Nar? Or more...?

Newbie so be gentle...:-o

A little problem history - I'm using a wifi logon provided by Paradigm.
About a week ago my pc started flashing up a problem error whenever I attached a memory stick (including my ipod) which continued even after I had taken the stick out. The message would pop up, I'd close it usually 11 times then it would pop up again about 10 minutes later. When I looked up the error the only advice at the time was to change the name (letter)of all the drives apart from hy hard drives and re-boot. This stop the error message, but since then my DVD will not auto-play but I thought that was because they’d been re-named…
During a period of being connected to the internet,and immediately upon an update, Avast began repeatedly springing up telling me that "VBS:Malware-gen" has been found in "C:\nar.vbs" file and gave me the option to delete which I did. Then it immediately popped with the same for D:\. Then back to C: then repeat. So I disconnected, which stopped the pop-up. However, now I cannot open the C or D drives by double clicking, only by right click etc.
I followed the procedure for getting rid of malware but have become stuck at running Combofix - I get the message that it is not a valid win.32 application... I have done everything else up to that point but need a little help as to what to do next. I won't post any error logs until ordered to!

Thanks.

 

Hmmm...running out of options here...I can only upload 2 of the reports - the Mbam one and SAS one. When I try and upload the Mglogs.zip I get the following message
'SCM® appliance PDGSTVVWL01.PDGNETWORKS.NET reports error uploading data



The upload of data to the server has failed' with a Macafee shield sign - I'm guessing thats the wifi provider preventing me...

Still no joy with combofix...

:confused

 

http://www.majorgeeks.com/images/grenade.gifWelcome! to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif

First, download the latest update of ComboFix, save to your desktop but before running it, change the name of CF.exe

Also, try attaching the logs from MGTools once more, if you're still unable to attach them, just attach the ShowNew Log, GetRunKey Log & HJT Log.

 

Not working I'm afraid. I still get the same error message when I try and run combofix even as CF.exe and cannot upload the Mglogs.zip file due to same problem as last time.
As for "ShowNew Log, GetRunKey Log & HJT Log" - how do I create those? I can't find these programmes anywhere in the help guides...

 

They are located inside of the MGLogs.zip file. Just attach these three logs for now.

 

No joy. I can't upload any of them to my server

Guess I'll just have to make do until I can get home in 5 MONTHS TIME.... :cry




grr :major

 

What? Find the three files, they are in the ZIP file created by running MGTools. Once you locate the three files, attach them to this thread.

If you can't attach them, post them inline and I will attach them.

 

I can only connect to the internet via a public wifi service - it won't let me upload the files for some reason. I tried just cutting and pasting the text files by lines and it STILL won't let me!

'SCM® appliance pdgstvvwl02.pdgnetworks.net reports error uploading data



The upload of data to the server has failed'

I'm guessing I could probably do it in small chunks, but there's just now way I'm prepared to do that. Why is this happening? I've uploaded photos to websites fer chrissakes - these piddly little files should be no problem at all

 

When you are replying in this thread, below this box where you type, are you clicking on the "Manage Attachments" button and then pointing it to your files? I've never heard of anything like this?

 

Yup - doing exactly that. Have even switched to Firefox in case that helped, but still no joy. I have e-mailed the people who provide our wi-fi access to ask them why I can't attach these files - I don't know how these wifi servers work but there's obviously some kind of firewall preventing me from uploading this stuff. Even tried putting it into a Word doc - no joy. I still keep getting '403 - Forbidden' followed by the usual guff...
I'll try a copy and paste of a small chunk see how it goes...

 

******************************************************************************
* GetUnKeys.Bat - © 08/11/2006 by Chaslang and ShadowPuterDude *
* Supports all Windows OS *
* 12/30/2008 Version 0.18 - change GRKflag.txt to GRKflag.log *
******************************************************************************
* The GetUnKeys.bat program retrieves the installed programs list from the *
* registry and puts it into a file named C:\MGtools\GetUnKey.txt *
******************************************************************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4oD]
"Publisher"="Channel 4 Television Corporation and 4 Ventures Limited"
@=""
"HelpLink"="http://help.channel4.com/4od"
"Contact"="4oDHelp@Channel4.com"
"DisplayVersion"="2.0.23.0"
"URLInfoAbout"="http://www.channel4.com/4oD/contactus"
"InstallDate"="21/05/2008 - 15:07:41"
"DisplayIcon"="C:\\Program Files\\Kontiki\\4od1\\cache\\c4_tray0.ico"
"DisplayName"="4oD"
"UninstallString"="MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}"
"VersionMinor"="0"
"VersionMajor"="1"
"InstallLocation"="C:\\Program Files\\Kontiki\\"
"UninstallPath"="MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal]
"DisplayName"="Ad-aware 6 Personal"
"UninstallString"="C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\UNWISE.EXE C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\INSTALL.LOG"
"Publisher"="Lavasoft"
"URLInfoAbout"="http://www.lavasoftsupport.com"
"DisplayVersion"="6.0.1.181 Personal"
"DisplayIcon"="C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-aware.exe,-0"
"HelpLink"="http://www.lavahelp.com"

...this is ridiculous...

 

There should be a ZIP file named "MGLogs.zip", extract the contents of this directory. Once extracted, locate the files below and paste the contents inline to your next post.

• runkeys.txt
• newfiles.txt
• hijackthis.log

 

Doesn't work, as per post no. 8 previously.
The whole 'Manage Attachments' popup becomes filled with '403 forbidden' followed by the other text I mentioned in post 8.

 

I'm not asking you to attach then anymore, I am simply asking you to open the files and copy the contents and then paste those contents into your next post.

If you can't follow instructions, I can't help you. Remember, I'm not anywhere near your computer, I can only see what the logs show me but if I have no logs I can't see anything.

 

Yes, that would work, but I cannot copy and paste more than about 40 lines at a time. Doing it that way would take forever here. However I have just tested attaching stuff to an email and these files attach fine - I can only assume that the providers of the wifi spot I am using have allowed uploads to only certain websites. Would it be possible to e-mail you the files?

 

No, we do not accept the logs in email. We only accept them attached or pasted inline so we can attach them.

Why can't you select more than 40 lines? Press the keys CTRL and A at the same time and it will select all, press CTRL and C to copy it.

 

Yes, I'm aware of these keyboard shortcuts. Unfortuntely, as per my previous post on 01-17-09 08:46, if I try and cut and paste anything bigger than about 40 lines I get the same '403 Forbidden' screen.

 

Well, unfortunately without the logs I can't help you. The logs are the only way I can see inside your system.