Page 9 of 13 FirstFirst ... 5678910111213 LastLast
Results 81 to 90 of 123

Thread: Virtumonde-New Thread-As Per request

  1. #81
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Yes to be able to see if fix has any effect.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #82
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default

    OK I will sign off this machine... disconnect the good machines... and connect the bad machine and post the results.

    I am still afraid to connect the bad machine to our network with any of the other good machines connected.

  3. #83
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default Eureka!

    That worked great!

    The DNS servers radio button was not set to Automatic, It was set to Use the bad 77.74.48.113.

    As soon as I flushed the dns, the Windows Automatic Update button appeared so I new I was connected. IE connected fine and I am posting now from the bad machine.

    Thanks again! "You da' man Blades!"

    What's next? Should I just continue now with the online ESET scan and the Adobe Reader and Flash updates? Or go back for a fresh ComboFix, ATF, and DDS scan first?

  4. #84
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good to hear that helped

    Should I just continue now with the online ESET scan and the Adobe Reader and Flash updates?
    Yes, let's carry out these things at this point. Also, let's run GMER after that.

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab and then scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard.
    • Please save log into a file and attach the file to your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #85
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default

    Hi Blade,

    I installed the lastest versions of Adobe Reader and Flash Player.

    But I was UNABLE to run the ESET Online Scan. I followed the ESET prompts to setup the scanner but when it downloaded the Virus Signature Database (Step 2 of 4), I got an UNEXPECTED ERROR 2002 message. The configuration seemed to hangup there. When I pressed the BACK button to try to download the Virus DB a second time, a report popped up "Scan Complete" but all 0's. Files scanned = 0, etc.

    I used the ESET Uninstall on Exit option and tried again from scratch, but still the same error message at the end of the Virus DB download. I looked over the ESET FAQs and Help page but found no info on the 2002 Error Message.

    Have you ever seen this before or have any ideas on what might be causing this?

    My Internet Explorer is setup with both an AVG and a Google Toolbar. Could these toolbars prevent the installation, DB download, and successful ESET scan? Or perhaps certain Internet Security Options?

    Do you have any suggestions on getting the ESET Scan to work or should I just proceed on to the GMER TOOL?

  6. #86
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    It seems either ESET is having issues or something else. Another user I'm helping elsewhere just reported about the same error.

    Let's use Malwarebytes' Anti-Malware instead (other instructions remain same).

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #87
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default mbam scan

    Hi Blade,
    Here is the MBAM report...
    This explains why I couldn't get on the internet!!!
    =====================================
    Malwarebytes' Anti-Malware 1.41
    Database version: 3238
    Windows 5.1.2600 Service Pack 3

    11/26/2009 2:35:02 PM
    mbam-log-2009-11-26 (14-35-02).txt

    Scan type: Quick Scan
    Objects scanned: 116999
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9ca51fd6-a243-4faf-bc05-eee2defc690e}\NameServer (Trojan.DNSChanger) -> Data: 77.74.48.113 -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

  8. #88
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    To make sure you understood this one correctly:
    Let's use Malwarebytes' Anti-Malware instead (other instructions remain same).
    I still want GMER scan to be done
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #89
    Member
    Join Date
    Nov 2009
    Posts
    70

    Default

    Sorry, I was confused...

    GMER Scan is running on the bad computer...

    Do you still want another DDS scan Log?

  10. #90
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Do you still want another DDS scan Log?
    Not at this point

    Gonna see that GMER log and make a decision of the next steps after that.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •