thanks shaba I apreciate all the help...
Type: Posts; User: mportal; Keyword(s):
thanks shaba I apreciate all the help...
it didn't happen again so I gues it's fine... just to delete thos files u told me about...
there is/was another problem... sometimes when I turn on the computer the process explorer.exe stops around 560kb so I have to pres ctrl+alt+del for the task manager, then end the process and start...
continue...
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume...
Hi shaba... ok I couldn't find this files:
C:\WINDOWS\system32\dllcache\dfntr.exe
C:\WINDOWS\system32\dllcache\wwwggwwerrr.exe
C:\WINDOWS\system32\dllcache\wwwwwferrr.exe ...
I guess my computer is clean :)
************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
28/09/2007 11:34:33.29
Rustock.b-driver on the system: NONE!
...
and here is the HJT report
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:47:54 p.m., on 27/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running...
Hey here is the kaspersky report:
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 27, 2007 1:43:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)...
I checked the hidden files and still not there... there is also a file call runas but I guess is not that one... is there anywhere else it may be found? I used the search option and I found...
Hi shaba... Ok I fixed with the HJT and rebot but I couldn't find the C:/windows/system32/rundll.exe
there was a rundll32 but I didn't erase it... should I?
and there is an aplication call...
Hi shaba how r u? I think I want to try to fix it because I have so many programms installed... also do u know if there is a firewall that can block anything that is going through the internet?
...
I have a trojan horse name a.bat, I keep looking for it and I can't find it, my antivirus say that it has been repared but everytime I turn my computer it stills there... can anyone help me to remove...
nop I don't think I have any more problems... thanks a lot!!! if u tell me how to empty the viruses that will be all...
thanks again...:bigthumb:
AWF:
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
El volumen de la unidad C no tiene etiqueta.
AWF:
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
El volumen de la unidad C no tiene etiqueta.
HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 03:38:00 p.m., on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:...
continue Kaspersky:
C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP190\A0062249.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped
C:\System Volume...
continue kasperskyy:
C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050296.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume...
Kaspersky:
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Archivos de programa\Archivos comunes\Symantec...
HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:35:15 p.m., on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:...
Continue Kaspersky:
C:\WINDOWS\g10751703.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped
C:\WINDOWS\g119495093.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped
...
continue kaspersky:
C:\SDFix\backups\backups.zip/backups/tmpE.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\SDFix\backups\backups.zip/backups/wudb.dll Infected:...
Kaspersky:
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Archivos de programa\Archivos comunes\Symantec...
here it is!!
thanks
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 04:01:17 a.m., on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running...
hi
prelog:
************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
01/06/2007 16:12:09.92
No Rustock.b-rootkits found
******************************* End...
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 853BE590
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA ...
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 857A09C0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP ...
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-01 02:26:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT 85425A80 ...
here are the files you told me...
pelog:
Rustock.b-ADS attached to the System32-folder:
Attempting to remove ADS...
Looking for Rustock.b-files in the System32-folder:
ECHO est ...
SDFix finished after 4 hours and this is the report...
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
first off all... thanks for the reply...
I gues the vundufix worked...
I restarted my computer in safe mode to dun SDFix but it didn't finish... it was running for an hour and said something...
I have tried everything!!! AVG antivirus, Norton antivirus, spybot, noadware... and I keep getting popups that an email that I'm sending it's beeing analized... Can someone help me please!!!
I ran...