Could use some help #1

Discussion in 'Malware Help (A Specialist Will Reply)' started by strato222, May 14, 2007.

  1. strato222

    strato222 Private E-2

    Hi all,

    I first noticed a problem when Norton kept blocking a something called
    MS SQL Stack BO.

    I thought it might have something to do with a stat based baseball game i recently installed, but tech on one of their boards said that shouldn't be the case.

    I came to this board, and tried to go through the malware removal guide, and stuff was showing up. I was able to complete all the suggested scans with the exception of the pandascan which kept stopping at C:\NTLDR at that time it listed 38 spyware and 2 hacking tools and rootkits.

    Also, while updating my Norton Anti-Virus I noticed kind of fleetingly some files being updated with the word redirect in them...is something I need to be concerned about?

    I did not toggle system restore

    Thanks again for any help and/or advice..this board is great.
    Ethan

    Attached are the following files:
    CounterSpy.txt
    bdscan.txt

    on the part 2 post (1st reply)
    runkeys.txt
    newfiles.txt
    hijackthis.log
     

    Attached Files:

    strato222, May 14, 2007
    #1
  2. strato222

    strato222 Private E-2

    Re: Could use some help #2

    here are the other attachments...

    thanks again--Ethan
     

    Attached Files:

    strato222, May 14, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Could use some help #2

    Nothing that you mention sounded like it was related to malware and your log file also indicate that there are no malware problems. I do see that Adobe is running mysql. Look in your process list of your HJT log and you will see the below. Maybe this is where your message is coming from.
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

    The message is not about malware. It is about a security whole in something you are running that is not properly updated/patched. See: http://www.symantec.com/avcenter/attack_sigs/s20081.html


    I do have a few things for you to do (not related to your problems).

    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Also uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Also you should figure out what application you have that is creating the below huge files and wasting almost 6 Gigabytes of diskspace.
    Code:
    "C:\"
106.tmp       May 14 2007   998244864  "106.tmp"
1fe4.tmp      May 14 2007   998244864  "1FE4.tmp"
204.tmp       May 14 2007   998244864  "204.tmp"
213.tmp       May 14 2007   998244864  "213.tmp"
221a.tmp      May 14 2007   998244864  "221A.tmp"
247c.tmp      May 14 2007   998244864  "247C.tmp"
    If you don need these files from May 14th, you should delete them.
     
    chaslang, May 15, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds