attacks from other computers

Hi,
Thank-you for the repair/clean-up instructions!!
I ran through them (unfortunately we had already used some of the tools), and most issues were cleared. Zone alarm still shows a serious of attempts to access from another computer. Always 7 attempts in a row from the same IP. Also single attempts from few other IP addresses.

Combofix did not seem to run. The word "combofix" came-up with a meter that moved to the end, and that was it.

Issues found though a day of cleaning include spyhunter, virtumonde, agent, cws, vundo, iwantsearchbar, downloader.VB.AWJ, zeroPopUpBar, component.SBSoft, malware.trace. Browsers were redirected, there were popus, slow/frozen system.

Is there still some bug/remnant sending-out a beacon to malicious computers?
Thanks for your time,
Cindy

 

Thanks for your efforts Tim!

>Did you at one time have PCTools Firewall installed?

I don't know, this is a friend's computer.

> What is this : C:\Documents and Settings\Bruna\Desktop\Antispy

This is just folder for her antispy/adware program links, so she can remember
to (and easily) run them hereafter.

> Tell me if you are still getting intrusion alerts and give me the IP if you are.

I did all the changes, and so far I have gotten the same 7 attempts that happen simultaneously from:

192.168.0.4

From and to different ports.
Thanks again,
Cindy

 

> LOL...short cut to scans...good idea.

Short of autoresponder messages to remind her, this is the best it gets LOL.

>OK.that IP address is part of your network.....either a networked computer or a wireless device or printer

Ahh..that thought had crossed my mind...momentarily.

>....go to start / run / type "cmd" without quotes....

>when you get the dos screen type "ipconfig /all" without qoutes and note the space between ipconfig and /all.

>Tell me what is there --- esp the 192.168.0.4

It's 192.168.0.5
Default gateway + DHCP 192.168.01
DNS 64.71.255.198, which was one of the other security alerts, blocked internet access to --from my computer

>I will look at your logs after having dinner ..... ....but I suspect that if avenger removed those items, you are probably clean.

You could well be right?!?!!
I have a router, and a PC networked.

You must be in the same time zone, I am enjoying dinner also.
Then taking this computer back to her...Have installed LogMeIn
so can finish-up from home.

Enjoy,
Cindy

 

Hi Tim, I did this, and then looked at the next message and stopped.
Because, I see you are dealing with PCTools, and I am at my friends place,
and realized that PCTools mades Spy Doctor, which she just installed to
deal with this disaster.
Do we proceed with the rest of your changes?
Hope you're not napping LOL
Cindy

 

Hi Tim, I need to clarify what "IT" was that I did, and it was re: your second-last message, here's clip:

We can probably start some of the clean up:
Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\

etc...

I did this and ran it. It did say the content was added to the registry.
I have not done anything else, however when I tried to run Spyware Doctor(PCTools), syst crashed with blue screen. Seems we have done something to it.
Cindy

 

PS--we had another "attack" ip addres 76.114.109.119.

The ip address here is 64.230.30.166
wireless, no network.

doing ipconfig in "run" the window disappears fast now, and does not stay to view the addresses.

 

Yes, it was paid for. But if it is no good, or something is better, we're open to whatever. Seems to keep it we will have to remove and re-install.

Your last message seemed to conflict itself, saying the free anti-spy stuff is crap, and then saying also to keep it.

Confused...and glad you're awake, and here
Cindy

 

This is the sentence that contradicts itself to me:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If you don't recommened Spyware Doctor, what do you recommend?
Cindy

 

oops thanks... ok, the 64. address was returned from whatismyipaddress.com
However cmd ipconfig returns 192.168.8.100

No idea about comcast...sounds local though.

 

Great! Thanks (again) :cool

Cindy

 

Almost done your cleaning instructions....
Combofix was not "installed", just placed on the desktop, and when attempted to use it dragging the windows file on top, it did not do what was expeted (see message below).

When I ran the instructions below, got an error, not found.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

 

PS--got another two attempts...

63.16.20.150

Random fishing acts you think?
C.

 

Hi Tim:

You're a WIZ!
This is Bruna...Cindy's friend with all the crazzzzy computer probs.
Thanks for your expert help....very much appreciated! bp

You rock!!! Thanks so much for your time, expertise, & fast replies :cool
Enjoy your well-earned zzzzzzzzzzzzzzzzzz's.
Many thanks with gratitude,
Cindy