geek
Members-
Content Count
13 -
Joined
-
Last visited
About geek
-
Rank
Member
-
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
She has most of that and has been running it. Thanks for your time. Just to let you know, Sygate was bought by Symantec and no longer offers a free version unfortunatly. -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
May I ask what it is you find suspicious? What is problematic? Logfile of HijackThis v1.99.1 Scan saved at 5:06:22 PM, on 10/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgups -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:52:47 PM 10/12/2006 + Scan result: C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0089634.exe -> Adware.PurityScan : No action taken. C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090827.exe -> Adware.PurityScan : No action taken. C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090834.exe -> Adware.PurityScan : No -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
VundoFix V6.2.1 Checking Java version... Scan started at 10:11:54 PM 10/10/2006 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.2.1 Checking Java version... Scan started at 8:34:45 PM 10/11/2006 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.2.1 Checking Java version... Scan started at 8:52:42 PM 10/11/2006 Listing files found while scanning.... No infected files were found. Beginning removal... -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
Logfile of HijackThis v1.99.1 Scan saved at 8:08:10 PM, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
ignore -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
Logfile after the above found no files and removal of Yinstall.exe. Logfile of HijackThis v1.99.1 Scan saved at 10:20:01 PM, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up. Ok, well, looks like I figure out the problem. "O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe" was the culprit, it seems. Stopping it's process and deleting it at it's root file seems to have eliminated the web based pop up. After logging in on every account on this PC, it appears the situation is resolved. If anyone sees anything other that is suspicio -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up. Logfile of HijackThis v1.99.1 Scan saved at 8:38:54 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C: -
Suspiciously Slowed Pc, Known Trojan Infection[RESOLVED]
geek replied to geek's topic in Malware Removal
Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 6.0 AVG Free Edition eMachines Bay Reader GdiplusUpgrade Google Talk (remove only) HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 HP Software Update IntelĀ® Extreme Graphics Driver IntelĀ® PRO Network Adapters and Drivers Java 2 Runtime Environment, SE v1.4.2 K-Lite Codec Pack 2.25 Full Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB8 -
Known trojan was said to have been removed by AVG, but is still present. Figured someone here might be able to point out issues to be resolved. Thanks in advance. Logfile of HijackThis v1.99.1 Scan saved at 3:46:18 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA
-
I used hijack this, then went in via command prompt to delete the kernelll.pif file, and upon restart my registry eidtor and taskmanager work flawlessly. updated log below Logfile of HijackThis v1.99.0 Scan saved at 9:27:17 PM, on 2/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\sp
-
Problem: on reboot, my task manager and registry editing tools are disabled, no matter the user. Specs: AMD 2100+, 512 MB RAM, 80 GB HD nearly full. Let me know what else you need. Logfile of HijackThis v1.99.0 Scan saved at 8:18:59 PM, on 2/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS