Search:

km2357,

I think we're good to go, then.

You guys really do a great job here. My personal thanks for the help, as well as my wife's thanks. She mentioned to me something, a sentiment echoed in...

Hi km2357,

Both steps completed, and yes, the C:\tmp\crack868 folder was there and is now deleted.

Regards,

Bill

Hi km2357,

The computer seems to be working well, at least there aren't any of the previous symptoms. My wife's busy backing up her important files and images.

I'm not sure where the Avira...

Hi km2357,

I was prepared to write that the computer seems to be working fine, without showing any symptoms recently, but...

I started the ESET scan yesterday evening before going out and when...

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by min at 19:36:49.79 on Thu 03/31/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition ...

Okay, fresh MalwareBytes log after doing steps 1 & 2:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6231

Windows 5.1.2600 Service Pack 3
Internet Explorer...

Ouch, copy/paste error. Sorry.

Should I run DDS again after steps 1 and 2 or before (ie. before updating Java and running ATF cleaner)?

Regards,

Bill

DDS.txt:

ComboFix 11-03-30.01 - min 03/30/2011 21:19:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.558 [GMT -7:00]
Running from: c:\documents and...

The new ComboFix log:

ComboFix 11-03-30.01 - min 03/30/2011 21:19:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.558 [GMT -7:00]
Running from: c:\documents and...

Some good news, the C drive directory visibility has returned.

ComboFix log:

ComboFix 11-03-30.01 - min 03/30/2011 19:19:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.620 [GMT -7:00]
Running from: c:\documents and...

Hi km2357,

ComboFix doesn't seem to run properly. I downloaded it from the link you provided, saved it to the Desktop and ran it. I saw the disclaimer, clicked 'ok' and a message popped up about...

Okay, here's the gmer log file:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 00:27:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3...

Hi km2357, and thanks again.

We did have Kaspersky on the machine awhile ago (maybe about a year?) and uninstalled it when adding AntiVir.

The homepage "mindestyle.com" is my wife's page and...

Okay, as per your instructions.

DSS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by min at 21:34:15.84 on Tue 03/29/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft...

Hi km2357,

Thanks for you help.

Just to clarify, should I copy the text of the files mentioned into my post or include them as attachments?

Regards,

Bill

Hello, and thanks for your help.

My wife's laptop started showing bad signs of an infection yesterday.

I tried running MalwareBytes Anti-Malware after first applying the following "fix" to...

Phil,

ComboFix has been removed as per your instructions. A subsequent scan by an updated MBAM was clean. Finally, an updated Kaspersky scan was performed and it was clean as well.

In related...

Phil,

Again, thanks for your help.

The two foreign language files you noticed are Japanese 2D Shooter games... my hobby :) I've removed them now, as the less to worry about obviously.

Also...

Phil,

First of all, thanks for taking the time to help! :)

As to the "vega" entry in the hosts file it is legitimate. It's an entry I put there, that I sometimes connect to for work (the...

Hi, I'm posting again because my last topic dropped off the map. I "bumped" the topic with an HJT log... I won't do that again!

Anyway, virtumonde.prx and I think another variant have given me...

Here's the HJT log (I see some topics start with it, others wait... hope I'm not stepping on toes here):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:17, on 11/24/2008
Platform:...

Hi,

My Vista laptop has been infected with virtumonde.prx and perhaps some other variants. I noticed the crazy pop-ups last week, and have been unable to get rid of this.

Your help will be...