Back in Malware Kazaa did it.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tester36, Feb 5, 2006.

  1. tester36

    tester36 Private First Class

    BJ,
    I did not know if you wanted me to repost or if you were going to move me if I did the wrong thing sorry.:confused: I found my bitdefender scan and I am going to try and attach it (long story)
     
  2. tester36

    tester36 Private First Class

    did not work I will send in another post
     
  3. tester36

    tester36 Private First Class

    :eek: won't attach I redid the scan and it locked up as soon as it was finished before it would let me make a log results same AIM Wx bug
     
  4. AbbySue

    AbbySue MajorGeeks Administrator

    Go ahead and copy/paste it and I'll convert it to an attachment for you.
     
  5. tester36

    tester36 Private First Class

    okie dokie
    here it is I hope:eek:
     

    Attached Files:

    Last edited by a moderator: Feb 5, 2006
  6. tester36

    tester36 Private First Class

    Thank ya'll for everybody trying to help me but I have to leave at 4 am and between now and then I have to put my husbands gmother to bed so it will probly be next weekend unless I can get my son to understand what to do.
    steph
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is nothing in your BitDefender log to worry about for two reasons

    1) The AIM will always be detected by BitDefender. So if you use AIM you will always see this. It is in some regards a false positive.

    2) Bitdefender said it deleted them anyway. You can just check for yourseld to see if the C:\Program Files\AIM\Sysfiles\WxBug.EXE file is still there but it is part of AIM as far as I know.
     
  8. tester36

    tester36 Private First Class

    Hey Chaslang,
    I obviously didn't get out of here yet I did not want to get up and then I had to check here before I left, I think BJ helped me get the Kazaa off but now the computer is crawling on line it took me 5 min to load major geeks for instance just drags.:eek:
    steph
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In what thread are you referring to did was BJ helping you. Why didn't you just remain in that thread?
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    It was in the Software Forum, I wanted to check a WinPFind log to get a little deeper.
     
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    steph,

    I just want to confirm nothing is hiding, please see the below thread on how to run WinPfind and attach the log.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    BJ,

    Add the link for the other thread in here for reference purposes.

    Did you check for rootkits yet?
     
  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay!

    Steph, Do the below too in addition to the WinPfind log BJ requested.

    Please follow the below steps...
    1. Please download and unzip Rootkit Revealer to your desktop.
    2. Please leave the defaults set as they are to:
      • Hide NTFS Metadata Files: this option is on by default
      • Scan Registry: this option is on by default.
    3. Launch rootkit revealer on the system and press the Scan button.
    4. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
    5. The log can be very large please edit out the items in the following folders in the log : C:\System Volume Information, if in the log, before attaching it.
    6. Please attach the the log here in this thread to your next post.
     
  15. tester36

    tester36 Private First Class

    Hey ya'll, I am back home earlier we had a death in our family. I did the scans and will attached the WPFIND but I don't understand how to edit the rootkit revealer and the help will not open :confused: Chas or BJ sorry so dense there are 10 of those system volume info files and 2 zone lab block count tell me how to edit please
     

    Attached Files:

  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Just attach the log, I will edit it if it's too big.
     
  17. tester36

    tester36 Private First Class

    Ok we will try this. Well no we won't I could not save it or paste it I was going to reduce it to the task bar and try to move it and hit the close instead of move now I can't find it :confused: Do you know where it went:confused:
    steph
     
  18. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Let's just run this one as it's better for finding hidden files/processes.

    Please download Blacklight to its own folder...

    F-Secure Blacklight

    After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

    Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with a fresh HJT log.
     
  19. tester36

    tester36 Private First Class

    ok here we go thanks in advance
    steph
     

    Attached Files:

  20. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download Pocket KillBox
    • Save it to your desktop or a place easy to find.
    • Do not run it yet
    Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/ search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O18 - Filter: text/html - (no CLSID) - (no file)

    Again, make sure ALL browser windows are closed when you click FIX.

    Next, run CCleaner to clean up cookies and temp files.

    Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
    Locate PocketKillbox
    (Procede with this step even if they do not show in blue)

    Now, Copy and Paste C:\WINDOWS\SYSTEM32\cpl_moh.cpl into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

    • If you get an error message about Pending Operations, just reboot your computer manually.
    After you complete the above, reboot and let me know how things are running.
     
  21. tester36

    tester36 Private First Class

    It seems to be running fine but it is storming like rip here now so I am getting off for a while. should I disable system restore now? thanks again bj and chas yall are great as always
     
  22. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Yes, you can disable system restore, reboot and then re-enable system restore.
     
  23. tester36

    tester36 Private First Class

    disabled and reenabled sys restore, been surfing all morning, had a death in the family and trying to prepare a eulogy, done without a problem with the computer.
    Thank ya'll again you saved me.:)
     
  24. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your Welcome!

    Sorry to hear about the loss, God Bless you and your family! :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds