Ice Cold Beer
Members-
Content Count
9 -
Joined
-
Last visited
About Ice Cold Beer
-
Rank
Member
-
Wups -- forgot abouy avast. I meant to uninstall a while ago. Good list of software. I'll check 'em out. Thanks for your help.
-
Got a reboot meesage after the scan, but here's what it picked up: restart.exe;C:\Documents and Settings\Sysadmin\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Deleted.; A0004167.dll;D:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP6;Program.PopcapLoader.origin;Incurable.Deleted.;
-
Nope, no log. I did get a system recovery message after the reboot -- "Your system has been recovered after a serious error . . " New HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58, on 2007-11-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\More Program Files\Lavasoft\
-
That got it. SmitFraudFix v2.246 Scan done at 4:07:58.93, 2007-11-04 Run from C:\Documents and Settings\Sysadmin\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»
-
Definitely can't get to safe mode. It shuts down and restarts about halfway through if I try to start in anything but normal mode.
-
Sorry for the delay in replying. Won't let me reboot to safe mode. I'm going to try logging and see what happens.
-
And the HT log -- combofix didn't leave one, unless I'm looking in the wrong place. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:48, on 2007-11-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\More Program Files\Lavasoft\Ad-Aware 2007\aawservice.ex
-
Here you go: SmitFraudFix v2.246 Scan done at 4:13:25.93, Thu 11/01/2007 Run from C:\Documents and Settings\Sysadmin\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\More Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Expl
-
Difinitley infected with a nasty virus. This little bug deletes any anti-virus software I've tried. Online scans don't pick it up, or are rendered inoperative when download completes, except for one. I managed to get F-Secure to run briefly. It picked up three or four .EXE files in the windows directory. No B.S. -- I opened the folders, and the files were deleted as I watched. Another scan, different names, different folders -- but still being flagged as bugs. Same deal. Open the folders, the files vanish. THIRD scan. Same thing, different folders. It's like some sort of shell game.