Lupo

Members
  • Content Count

    14
  • Joined

  • Last visited

About Lupo

  • Rank
    Member
  1. Hi Chuck I have returned. Tried pasting the RKill scan results, but I'm having trouble getting it to paste. I have copied it into Word from Notepad. I can cut or copy, but I can't paste???? Lupo
  2. Dear Chuck I just need to let you know that I will be attending a conference for the next four days and may not have internet access. Sounds odd, I know. It seems this site has a policy of closing threads if people don't respond, so I just wanted to let you know I'd be back. One small problem has cropped up: the scans have stripped google from my start up homepage in ie. I have added it so that it should open as an extra tab, but it won't open when I start a new web session??? Thanks for your help and patience. Lupo
  3. Hi Chuck Sorry, I've posted the Rkill log 3 times. Couldn't figure out how to get rid of it.. Seems like a silly question, but do I delete what RKill detected? Thanks for you patience. Lupo
  4. Hi Again Here's the RKill log Lupo RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Caruso [Admin rights] Mode : Scan -- Date : 06/27/2014 16:13:51 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 16 ¤¤¤ [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVer
  5. Hi Chuck Sorry for the delay. Here is the log from the combofix scan. Lupo ComboFix 14-06-27.01 - Caruso 27/06/2014 15:34:15.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3824.1995 [GMT 10:00] Running from: c:\users\Caruso\Downloads\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-
  6. Hi Chuck Yes, I understand how Symantec works. My question is: how do I remove bloodhound to stop the attacks? Isn't it better to remove it entirely? And, if so, how? Lupo
  7. Hi Chuck Yes, I am using Symantec endpoint protection. It picks up the virus, but quarantines it. I was never sure whether it was safe, and whether I could just ignore it. That's why I jumped on here It 'acts' randomly. Sometimes nothing will happen for days, and then suddenly it will activate repeatedly. Symantec always picks it up. But I can't stop it. It seemed that it was better to try and get rid of it permanently. What do you think?
  8. Hi Chuck I just did an update of Symantec and had another bloodhound detection. Here's the entry from the Symantec Risk Log. Is the problem within the Symantec program. Just speculating? Lupo LDVPResultsTable Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time DWHFA84.tmp Bloodhound.MalPE Quarantined Heuristics C:\Users\Caruso\AppData\Local\Temp\ ORPHEUS Caruso Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 24/06/
  9. Hi again Chuck I have run the 'Fix'. Here's the log: Lupo All processes killed ========== OTL ========== Service esgiguard stopped successfully! Service esgiguard deleted successfully! File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633E
  10. Hi Again Chuck Here is the second file. Sorry about the length. Lupo OTL logfile created on: 6/23/2014 2:43:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caruso\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.73 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 34.15% Memory free 7.47 Gb Paging File | 5.11 Gb Available in Paging File | 68.41% Paging File free Paging
  11. Here's another go at pasting. I copied the report into a Word doc and then copied it from there. Doing this changed the formatting. I've tried to reduce the sizes. OTL Extras logfile created on: 6/23/2014 2:43:49 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caruso\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.73 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 34.15% M
  12. Hi Chuck Thanks for the prompt reply. I have run OTL, but can't copy the files across??? What am I doing wrong?
  13. The 'This' refers to bloodhound malPE. Sorry if that was not clear
  14. Symantec Endpoint Protection keeps blocking this but I can't remove it. I have run ADW removal tool; JRT; CC Cleaner: Hitman; SuperAntiSpyware & Malwarebytes. I had a major infestation about a month ago and had to get an expert to get things running. I think this is something that might have been missed Any suggestions would be appreciated. Thanks