it to dl



[You must be registered and logged in to see this link.]

takes me to page not found. I could not dl the file

margory
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-10
OS OS : windows xp
Points Points : 24678
# Likes # Likes : 0

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by Dr Jay on Thu Mar 11, 2010 2:42 am

Did you try the other link: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by margory on Sun Mar 14, 2010 4:16 am

Cheetah-Anti-Rogue v1.3.27
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 13/03/2010 - Time: 20:14:08 - Arch.: x86


-- Malware removal tools check --


-- Known infection --



Extra message: Detection only.


EOF

margory
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-10
OS OS : windows xp
Points Points : 24678
# Likes # Likes : 0

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by Dr Jay on Sun Mar 14, 2010 10:13 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by margory on Sun Mar 14, 2010 9:05 pm

[You must be registered and logged in to see this link.]

both links come up as page not found

margory
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-10
OS OS : windows xp
Points Points : 24678
# Likes # Likes : 0

View user profile

Back to top Go down

Re: worms-2 trojens-several

Post by Dr Jay on Mon Mar 15, 2010 2:23 am

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum