Still need help
Type: Posts; User: jpfof7; Keyword(s):
Still need help
Acer Aspire One computer will freeze or lock up. Similar to previous experience where a rootkit was found and removed.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Julia Pezzini at 22:20:44.03 on...
Everything is working normally. Thank you.
One comment is the defogger tool didn't automatically reboot the machine. Once the enable process was finished it just sat there. I rebooted manually....
Thanks. Things are much better now. I have used the machine for 4 hours and no locking or freezing.
--------------------------------------------------------------------------------
KASPERSKY...
I remember now. It said to use the "fixmbr" command available from the Windows Recovery Console.
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy...
tealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:...
ComboFix 10-03-07.02 - Pezzini 03/07/2010 18:36:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.545 [GMT -8:00]
Running from: c:\documents and...
Malwarebytes' Anti-Malware 1.44
Database version: 3834
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/7/2010 5:43:43 PM
mbam-log-2010-03-07 (17-43-43).txt
Scan type:...
Thanks for the help.
I will run the Malbytes and Combofix scans. Want to make sure I don't need to do anything about Defogger just yet?
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 13:11:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pezzini\LOCALS~1\Temp\uxxcraob.sys
---- System...
Thank you for your help and patience.
I was able to run GMER and save the log file. When I went to open IE to post the log on this forum I got a blue screen with the following message:
STOP:...
Defogger didn't ask to reboot the machine. The laptop then froze after I waited for that message for 10 minutes. I didn't receive an error message but am copying the log file nonetheless. I had to...
I have tried all day to run GMER successfully. It took 7 hours to complete. Is there other settings I could try to run it in less time? It appears to read every file on the hard drive. Although...
I have had trouble with the GMER log. The laptop keeps locking up before the scan can complete. I gave up last night and will try again today.
info.txt logfile of random's system information tool 1.06 2010-03-04 21:24:51
======Uninstall list======
-->C:\Program Files\InstallShield Installation...
I have an Acer Aspire One running Windows XP. The computer will freeze or lock up forcing only a manual shutdown usin the power button. I don't see obvious virus behaviour such as browser...
Things are ok now. I installed the suggested protection programs and Firefox. I will move on to the windows forum for assistance in cleaning up my computer after too many years of installing and...
Thanks, a link to a Windows forum would be good.
Are we finished? Do I need to create a new restore point?
So far it seems to be fine. I will have to reboot a few times to see if the McAfee Systemguard gets turned off again.
I still get the error message if I try to use msconfig and unclick something...
ComboFix 10-02-03.07 - Owner 02/04/2010 7:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.604 [GMT -8:00]
Running from: c:\documents and...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:02 PM, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
...
Sorry, I was out of town for a few days.
Ran Combofix:
ComboFix 10-02-03.04 - Owner 02/03/2010 22:16:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.592 [GMT...
Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A300BA
.text ...
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-01 22:45:07
Windows 5.1.2600 Service Pack 3
Running: 0jgcfd9r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtiaaob.sys
----...
GMER won't display the save button on my monitor in safe mode. The screen resolution is too big. I can just barely get to the scan button. It took a few hours to run and I am trying to figure out...
I ran it in safemode. Running in in normal caused a reboot. It is running for hours now apparently scanning every file. Is this how it should run?
I created a new restore point. I am still experiencing unusual things when I reboot. Sometime part of McAfee isn't active, sometimes it boots with limited configuration but it isn't consistent. I...
Before I create a new restore point I wanted to note one last strange behavior. Upon boot I am getting a message that my System Admin or msconfig settings are not allowing complete startup. When I...
I ran HJT and deleted the line 020 referenced above. After that I couldn't find the file referenced so I hope you meant the fix in HJT was actually the delete.
Here is the latest HJT log:
...
I ran a full scan instead of the quick scan.
I am getting the msconfig opening up and no changes are allowed because it tells me to use an administrator's user. I only have one user set up and...
Things appear to be under control.
Thanks,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:53 PM, on 1/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer...
Not even close, the computer is in California
Here are the logs from combofix and HJT.
One point to mention is the first time I ran combofix it rebooted my machine. After signing back in nothing happened. I may have not been patient enough....
I completed the final steps.
Thank you very much.
You can close the thread.
Now it is on to my other infected computer.
Thank you.
I will get to these steps asap.
What is your opinion of McAfee? It seems the forum recommends not installing multiple virus applications at once. Also, I don't see Spybot in your...
Yes, ready for final instructions
I have a Dell running Windows XP. IE and Google are constantly redirected to shopping sites, fake virus tools and now a phished Symantec site.
I have tried Spybot and Malwarebytes but neither can...
I reran Spybot and it didn't find the issues so it would appear things are ok. Thank you very much.
Per the FAQ and Tashi's reference I have another infected computer. I had opened a separate thread. I am informing you of the additional computer. The first computer, the Acer Aspire One, was...
No, it is a different computer
I have a computer whose browser is constantly hijacked. Google searches are redirected. I appears I have the TDL3 rootkit.
Here are some logs. I have tired Spybot, Malware, McAfee but the...
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts.20091229-201439.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20091229-204056.backup moved successfully....
Here is the Kapersky results:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating...
Sorry, I didn't close OTMoveIT before running the last HJT.
Here is the latest log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:38 PM, on 1/16/2010
Platform: Windows XP SP3...
========== FILES ==========
c:\windows\system32\drivers\etc\hosts moved successfully.
OTM by OldTimer - Version 3.1.6.0 log created on 01162010_141133
HJT:
Logfile of Trend Micro...
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install...
HostsXpert 4.3 doesn't provide a make hosts writeable option.
Also, I get the following message when trying to restore original hosts file:
ERROR: Cannot create file...
I installed virus software and ran scans. I have used Avira antivirus, Malbytes Malware, and Spybot. I still have the Windows.RedirectHosts and ProtectionSuite issues. Spybot continues to note as...
Thank you for the reply. The computer is back at school so it will take a few days to complete this next step. I guess Spybot isn't considered anti-virus? Also, McAfee was loaded but the...