Malware which isnt detected for me

View previous topic View next topic Go down

Solved Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 10:05 pm

Now im only 15 so im kinda illiterate when it comes to computers.

I recently had spyware and thought id got rid of it. But now when i open Windows movie maker it crashes with the "has encountered a problem" window. So i tried to delete the file but when i delete it comes back straight away, i think its malware but Ad-Aware (the anti-spyware system i use) doesnt seem to pick this up. I cant post a log because it doesnt pick it up. Also when online and i go on google i can click a link to a website say: >>>w_w_w.aaa.com<<< (not actually one i chose)
and it will put me on a random website which i didnt click. Please help this is really annoying and as i use windows movie maker and the internet a lot this is a big inconvenience (sorry for spelling).

Thanks in advance. and as im only 15 please try and explain relatively simply.

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 10:07 pm

Hello.
Read here and please post a Hijack This log.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 10:16 pm

ok here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:49, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\izzy\My Documents\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [procinfo] C:\WINDOWS\system32\adqzydcb.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [NRvRqj4ICG] C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Search with Wanadoo - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: msghlpapp - {3F17C9F7-AF42-CFA9-E65E-012D444D2324} - C:\Program Files\srhmoxc\msghlpapp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9940 bytes

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 10:21 pm

Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKCU\..\Run: [procinfo] C:\WINDOWS\system32\adqzydcb.exe
    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
    O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [NRvRqj4ICG] C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
    O21 - SSODL: msghlpapp - {3F17C9F7-AF42-CFA9-E65E-012D444D2324} - C:\Program Files\srhmoxc\msghlpapp.dll


  • Press "Fix Checked"
  • Close Hijack This.


1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\adqzydcb.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe
C:\Program Files\srhmoxc\msghlpapp.dll

Folders to delete:
C:\Program Files\Video ActiveX Object
C:\Documents and Settings\All Users\Application Data\vsdgrqdu
C:\Program Files\srhmoxc
C:\Program Files\Wanadoo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 10:43 pm

here it is.


*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\brastk.exe" not found!
Deletion of file "C:\WINDOWS\system32\brastk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\svchost.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\adqzydcb.exe" not found!
Deletion of file "C:\WINDOWS\system32\adqzydcb.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Program Files\Video ActiveX Object\pmsngr.exe"
Deletion of file "C:\Program Files\Video ActiveX Object\pmsngr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe" not found!
Deletion of file "C:\Documents and Settings\All Users\Application Data\vsdgrqdu\hsbwdwhe.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Program Files\srhmoxc\msghlpapp.dll" deleted successfully.

Error: folder "C:\Program Files\Video ActiveX Object" not found!
Deletion of folder "C:\Program Files\Video ActiveX Object" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Documents and Settings\All Users\Application Data\vsdgrqdu" deleted successfully.
Folder "C:\Program Files\srhmoxc" deleted successfully.
Folder "C:\Program Files\Wanadoo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






OH AND CAN I SAY IF THERE ARE ANY PROBLEMS WITH THIS THEY MAY HAVE BEEN CAUSED BY MY COMPUTER BECAUSE AT THE START A WINDOWS PAGE OPENS BEFORE LOGIN AND IT SCANS MY C: FILE FOR CONSISTENCY OR SOMETHING AND THEN RESTARTS, DUNNO WHETHER THIS MIGHT HAVE EFFECTED IT.

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 10:47 pm

Hmmm.

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 10:48 pm

dunno as of yet because the internet one is occasional ill try moviemaker.

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 10:49 pm

Nope moviemaker still crashes on opening. Do i need to delete? or shouldnt it do this. I havent tried the internet one yet because as i explained above its occasional

internet random website doesnt SEEM to be a problem but ive only tried a few times.

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 10:54 pm

Okay, lets have a look around.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 11:32 pm

ok so here it is : BUT PLEASE LOOK AT THE PICTURE BELOW IT THIS PROBLEM WAS ENCOUNTERED A FEW TIMES.

ComboFix 08-12-07.04 - izzy 2008-12-08 23:02:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.111 [GMT 0:00]
Running from: c:\documents and settings\izzy\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\izzy\Favorites\Online Security Test.url
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Inet Delivery
c:\program files\Inet Delivery\inetdl.exe
c:\program files\Inet Delivery\intdel.exe
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\Downloaded Program Files\setup.inf
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\bsva-egihsg52.exe
c:\windows\system32\dpcproxy.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\emesx.dll
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\medup012.dll
c:\windows\system32\medup020.dll
c:\windows\system32\msgp.exe
c:\windows\system32\msnbho.dll
c:\windows\system32\mssecu.exe
c:\windows\system32\msvchost.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\packet.dll
c:\windows\system32\ps1.exe
c:\windows\system32\psof1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\regc64.dll
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\sncntr.exe
c:\windows\system32\ssurf022.dll
c:\windows\system32\ssvchost.com
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\thun.dll
c:\windows\system32\thun32.dll
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vbsys2.dll
c:\windows\system32\vcatchpi.dll
c:\windows\system32\wini104552663.exe
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\system32\wpcap.dll
c:\windows\Sysvxd.exe
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-01 20:46 . 2008-12-01 20:46 d-------- c:\program files\WinPcap
2008-12-01 20:44 . 2008-12-08 21:29 d-------- c:\program files\Net Tools
2008-12-01 20:44 . 2001-04-05 16:43 1,009,336 --a------ c:\windows\system32\mschrt20.ocx
2008-11-15 21:16 . 2008-11-15 21:16 d-------- C:\5e1bfa40376a809675780ab9164558
2008-11-13 21:54 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 21:53 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 15:14 . 2000-01-14 17:42 45,568 --a------ c:\windows\UniFish3.exe
2008-11-08 15:14 . 2008-11-08 15:14 227 --a------ c:\windows\PowerReg.dat
2008-11-08 15:13 . 2008-11-08 15:13 d-------- c:\program files\Hasbro Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 20:47 --------- d-----w c:\documents and settings\izzy\Application Data\LimeWire
2008-11-21 19:59 --------- d-----w c:\program files\Bots
2008-11-20 21:18 --------- d-----w c:\program files\Xfire
2008-11-09 20:23 --------- d-----w c:\documents and settings\izzy\Application Data\Hamachi
2008-11-08 15:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 15:29 --------- d-----w c:\program files\SmartDraw 2009
2008-11-04 22:05 --------- d-----w c:\documents and settings\izzy\Application Data\SoundSpectrum
2008-11-04 21:58 --------- d-----w c:\program files\SoundSpectrum
2008-11-04 19:45 --------- d-----w c:\program files\LimeWire
2008-11-04 19:43 --------- d-----w c:\documents and settings\izzy\Application Data\SuperNZB
2008-11-03 18:26 --------- d-----w c:\documents and settings\izzy\Application Data\SmartDraw
2008-10-28 23:58 --------- d-----w c:\program files\NCH Software
2008-10-26 22:49 --------- d-----w c:\program files\NCH Swift Sound
2008-10-26 22:49 --------- d-----w c:\documents and settings\izzy\Application Data\NCH Swift Sound
2008-10-26 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-26 17:23 --------- d-----w c:\documents and settings\izzy\Application Data\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 19:16 --------- d-----w c:\program files\AVS4YOU
2008-10-17 19:13 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-17 16:54 --------- d-----w c:\documents and settings\izzy\Application Data\Xfire
2008-10-15 18:20 --------- d-----w c:\program files\Lavasoft
2008-10-15 18:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-15 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-13 21:37 --------- d-----w c:\documents and settings\izzy\Application Data\AVS4YOU
2008-10-13 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2007-12-15 12:09 7,110,656 ----a-w c:\program files\IC_Patch_101_English.msi
2007-10-18 20:49 646,896 ----a-w c:\program files\Hyper Cam.exe
2006-10-18 22:12 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1234712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TPSMain"="TPSMain.exe" [2006-02-08 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\izzy\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2007-11-15 2836304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\izzym\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Bots\\bots.dat"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\izzym\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R3 BoiHwsetup;Access 32bits INT15 routine;c:\windows\system32\drivers\BoiHwSetup.sys [2005-06-11 5504]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2006-02-15 225792]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;c:\windows\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;c:\windows\system32\drivers\qmofiltr.sys [2005-05-05 7936]
S0 uqiotr;uqiotr;c:\windows\system32\drivers\ylcv.sys []
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Bots\GameGuard\dump_wmimmc.sys []
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\izzy\LOCALS~1\Temp\ewdmaudn.sys []
S3 FAELZSRVC;FAELZSRVC;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\faelz.sys []
S3 FAELZZZ;FAELZZZ;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\Sei_R.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\izzy\My Documents\Extracted_Files\IlvMoney1196.sys []
S3 projectx1;projectx1;\??\c:\docume~1\izzy\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\FelipeZe.sys []
S3 SoRa01;SoRa01;\??\c:\program files\BotsHacks\BotsHack-[[You must be registered and logged in to see this link.] []
S3 TSHAK3T1;TSHAK3T1;\??\c:\program files\Bots hack\Hack Bots!!\RE 3.2\spuce.sys []
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys []
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
FireFox -: Profile - c:\documents and settings\izzy\Application Data\Mozilla\Firefox\Profiles\f8dhovby.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-08 23:17:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\c:\program files\BotsHacks\BotsHack-
[[You must be registered and logged in to see this link.]


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SoRa01]
"ImagePath"="\??\c:\program files\BotsHacks\BotsHack-
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-08 23:27:03 - machine was rebooted [izzy]
ComboFix-quarantined-files.txt 2008-12-08 23:26:52

Pre-Run: 16,737,378,304 bytes free
Post-Run: 19,241,037,824 bytes free

272 --- E O F --- 2008-10-24 17:04:25



[You must be registered and logged in to see this link.]

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 11:39 pm

Ignore the error, that file is part of combofix.
CF has done what I wanted it to, I don't think it will alert you again.

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 11:41 pm

its the same as before really the internet problem seems to have gone but Windows movie maker still crashes, is there a chance the file is corrupt now? should i try deleting it again and seeing if it returns?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 8th December 2008, 11:43 pm

No.
Do this.
Press Start > Run
type this in:
sfc /scannow <== note the space after the c and before /

Allow it to do a scan and if it asks for your XP CD, put it in. (If you have it)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 8th December 2008, 11:45 pm

its late here now ill try this tomorrow, ill report back, thanks for your help so far its seems to have done most of the job! again thanks a lot and ill tell you tomorrow whether this worked ;)

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 5:24 pm

hmm it didnt ask 4 XP disk and Moviemaker still wont work, could it be that when i had the malware/spyware they have damaged or deleted a system file if this is possible? important for running moviemaker.

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 5:29 pm

It's possible, but sfc replaces damaged files it finds.

Download a fresh copy from here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 5:31 pm

what should i do with the broken one? i dont think i can delete as it might come back but i can try

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 5:32 pm

Keep the old one, but download this new copy to your desktop and run it from there.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 6:01 pm

i cant do it whenever it installs it says it has but the only mviemaker is the one in the moviemaker file Which... still doesnt work. it encounters error. anymore advice?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 6:38 pm

Delete the current file and delete this folder:
C:\Program Files\Movie Maker

Try installing it now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 7:10 pm

I cant delete the folder this comes up:
[You must be registered and logged in to see this link.]

This comes up even though no programs associated with it are open. I cannot delete it separatly either because the moviemaker program file keeps coming back after deleting.


Last edited by Malwarefooldammit on 9th December 2008, 7:15 pm; edited 1 time in total

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 7:15 pm

Hello.
If we can't get this working, would you be willing to switch to a different program like movie maker and see if you can use that?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 7:17 pm

switch to movie maker? im confused im already using moviemaker? Id be willing to but its kinda annoying having this folder with a program in which when deleted comes back. But id try something else i guess. Any other advice atm tho? or any other programs i could use?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 8:21 pm

Is this the end of the thread? nothing else i can do? no other programs?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 8:30 pm

[You must be registered and logged in to see this link.]

Take your pick.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 8:33 pm

So shall i just leave WMM alone in the file? will it cause any problems? and is there no way to get rid of it?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 8:34 pm

There is a way, but I would rather leave it alone and not cause anymore damage.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 8:55 pm

k fair enough,so it wont cause any damage?

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Belahzur on 9th December 2008, 8:56 pm

No.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Malwarefooldammit on 9th December 2008, 9:04 pm

ok well thanks, have a good christmas, hope to not see you so soon ;) Thank You!

Malwarefooldammit
Novice
Novice

Posts Posts : 27
Joined Joined : 2008-12-08
OS OS : XP
Points Points : 29254
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Malware which isnt detected for me

Post by Doctor Inferno on 15th January 2009, 8:05 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum