MajorGeeks Support Forums - Malware Removal

MajorGeeks Support Forums - Malware Removal http://forums.majorgeeks.com/ Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient. en Wed, 16 May 2012 19:49:36 GMT vBulletin 60 http://forums.majorgeeks.com/images/misc/rss.jpg MajorGeeks Support Forums - Malware Removal http://forums.majorgeeks.com/ please wait while the connection is being established http://forums.majorgeeks.com/showthread.php?t=258947&goto=newpost Wed, 16 May 2012 19:21:39 GMT I see that this problem is keep growing. I pick up the same malware with other people too. I prepare my fixlist.txt ;) I really thank you in advance for any help you will provide me. Thomas I see that this problem is keep growing. I pick up the same malware with other people too.

I prepare my fixlist.txt ;)

I really thank you in advance for any help you will provide me.

Thomas

Attached Files

FRST.txt (26.4 KB)

]]> Malware Removal Artikia http://forums.majorgeeks.com/showthread.php?t=258947 Lost Yahoo Account http://forums.majorgeeks.com/showthread.php?t=258941&goto=newpost Wed, 16 May 2012 18:20:52 GMT I'm working with a client who's Yahoo mail account was Hacked and now she cannot retreive her mail. We have tried all kinds of fixes but the account is empty. We try to find help but there seems to be none. Does anyone have any input maybe a help line that is not publiched? ]]> Malware Removal flyinhgh http://forums.majorgeeks.com/showthread.php?t=258941 Locked Files after Malware removal http://forums.majorgeeks.com/showthread.php?t=258932&goto=newpost Wed, 16 May 2012 16:34:46 GMT Hi, I wonder if someone can help. I have locked files after a malware removal. I was reading a post on here that lead me to a program called Rannoh Decryptor but I am having problems getting it to work and cannot post to old thread hence starting a new one. I have the original file in the... Hi,

I wonder if someone can help. I have locked files after a malware removal. I was reading a post on here that lead me to a program called Rannoh Decryptor but I am having problems getting it to work and cannot post to old thread hence starting a new one.

I have the original file in the original folder with the same name but I am getting the error that the file size is not equal to the original. When looking at the file size of both they are the same.

Any help would be appreciated.

Thanks
Diamond Support ]]> Malware Removal Diamond Support http://forums.majorgeeks.com/showthread.php?t=258932 Blocked by CBL Lookup Utility - Torpig infection http://forums.majorgeeks.com/showthread.php?t=258928&goto=newpost Wed, 16 May 2012 15:39:26 GMT Hi, I am getting the following message relating to email rejections: This IP is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin. This was detected by observing this IP attempting to make contact to a Torpig Command and Control server at... Hi,

I am getting the following message relating to email rejections:

This IP is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

This was detected by observing this IP attempting to make contact to a Torpig Command and Control server at xxx.yyy.zzz.ttt, with contents unique to Torpig C&C command protocols.

Which needless to say makes me believe I have a torpig infection on my Vista SP1 64 bit desktop. I can confirm that from time to time (every few hours) I see my computer connect to one of the torpig addresses the email lists (via monitoring on my gateway).

I have tried using standalone boot CDs from Kapersky, Hirens Boot CD and Bit Defender, as well as scans in safe mode using tdskiller and Malwarebytes AntiMalware.

The only problems reported were from tdskiller that listed 11 unsigned files that looked kosher to me, yet my desktop continues to try to connect to these sites.

Any help would be greatly appreciated!

P.S. If there is any tool that would allw me to detect the EXE that is making the connection, that might also be a great help! ]]> Malware Removal grunthos http://forums.majorgeeks.com/showthread.php?t=258928 <![CDATA[frst.txt included - 'please wait while the connection is being established']]> http://forums.majorgeeks.com/showthread.php?t=258911&goto=newpost Wed, 16 May 2012 04:33:53 GMT Hello Generous People who Volunteer Here,

I am the family computer administrator by default, and find myself out of my depth with this conundrum. The computer is an HP Pavilion s5000 series running Windows 7 Home 64bit. The dreaded 'please wait while the connection is being established' with German text below has replaced the desktop and the task manager is disabled. I ran the FRST tool but unfortunately can't figure out how to write a fix to feed to it. I really appreciate your time and kindness.

Attached Files

FRST.txt (21.9 KB)

]]> Malware Removal headaches http://forums.majorgeeks.com/showthread.php?t=258911 VIRUS? Windows Loads - No Icons - HELP http://forums.majorgeeks.com/showthread.php?t=258904&goto=newpost Tue, 15 May 2012 23:32:03 GMT Hi, I have a Dell 4400 desktop running XP.. I go to work the other day and I notice before I left the PC was doing a windows update.. It must of refreshed itself, 1. I come home its a black screen so I refresh and it took forever to load, when it did load there is no icons on the desktop and ... Hi,
I have a Dell 4400 desktop running XP.. I go to work the other day and I notice before I left the PC was doing a windows update.. It must of refreshed itself,

1. I come home its a black screen so I refresh and it took forever to load, when it did load there is no icons on the desktop and button would nor click. So I refresh again.. Same thing. At this point I knew something was not right. I refreshed 5 more times before simply going to "Safemode"...

2.) Once in "Safemode" the PC ran GREAT & fast. I did a virus scann, and all the other scans to remove virus and Malware.. (SEE LOGS)..

3.) Root repll does not work in Safe mode, it simply freezes up.. Also Combo fix would run yet when it got down to "Scan for virus" it never started the scann. So I assume Combo fix does not work in Safemode..

4.) Once I ran everything the I restarted XP, it loaded slow yet icons came back on desktop. Bad thing is you click on them and none open, I click on Start button and the PC is FROZE.. Rebooted tried once more and same thing..

Please see my logs.. Thank you for any assistance
Regards
Superlost6

Attached Files

	SUPERAntiSpyware Scan Log - 05-15-2012 - 10-57-34.log (1.7 KB)
	msrvlog.txt (19.6 KB)
	mbam-log-2012-05-13 (23-05-30).txt (2.1 KB)
	hijackthis.log (6.0 KB)

]]> Malware Removal Superlost6 http://forums.majorgeeks.com/showthread.php?t=258904 ZeroAccess Rootkit (From Troj_ZAccess.CQJ) http://forums.majorgeeks.com/showthread.php?t=258902&goto=newpost Tue, 15 May 2012 22:06:03 GMT Hi Guys

I got a Trojan infection yesterday. First I saw of it was when TrendMicro OfficeScan came up saying I had "Troj_ZAccess.CQJ

Tried a few things to get rid of it first, OfficeScan itself, SpyBot etc. Then started a thread in another forum who advised to run ComboFix. However, help has dried up in other frorum and I need the computer for work tomorrow. So I went through your instructions and here are my logs. I accidently ran ComboFix again after completing all steps you described (so 3rd time in total) and its still saying that I have ZeroAccess rootkit that is in the TCP/IP stack or some such line as that so guessing still not gone.

Any help greatly appreciated.

I'll attach the second ComboFix and the final one. They are named 1 & 2

Thanks in advance
Terry

Attached Files

	SUPERAntiSpyware Scan Log - 05-15-2012 - 20-03-50.log (2.0 KB)
	mbam-log-2012-05-15 (19-52-10).txt (1.9 KB)
	RootRepealLog.txt (1.2 KB)

]]> Malware Removal Terry1908 http://forums.majorgeeks.com/showthread.php?t=258902 Virus has disabled most things on computer http://forums.majorgeeks.com/showthread.php?t=258900&goto=newpost Tue, 15 May 2012 19:50:18 GMT Hey there guys. I was looking for free online movies (seriously!). i watched a few FG episodes when I noticed ie was moving slow. Checked task manager and there was three or four ie explorer processes running. Closed them all, and immediatly came to this site and downloaded new combofix new... Hey there guys.
I was looking for free online movies (seriously!). i watched a few FG episodes when I noticed ie was moving slow. Checked task manager and there was three or four ie explorer processes running. Closed them all, and immediatly came to this site and downloaded new combofix new mgtools etc. Ran CC Cleaner, malware anti, Ran combofix, but it still said it needed to update, so I ran it again and again. Each time it was acting weird, like it would autoclose without even getting to the 'Stages' section. Finally it ran fully, but after this, my desktop disappeared! It also came up with an error saying 'explorer.exe not found" or something. it displayed the same message after running both it and smitfraudfix in 'safe' mode as well.

So I thought, ok no problem I'll use Task manager to open programs and run MG tools etc. However, something repreatedly kept disabling my PC's new usb wireless network adapter. effectively stoping me from acessing the internet. I kept trying different usb slots until they eventually all stoped working for my wireless adaptor. Mouse still works though.

So, ok I though, no problem. I'll just use task manager to save files to a memory stick to transfer txt files onto a different computer. However the Pc is not recognising any memory stick no matter which slot I place them into!

I was starting to get worried. No real biggie though, I'd just use a CD and save files onto that to transfer them to a diff computer to upload them to you guys. It's probably safer that way anyway.
BUT NO DICE! Whenever I try to copy things to a blank CD (I know they're blank because I check em out in a diff computer first, and it let me format them and save MGtools files on them), the Copying box comes up, and stays there FOREVER. Even after an hour, it was still copying one small Combofix txt file. This happens if I try to 'send' them to the disk drive as well.

So I'm honestly all out of ideas. I recognise I may have t just wipe the drive, but I really don't want to lose certain files on there, as I've been mapmaking for Zero Hour, and nearly finished, and don't want to have to spend another two weeks all over again!

Can you guys help at all? :cry ]]> Malware Removal SEGA http://forums.majorgeeks.com/showthread.php?t=258900