-
Sorry!
here tis. seems the copy/paste function on apple doesn't work so i may have to put it in manually or attach the log if you don't mind
Again this is the one in question from march
The infection found is called:
[B]C
Mic
-
Hijacker.Costrat.l
The infection is
Hijacker.Costrat.l
File where found is
c:\Windows\lzx32.sys
Also says file was cleaned but I wonder if remnants are still hanging around.
Mic
-
SmitfraudFix log
SmitFraudFix v2.186
Scan done at 19:40:49.60, 2007-05-24
Run from C:\Documents and Settings\BTN USER\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
ªªªªªªªªªªªªªªªªªªªªªªªª SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"
ªªªªªªªªªªªªªªªªªªªªªªªª Killing process
ªªªªªªªªªªªªªªªªªªªªªªªª hosts
ªªªªªªªªªªªªªªªªªªªªªªªª Generic Renos Fix
GenericRenosFix by S!Ri
ªªªªªªªªªªªªªªªªªªªªªªªª Deleting infected files
ªªªªªªªªªªªªªªªªªªªªªªªª DNS
ªªªªªªªªªªªªªªªªªªªªªªªª Deleting Temp Files
ªªªªªªªªªªªªªªªªªªªªªªªª Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
ªªªªªªªªªªªªªªªªªªªªªªªª Registry Cleaning
Registry Cleaning done.
ªªªªªªªªªªªªªªªªªªªªªªªª SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
ªªªªªªªªªªªªªªªªªªªªªªªª End
Mic
-
hi micahr14,
ok thanks for all the info.
this:
lzx32.sys is a rootkit that can arrive with smitfraud. thats from a avg scan from march? it will show in a smitfraud log and combofix log, but they dont remove it. you can do this to be sure:
1. Download - rustbfix.exe ...and save it to your desktop:
http://www.uploads.ejvindh.net/rustbfix.exe
2. Double click on rustbfix.exe to run the tool.
1. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
2. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). If needed (still infected), post the content of these logfiles along with a new HijackThis log.
shelf life
-
logs
Ok, there were no rootkits found. HJT log on the way as soon as I can get it. I've spent 3 straight days at work trying to fix our satellite feed from the syndicated network. We have an underground cable gone bad and digging it all up to get to that one area. May not post for a couple of days.
Mic
Mic
-
hi micahr14,
ok good no rootkits. just post back whenever you get a chance.
shelf life
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules