Search:

thanks shaba I apreciate all the help...

it didn't happen again so I gues it's fine... just to delete thos files u told me about...

there is/was another problem... sometimes when I turn on the computer the process explorer.exe stops around 560kb so I have to pres ctrl+alt+del for the task manager, then end the process and start...

continue...

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume...

Hi shaba... ok I couldn't find this files:

C:\WINDOWS\system32\dllcache\dfntr.exe
C:\WINDOWS\system32\dllcache\wwwggwwerrr.exe
C:\WINDOWS\system32\dllcache\wwwwwferrr.exe ...

I guess my computer is clean :)

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
28/09/2007 11:34:33.29

Rustock.b-driver on the system: NONE!
...

and here is the HJT report

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:47:54 p.m., on 27/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running...

Hey here is the kaspersky report:

KASPERSKY ONLINE SCANNER REPORT
Thursday, September 27, 2007 1:43:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)...

I checked the hidden files and still not there... there is also a file call runas but I guess is not that one... is there anywhere else it may be found? I used the search option and I found...

Hi shaba... Ok I fixed with the HJT and rebot but I couldn't find the C:/windows/system32/rundll.exe

there was a rundll32 but I didn't erase it... should I?

and there is an aplication call...

Hi shaba how r u? I think I want to try to fix it because I have so many programms installed... also do u know if there is a firewall that can block anything that is going through the internet?
...

I have a trojan horse name a.bat, I keep looking for it and I can't find it, my antivirus say that it has been repared but everytime I turn my computer it stills there... can anyone help me to remove...

nop I don't think I have any more problems... thanks a lot!!! if u tell me how to empty the viruses that will be all...

thanks again...:bigthumb:

AWF:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

El volumen de la unidad C no tiene etiqueta.

AWF:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

El volumen de la unidad C no tiene etiqueta.

HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 03:38:00 p.m., on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:...

continue Kaspersky:

C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP190\A0062249.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

C:\System Volume...

continue kasperskyy:
C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050296.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

C:\System Volume...

Kaspersky:

C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Archivos de programa\Archivos comunes\Symantec...

HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:35:15 p.m., on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:...

Continue Kaspersky:

C:\WINDOWS\g10751703.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

C:\WINDOWS\g119495093.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped
...

continue kaspersky:

C:\SDFix\backups\backups.zip/backups/tmpE.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

C:\SDFix\backups\backups.zip/backups/wudb.dll Infected:...

Kaspersky:
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Archivos de programa\Archivos comunes\Symantec...

here it is!!

thanks

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 04:01:17 a.m., on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running...

hi

prelog:

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
01/06/2007 16:12:09.92

No Rustock.b-rootkits found

******************************* End...

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 853BE590
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA ...

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 857A09C0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP ...

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-01 02:26:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 85425A80 ...

here are the files you told me...

pelog:


Rustock.b-ADS attached to the System32-folder:
Attempting to remove ADS...

Looking for Rustock.b-files in the System32-folder:
ECHO est ...

SDFix finished after 4 hours and this is the report...


Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

first off all... thanks for the reply...

I gues the vundufix worked...

I restarted my computer in safe mode to dun SDFix but it didn't finish... it was running for an hour and said something...

I have tried everything!!! AVG antivirus, Norton antivirus, spybot, noadware... and I keep getting popups that an email that I'm sending it's beeing analized... Can someone help me please!!!

I ran...