PDA

View Full Version : Command line missing after sysgard variant



Danni
2010-04-28, 03:11
Hello!

Sorry, no log..

I was too busy cleaning up the infection to run a logging tool while there was anything there.

Now i'm stying to deal with what's NOT there :sad:

Seems that commandline is missing. Typing cmd at Run brings up an error

command.com can be brought up by navigating to System32, but it runs nothing that i type, aside from cd and exit.

Posting here thru Opera, since Chrome and IE fail (Winsocks problem?)

I hope you have some info on what exactly i should expect to find

Thanks!

Danni :angel:
----------------------
*still trying*....weird backspace typo

Update:

Found cmd.exe in a password protected zip archive,

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard8.zip

Not sure if the file is an infected file, or a file provided for repair purposes.

I hope this helps.

Ran GMER, which caused lsass.exe to go as high as 80% of CPU each time. log looks clean.

I have no active infections, just missing cmd file, which is something that the Spybot staff seem to have considered, judging by the file.

Thanks :)

Danni
2010-04-28, 11:55
Resolved.

The virus uses port forwarding, sending all traffic to port 5555. Chrome and Safari use IE's settings.

A security expert in another section on this forum answered my original question on cmd.exe, which Spybot removed due to infection.

Danni