Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 40

Thread: Virtumonde, Microsoft.WindowsSecurityCenter.FirewallBypass, and Right Media Issues...

  1. #21
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks fore returning the MBAM log and it did remove some junk but you are still infected. I strongly suggest you stay offline when not working of these problems until we kill all of the junk.

    It is likely you have a rootkit infection: http://en.wikipedia.org/wiki/Rootkit
    which is blocking the tools we are trying to use. I would like to try to run Smitfraudfix again, make sure you delete any old copies and download it new from the instructions. There is no need to run the "Search" function, move to the instructions in my post #7 once you have it installed on the Desktop and follow those direction if you can, posting: the C:\rapport.txt and a new HJT log.

    I also sent you a private message and would like to be sure you saw it. You want to watch your junk mail during these session, the filters do not know Safer Networking email and may assume it is junk.

    Thanks...Phil
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  2. #22
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    Damn, family members went on the computer this morning, I hope this didnt screw up any progress we had so far

  3. #23
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    Unless its some kind of trick, I believe I deleted everything from Smitfraudfix and reinstalled it but still nothing.

  4. #24
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    First instructions:
    I suggest you keep this computer offline except when troubleshooting, the junk may download more.
    I need you to read the directions carefully, when I request information, you need to provide it.
    I also sent you a private message and would like to be sure you saw it. You want to watch your junk mail during these session, the filters do not know Safer Networking email and may assume it is junk.
    Damn, family members went on the computer this morning, I hope this didnt screw up any progress we had so far
    I am not yet sure what is going on with this computer, due mostly to the fact you have been able to run only one tool so far and information I should have by now, I do not. You must control the computer until we finish and there must be no routine use.

    Let's see if we can use Spybot S&D to check that Hosts files, please do this:

    Open Spybot S&D > click on Mode and make sure Advanced Mode is checked > Left column choose Tools > Look for Hosts file and click "Take a look at your hosts list. Near the top is a green cross with "Add Spybot-S&D hosts list. Click on that, it will take a few minutes to refresh the list and it will replace anything corrupted with a clean Hosts list.

    Let's give combofix another try, refer back to my post #12.

    Let me know how it goes, hopefully you will post a combofix report.

    I am interested in the performance of the computer at this point also.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #25
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    Quote Originally Posted by pskelley View Post
    First instructions:


    I need you to read the directions carefully, when I request information, you need to provide it.


    I am not yet sure what is going on with this computer, due mostly to the fact you have been able to run only one tool so far and information I should have by now, I do not. You must control the computer until we finish and there must be no routine use.

    Let's see if we can use Spybot S&D to check that Hosts files, please do this:

    Open Spybot S&D > click on Mode and make sure Advanced Mode is checked > Left column choose Tools > Look for Hosts file and click "Take a look at your hosts list. Near the top is a green cross with "Add Spybot-S&D hosts list. Click on that, it will take a few minutes to refresh the list and it will replace anything corrupted with a clean Hosts list.

    Let's give combofix another try, refer back to my post #12.

    Let me know how it goes, hopefully you will post a combofix report.

    I am interested in the performance of the computer at this point also.

    Thanks
    "I suggest you keep this computer offline except when troubleshooting, the junk may download more."

    What do you mean by that? I have the computer in safe mode with networking JUST so I can view this forum and try to download the things you are requesting.

  6. #26
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    I also got your Private Message and I understand that your only on here early in the morning to assist people

  7. #27
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    No. I did what you wanted with spybot search and destroy. That worked fine besides it did not take a couple of minutes like you said it only took a couple of seconds, part of virus, I dont know. Then I tried ComboFix.exe and same result. It starts to scroll like its about to open then nothing it goes right back to my main desktop screen.

  8. #28
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    It is not wise to be online with "safe mode in networking" keep in mind that none of your security programs are running.

    I asked this:
    I am interested in the performance of the computer at this point also.
    I am not sure how much I can do since you can not run any tools. I am beginning to believe you have Windows problem other than malware and the you may want to consider a reformat:
    http://spyware-free.us/tutorials/reformat/
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    http://helpdesk.its.uiowa.edu/window...s/reformat.htm

    You could try a repair or reinstall of the Operating system, but with a reformat, you would be assured of a clean computer.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #29
    Junior Member
    Join Date
    Nov 2008
    Posts
    29

    Default

    The performance is the same.

    What should I be in? Just Safe mode?

    I was just going to bring it to GeekSquad...Not a good idea since they most likely going to uninstal and reinstal the operating system?

    What does reformating do? Does it say that in the links?

    I am also rerunning the "Malwarebytes' Anti-Malware" software and see whay happends, so far it says "objects infected" is 12. I am only running drive C.

  10. #30
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I may have suggested you try combofix in safe mode, and Smitfraudfix "Clean" function is:
    Clean:
    Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    at no time did I suggest safe mode with networking. But none of that is going to change the information I posted concerning the computer and the difficulty running the basic malware tools.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •