Jump to content

Trogan

Trusted Malware Techs
  • Content Count

    156
  • Joined

  • Last visited

Everything posted by Trogan

  1. The scan may take an hour, maybe more. I'll check everything over once I received the log. I do not need you tell me what is found; that is what the log will do. No need to post back, until the scan has finished.
  2. You have AVG Anti-Virus. I want you to download AVG Anti-Spyware, which is a totally different program. Please download and follow my previous instructions.
  3. OK, that is fine for now! Phew! Now, I want you to run another scan: 1. Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet. If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following: Click the Update icon at the top and under Manual Update click the Start update button. The program will either update or inform you that no update was available. It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database). Please set up the program as follows:Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive. Click the Update icon and untick the automatic update option. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? - make sure that Quarantine is selected. Under How to scan? - All checkboxes should be ticked. Under Possibly unwanted software - All checkboxes should be ticked. Under Reports - Select Do not automatically generate reports. Under What to scan? - Select Scan every file. Close all open windows.Click on Scanner on the toolbar. Click on Complete System Scan to start the scan process. Let the program scan your computer. When the scan has finished, follow the instructions below:Make sure that Set all elements to: shows Quarantine Important: Click on the Apply all Actions button (*** This must done before saving the report ***) When the program has finished, it will display the message All actions have been applied. Then click the Save Scan Report button. Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Tray Icon and select Exit. 2. Now, run a new scan with ComboFix please. 3. Post the following... AVG Anti-Spyware log New ComboFix log New HijackThis log
  4. OK, that's fine...leave them there. The OTMoveIt log you first posted said "Not found" for each file, do you know why that is? Now, using OTMoveIt again, remove this file: C:\WINDOWS\system32\Coltd.sys Post the results from OTMoveIt, and check to see if the file is in C:\_OTMoveIt. EDIT: Do NOT delete the Drivers folder - that is legit!
  5. Whoa! I'm slightly lost...slow down a little please. Yes, delete all the dump_wmimmc files. Also, where did you find them? Once that is done, run ComboFix again and it will produce a new log. Post that back here. Remember to close everything.
  6. Leave SVKP.sys where it is. Can you now tell me what else is in C:\_OTMoveIt.
  7. Did you find and delete these two? C:\WINDOWS\system32\SVKP.sys C:\WINDOWS\iun6002.exe
  8. Would be better to save them in Microsoft Word, and yes they will be available in Safe Mode on the account you save on. How to delete a file: Example: C:\WINDOWS\system32\drivers\dump_wmimmc.sys Open My Computer to open it Double-Click the C: to open it Double-Click the Windows folder to open it Double-Click the System32 folder to open it Double-Click the Drivers folder to open it Find dump_wmimmc.sys Right-click and select Delete Same procedure for all the files.
  9. Hi, you did everything correctly. Bit surprised nothing was found. I want you to go back into Safe Mode, so you might want to copy or print these instructions: Please do the following... 1. Make sure you can view hidden files and folders: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2. Now go back into Safe Mode 3. Once in Safe Mode, check if the following files in RED are present. If they are, delete them. C:\WINDOWS\system32\drivers\dump_wmimmc.sys C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys C:\WINDOWS\system32\SVKP.sys C:\WINDOWS\iun6002.exe Also, locate this file: C:\WINDOWS\system32\Coltd.sys If found, right-click on it and select Properties. Go to the Version tab and make a note of what is written, if anything. I especially want to know who the Company is. 4. Reboot back into Normal Mode, and give me feedback.
  10. All of these - they are in the white Code box above: C:\WINDOWS\system32\drivers\dump_wmimmc.sys C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys C:\WINDOWS\system32\SVKP.sys C:\WINDOWS\iun6002.exe
  11. Hi! SDFix turned up clean. Please do the followng... 1. Follow these instructions Download OTMoveIt by OldTimer from here Double click on OTMoveIt to start OTMoveIt Untick the option to Unregister Dll's and Ocx's (1) Select the contents of the below codebox, then press Ctrl+C to copy it to the clipboard C:\WINDOWS\system32\drivers\dump_wmimmc.sys C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys C:\WINDOWS\system32\SVKP.sys C:\WINDOWS\iun6002.exe In OTMoveIt Right click on the box labelled Paste List of Files/Folders to be Moved Click Paste (2) Click MoveIt! (3) Copy and paste the contents of the results box (4) as a reply to this topic 2. I'd like a file to be scanned:Go to VirusTotal Copy and paste the following file path into the Search Box at the top of the page: C:\WINDOWS\system32\Coltd.sys Click on the Send button Please post the results in your next reply. Post the results from OTMoveIt, along with the VirusTotal scan results.
  12. Sorry for the delay. You shouldn't need a password in Safe Mode. Select Administrator, if needed.
  13. This tool will not work in Normal Mode, therefore you will need to enter Safe Mode. You will get other options if ran in Normal Mode. Please stop playing games while we are fixing your PC. Apologies if you are not.
  14. OK, there are a few things showing in the ComboFix log. But before we doing anything, I want you to run the following scan. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  15. OK, please run ComboFix with all programs and windows closed.
  16. When did the rebooting start? Please provide as much as detail as you can about the problem. 1. Download this file to your Desktop - combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  17. Hi DeliciousEgg89, That Panda log is incomplete as it cuts off. Please post the complete log.
  18. Hi DeliciousEgg89, Before you post the logs I asked for in my previous post, I would like you to do the following... Open HijackThis - Click the Do a system scan only button - Check the following entries (below) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...&expId=7070 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis After the above is done, post the Panda log and a new HijackThis log.
  19. Hi DeliciousEgg89, sorry for the delay. This maybe a hardware problem, but we'll check. Please do an online scan with Panda ActiveScan - Once you are on the Panda site, click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log
  20. Hi DeliciousEgg89, If there is no problem, can I close this thread?
  21. Looks good and well protected!
  22. Hi DeliciousEgg89, Nothing bad in your log. Any specific problems? You need to update Java Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java SE Runtime Environment 6u1. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.
×
×
  • Create New...