GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-21 00:03:53
Windows 5.1.2600 Service Pack 1
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Kbdclass...
Type: Posts; User: rgATL; Keyword(s):
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-21 00:03:53
Windows 5.1.2600 Service Pack 1
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Kbdclass...
I'm sorry; I download GMER on the infected (C) drive or the D drive?
Thanks,
rg.
Any thoughts why Symantec Antivirus AutoProtect disables every time I try to enable it?
Thanks,
rg
This computer has a D drive that also has WinXP installed. I rarely boot from he D drive, but I'm concerned that something may have been "cross infected." When booting from the D drive, things seem...
Yes, my regular login, which has admin rights.
rg.
I followed those instructions, and now the wired and wireless internet connections work. I will "play around" with the web to see if anything acts funny.
I'm trying to install Spybot to scan the...
Hmm, when I tried to connect back to the internet using either wired or wireless connections, I get the error meesage "An operation was attempted on something that is not a socket" when trying to...
Will do. I'll let you know.
Thanks,
rg.
Not sure (again, I've only been using it to execute your instructions). Should I play around with it? Shall I connect it to the internet?
We didn't need to use Combofix or something like that?
...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:51 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...
Haven't seen it since I rebooted after MBAM.
rg.
----Start DSS Main Log----
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post....
After MBAM finished, it said not everything could be removed, and the system needed to be rebooted. So, I rebooted; when Windows loaded, it gave that "The system has recovered from a serious error."...
Sorry to be so ignorant of this software: How do I implement the "database.jsp" update file? Just copy it to the C:\Program Files\Malwarebytes' Anti-Malware directory? Double click it from the...
So, must I connect the infected computer to the internet to check for Malwarebytes' updates? The infected computer keeps trying to load IE windows. Is there any way to update Malwarebytes' without...
Hello, that error has not occurred again, but I am only using the infected computer a few minutes to complete the tasks you request. The DSS logs are below.
Thank you,
rg.
----Start DSS...
Hello, sorry for the delay. The results are below. I received a Windows error after SDfix was done, the text of which is listed below as well:
----Start SDfix Log----
SDFix: Version 1.211
Run...
Thank you very much for your reply.
Which of the infections is most concerning (just curious)? The computer has been disconnected from the internet and not used at all since initial infection. ...
Hi, this is a follow up to a thread I started some time ago. I have some time to work on it again and made a bit of progress. The original symptoms are listed here, if you're interested:...
Hi,
Thanks so much! The computer seems to be working okay, but I won't really have a chance to use it much (ie, test it thoroughly) until next week.
Also, I have a laptop with similar...
Hi, thanks so much.
I did as you directed, and the logs are below. A couple of points though:
* In Atribune Temp File Cleaner, "Prefetch" was disabled (ie, greyed out) in the main tab, as was...
Hi,
Thank you SO much for your reply. The ComboFix and new HJT logs are below:
---ComboFix Log---
ComboFix 08-06-12.2 - Administrator 06/14/2008 16:40:02.1 - NTFSx86
Microsoft Windows 2000...
Hi,
I have a computer that was hit hard by some malware. Spybot continually finds the following items; it says it fixes them, but on repeat scan, it finds them again. The infected computer is...
Hey,
So, I tried the /allhives switch. It finds the Window installation and all user profiles on my C: dirve, but it did not find the installation on the D: drive.
Other than adding the entire...
Thank so much for your reply.
As I have another hard drive from which I can boot, do I need a BartCD? Can I just boot from the other hard drive (with the infected drive installed as D drive) and...
Hello, thank you for your help. Parts of this were originally posted in the Spybot-S&D forum under "Scanning D Drive;" but I think this forum may be more applicable now. Admin, please merge,...
Sorry, forgot to mention that desktop wallpaper has changed to a blue background with a "warning" in the middle of the screen with something to the effect of, "your computer may be infected with...
Thanks for your reply.
With the infected drive as D, I scanned with Symantec Antivirus 10, Spybot 1.5.2, and AdAware. Symantec found Trackware.Webhancer, and Adaware found Virtumonde; both of...
Hey,
I'm sure this had been asked, but I can't seem to come up with the right search terms to find it. I'm hoping someone can point me in the right direction:
I went to a song lyrics site...