Matt

Hello Tabbydaze. Sorry it took so long for you to get a reply--not sure what heppened. I looked over your log, and it is clean. I do not think the issue you are experiencing is malware related. If you are still having issues, I would suggest you post your problem in the PC Support Area of the forums. Hopefully someone will be able to assist you better there. Matt

I've read this thread a couple times now, and I'm unsure on what the real issue is.. Was it: A. You received an email with an attachment, you opened it, and now someone has your password. or B. You received an email with an attachment, you opened it, and it sent back information to the sender, and you are now on a spam list. lol I may be dense right now, but I couldn't figure it out. Matt

Can you post the Ewido Report please? Matt

Driver's ed.

Just got word from the man upstairs. Time to lay down this monster. Feel free to start a new one. Matt

Hi and welcome to Besttechie! You are most likely infected with some form of malware. Please read this post on how to post a HijackThis log in our Malware Removal Forum. There, an expert will be able to analyze your log and remove any spyware or other nasties that may be on your machine. When you post your HJT log, be sure to include a summary of your probelm (like you did here) so they know what to look for. Please be patient when waiting for an expert to review your log. They take time, and only trained experts gain review them. Matt

Sophos has added information on the infection.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Hey folks. Just thought I'd post this here since this may or may not become a larger threat. I'm currently working with a user in the HJT section, and we came across a file that I had never seen before. There was no reference of it on Google, so I had it submitted to many experts from various security coorporations and organizations. The file returned as a keylogger that tracks every keystroke you make. Then, it send the information to a third party. Credit card, and other personal info can be collected, so if infected, you have the possibility of becoming a victim of identity theft. Norm

We'll deal with that in a bit. Thank you very much for submitting that file. Experts have analyzed it, and sent it of to many security companies and organizations. It is a new piece of malware, and you may still have remnants on your machine. We're going to try to find and kill those. What you had was a Trojan that logs any and all keystrokes and sends them to a third-party. One of the experts that analyzed the file sent me the following information: As we are not sure yet if there are still remnants on your machine, if you have access to another computer, it would be wise to change pas

Hmm, Ill try the graphical based installer first. Also, what do you guys think about xubuntu? I just noticed it on the site. Anyone used it before? Matt

Which would you reccomaned for a dual-booting linux noob like myself? The 'alternate' one? If so, where are you finding that one vs the normal one thats causing issues? Matt

Whew! We still go some mess there! Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\rcnoke\csrss.exe [*] Click on the submit button [*] Please post the results in your next reply. Updating Java and Clearing Cache Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. If you are unabl

Dont go with Triton. In fact, don't go with aim at all. Get Traillian or Gaim. Not buggy, no annoying ads, no malware..

Inactive topic... If you still need help on this problem, contact me or one of the Moderators to re-open this up. Topic closed.

Inactive topic... If you still need help on this problem, contact me or one of the Moderators to re-open this up. Topic closed.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Ok - as long as you know what that file is, youre clean

I recall a big discussion in the chat where many members brought up the idea to combine a few sections into just one big 'PC Support' area. I don't remember everyone who was involved in the discussion, but I was in favor of the idea of just one general forum. (Just a thought) If more and more attention comes toward networking, perhaps open a poll somewhere for this? Matt

Download WindPFind Extract WinPFind.zip to your c:\ folder. Reboot your computer into Safe Mode Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Hitest convinced me to switch back to Ubuntu, so once the servers calm down, ill burn and instll that over my Debian installation.

Ok - let's continue. Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK Next go to http://www.uploadmalware.com/ and do the following: Enter Your Username Paste the URL to this thread in the specified area Enter the following file for upload: C:\WINDOWS\ldanw32.exe In the comments area, put the following: Uplo

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Welcome back. Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page:C:\WINDOWS\ldanw32.exe [*] Click on the submit button [*] Please post the results in your next reply. Scan with HJT and place a check next to the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gdqpxiovhpiazo.com/FE4m9oMOcXEl...jA5TrmH5EB3.php O2 - BHO: (no name) - {1A29E4E0-69FC-AA55-4EA7-3D4B9F578995} - (no file) O4 - HKLM\..\Run: [rtpsys32] C:\WINDOWS\system32\rtpsys32.ex

Hmm, thats very interesting. I have had no issues with the site in firefox or IE, not malware installed, no popups, nothing. Lemme look further into this..