Login 
 Search | |
| |
01-Nov-2009, 03:02 PM
#16 | |||||
| Much better  Let's run a general purpose scan to look for leftovers.  Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
__________________ Please post the final results, good or bad. Let me know if you won't be responding any longer. Please don't send me requests for help. Use the forums instead. |
| |
02-Nov-2009, 12:41 AM
#17 | ||||||
| Malwarebytes Anti-Malware Scan Results Log Good Evening Neonfx ,I still get the BSOD when I try to boot up in safe mode (see post #1 from this thread). Another strangeness. I noticed a few days ago that my start menu has the Microsoft Outlook Email Icon there. I've never used this program and haven't planned to.I don't remember registering for it when I first got the computer so I should not have an email account. I opened the Icon and it wants me to start registering for it-which I didn't do.....Another strange connection here. When I've run my McAfee Security Center Quick Clean process the last 3-5 days, during the 'Analzing Your Computer' step, it always stops at Outlook Express Email Cleaner-(deleted items) and a Windows pop up displays the message: "To free up disk space, Outlook Express can compact messages. This may take a few minutes". I always closed the pop up and the 'Quick Clean' completes as normal. Malwarebytes' Anti-Malware 1.41 Database version: 3081 Windows 5.1.2600 Service Pack 3 11/1/2009 9:20:01 PM mbam-log-2009-11-01 (21-20-01).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 178504 Time elapsed: 49 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2b ee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
02-Nov-2009, 01:55 AM
#20 | ||||||
| Thanks!!!! The tKey Repair for safe mode worked. I'm able to boot up in safe mode now! Yea, I'm sorry. The Outlook Express icon showed up on my start menu the at the same time (last 3-5 days). Both it, the Microsoft Outlook-Email icon and the McAfee Security Center Quick Clean issue occured at the same time. Figured these abnormal circumstances were related with trojan issue in someway. Did you see the Malwarebytes Anti-Malware Scan Results Log in my previous post? What ya think?....My computer's running so much betterrr, but I must admit I'm a little gun shy  on online bank/bill paying sites, web searches, web site visits, etc. until I get a full bill of health. |
02-Nov-2009, 02:18 AM
#21 | |||||
| The results are just what I expected It took care of leftovers that the tools I used could not see. Have you contacted your banks and/or changed all your online passwords? If you are worried that your information was stolen (and with good reason!), this would be the best thing you can do now that your system is clean. Let's run an online scan of your system to be absolutely sure you're clean. This will take a while but it's well worth it as it can find things most other scanners will miss. STEP 1 The online scanner uses Java, so I will need you to download and install the latest version for that. Please go here to download the installer: http://java.com/en/download/index.jsp STEP 2 Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review:
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download.
__________________ Please post the final results, good or bad. Let me know if you won't be responding any longer. Please don't send me requests for help. Use the forums instead. |
02-Nov-2009, 07:54 AM
#22 | ||||||
| KASPERSKY Scan Report Hi Neonfx, Just an FYI, After the Kaspersky scan, I renabled McAfee and Windows Defender. Windows Defender did an auto quick scan (which found no issues). Got a window 'Virtual Memory Minimum to low' alert on my desktop that went away about 5 minutes later. Computer is sluggish, maybe just a little wore out after that scan Anyway, here 's the log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 2, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 02, 2009 07:42:05 Records in database: 3114191 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 77754 Threats found: 1 Infected objects found: 2 Suspicious objects found: 0 Scan duration: 02:19:38 File name / Threat / Threats count C:\_OTS\MovedFiles\10312009_170533\C_WINDOWS\system32\kuwibipa.dll Infected: Packed.Win32.Katusha.g 1 C:\_OTS\MovedFiles\10312009_170533\C_WINDOWS\system32\mirajehi.dll Infected: Packed.Win32.Katusha.g 1 Selected area has been scanned. Last edited by altogaflash; 02-Nov-2009 at 08:00 AM.. Reason: Edit non-scan log comments |
02-Nov-2009, 02:01 PM
#23 | |||||
| You're clean now For things you can try in an attempt to speed your computer up see HERE. Let's clean up. STEP 1 To clean up OldTimer's tools, along with a few others, do the following:
STEP 2 Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin. You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (Programs and Features in Vista/7) All Clean Congratulations!,  , your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.Microsoft Windows Update Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found. To update Windows Go to Start > All Programs > Windows Update To update Office Open up any Office program. Go to Help > Check for Updates Install WinPatrol Download it HERE You can find information about how WinPatrol works HERE Other Software Updates It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities. Setting up Automatic Updates So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. Read further information HERE on how to prevent Malware infections and keep yourself clean.
__________________ Please post the final results, good or bad. Let me know if you won't be responding any longer. Please don't send me requests for help. Use the forums instead. |
03-Nov-2009, 07:34 PM
#24 | ||||||
| Hi neonfx, Ohh how I want this to be over. So my computer's clean even though the my 11/2 Kaspersky scan showed the 1 'threat' and 2 infected 'objects'?: Scan statistics: Objects scanned: 77754 Threats found: 1 Infected objects found: 2 Suspicious objects found: 0 Scan duration: 02:19:38 File name / Threat / Threats count C:\_OTS\MovedFiles\10312009_170533\C_WINDOWS\system32\kuwibipa.dll Infected: Packed.Win32.Katusha.g 1 C:\_OTS\MovedFiles\10312009_170533\C_WINDOWS\system32\mirajehi.dll Infected: Packed.Win32.Katusha.g 1 Selected area has been scanned. (My lack of computer knowledge to fully interpret the above, I'm sure, will show my ignorance here. But I just want to make sure I should be clean.) I've had alot of problems after logging back into my computer to check your response to the Kapersky scan log (McAfee telling me I'm not protected via icon and pop up message<-this happened yesterday. Excessive hard drive activity, error messages, and all computer processes very slow). I was was about to get my bottle of Jack Daniels, my baseball bat, and commence to putting this thing out of service (not really ).Buttt decided to give it one more try today. Computer booted up fine, McAfee seems OK, was able to login here, saw your reply to the Kaspersky Scan. I completed your steps 1 & 2 and the MS Windows update check. Per the Secunia check for other program updates, I have some to complete, but will do those after 1AM when my Hughes Net download threshhold will not count against me. I've tried to reply back to you 4 times today, but each time during my reply attempt, computer slows, won't complete a 'copy and paste', basically freezes up. Lets see if this attempt goes through. I have Hughes Net satellite internet service and think maybe it's a connectivity problem. I've received a few alerts from them today and yesterday too. So maybe that's the problem. |
03-Nov-2009, 10:02 PM
#26 | ||||||
| Combo Fix Results 1 |
03-Nov-2009, 10:05 PM
#27 | ||||||
| ComboFix Scan Results 2 |
04-Nov-2009, 12:58 AM
#29 | ||||||
| neonfx, After I ran the Kaspersky scan early 11/2 AM , Windows Defender did an auto quick scan (which found no issues). Got a window 'Virtual Memory Minimum to low' alert on my desktop that went away about 5 minutes later. Computer was sluggish, but sped up to about normal by the time I posted the Kaspersky scan results on here. After I did that post, I went on Microsoft Security encyclpedia to look up the Packed.Win32.Katusha.g 1 trojan that was listed on the Kaspersky scan results log. About the time I was reading the definitions, my computer started going into overdrive like it was downloading or uploading data. I tried closing the browser, but it froze up. I tried shuting the computer down (remember I'm still thinking(in error) that the Packed.Win32.Katusha.g 1 is still active on my computer) and received an MS Windows error stating the following program is not responding. I closed it and got the "do I want to report this error to MS?" option. I looked at the error details and wrote them down Error signiture: szAppName:iexpore szAppVer:8.06001.18702szModName:huncapp sz ModVer:0.0.0.0 offset:00000000 Error Reports content IE tech info: C:\Docume~1\Jackol\Locals~1\Temp\WERc9ed.dir00\ieexplore.exe.mdmp C:\Docume~1\Jackol\Locals~1\Twmp\WERc9ed.dir00\appcompat.txt The computer was taking forever to shut down as it was still running in overdrive, so I diconnected the power. I then turned it back on and signed on in safe mode (which is new territory for me). Soon thereafter my McAfee messaged me that I wasn't protected. I tried to bring up McAfee to no avail sooo I disconnected power again after computer failed to logoff normally. I restarted computer in normal mode. Computer cranked into overdrive again, McAfee again displayed protection was off. I tried to turn protection back on and got an error message for McAfee. I wrote down part of the message before it disappeared: 'One or more problems cannot be fixed because of an error' 'McAfee MISP Shell' Computer again wouldn't shut down normally, so again I disconnected the power. Which is where I left it before coming back on this afternoon, reconnecting power, logged in, and into the current scenerio. I'm sure I'm missing a few details, but that's all I got right now. Other than what I reported earlier (slow performance/ freezing on 'copy and paste' and a few diognostic issues with Hughes Net), right now computer seems normal other than a little slow (I can now copy and paste without trouble). I'm now thinking that having the Hughes Net modem disconnected from a power source over 10 hours might have/be some of the problems today as it needs constant power to stay up to date with transmissions. But the early 11/2 problems I'm not sure unless the massive Kaspersky data update/download and scan caused a backlog of HughesNet/McAfee update transmission which in return temporaryly crashed/overran my operating system.  By the way, you and this forum are sooo awesome doing this for us. Thank you for doing what you do. |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 02:02 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile