Page 8 of 8 FirstFirst ... 45678
Results 71 to 76 of 76

Thread: Need help with conficker worm!!!!

  1. #71
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default cureit log

    peku066,

    Here is the log from Dr. Web Cureit. It took a very long time to scan. Let me know if this helped.

    Thanks.



    1763d7e9-4aa59439\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\41\1763d7e9-4aa59439;Exploit.Java.85;;
    1763d7e9-4aa59439;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\41;Archive contains infected objects;Moved.;
    64d634ad-1292c339\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\45\64d634ad-1292c339;Exploit.Java.83;;
    64d634ad-1292c339;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\45;Archive contains infected objects;Moved.;
    412339b8-5053cf29\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\56\412339b8-5053cf29;Exploit.Java.82;;
    412339b8-5053cf29;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\56;Archive contains infected objects;Moved.;
    4052083f-2d397cab\vload.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2d397cab;Exploit.Java.86;;
    4052083f-2d397cab\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2d397cab;Exploit.Java.84;;
    4052083f-2d397cab;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63;Archive contains infected objects;Moved.;
    OTM.exe;C:\Documents and Settings\john\Desktop;Trojan.Siggen2.9770;Incurable.Moved.;
    A0000003.exe;C:\System Volume Information\_restore{46E98557-65C7-4066-9D61-A12588985258}\RP0;Trojan.Siggen2.9770;Incurable.Moved.;
    CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;
    mxpcivny.a;C:\WINDOWS\system32;Win32.HLLW.Shadow.based;Deleted.;

  2. #72
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi

    Please run mbam again...........
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #73
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default MBAM log

    peku006,

    You are not going to like this. I would really hate to format if I don't have to but you let me know when you run out of ideas.

    I appreciate your help very much.

    John




    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5220

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/30/2010 2:09:28 PM
    mbam-log-2010-11-30 (14-09-28).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 254018
    Time elapsed: 40 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\mxpcivny.a (Worm.Conficker) -> Quarantined and deleted successfully.

  4. #74
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default one more thing

    A guy at work gave me a licensed copy of Kaspersky Anti-Virus 2011. Would it help if I installed this at this time?

    John

  5. #75
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi John
    it is there again ,we have used all the special tools for its removal ,and it always comes back ,I'm pretty sure it spreads via network in your workplace

    A guy at work gave me a licensed copy of Kaspersky Anti-Virus 2011. Would it help if I installed this at this time?
    I do not believe that it helps because you have an antivirus program
    Can you use the machine only at home for a few days
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #76
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default conficker

    peku006,

    I will try to use it without the network cable and see if conficker continues to regenerate itself. I appreciate all your help. Have a great holiday season, God Jul!!!!!!

    John in Minnesota (lots of Scandinavians here too!)
    Last edited by tashi; 2010-12-17 at 09:09. Reason: Date of archive

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •