Jump to content
CCleaner Community Forums

AndyManchesta

Experienced Members
  • Content Count

    1,796
  • Joined

  • Last visited

Everything posted by AndyManchesta

  1. Cheers R, I'll use that if I ever have problems with AVG but Im liking it up to now as it just does its thing without bothering me, maybe Antivir thinks displaying a full screen nag advert everyday will persuade users to upgrade but it just had the opposite effect on me and ended up getting removed after afew days, probably like most members here the only time my AV detects anything is when its a false positive so I just want one that doesnt nag unless it really does find infections, Thanks for the tip
  2. I was using AOL's Active shield and was really impressed with it, then they decided to drop it for McAfee and the Kaspersky version didnt update correctly for a couple of weeks so I removed it, Ive noticed on another machine here the AOL version from Kaspersky has started updating again now so I tried to put it back on mine but it wouldnt accept the serial number anymore so I put Antivir on it instead but got abit fed up with the nag screen which suggests updating to the pro version everytime it updated so removed it after a week for AVG, then AVG started detecting my SDFix tool as trojan obfu
  3. Congrats Andavari, Really well deserved
  4. Im really not sure Humpty but its likely Windows features such as system restore would fail due to the amount of damage caused, if the ghost software allows you to boot from a disk to restore to an earlier image rather than run the .exe for the imaging software which would likely also be infected or corrupt by the virus then it may work but I wouldnt like to be put in a position where I had to find out
  5. Happy Birthday Ms Teacup, Hope all your birthday wishes come true
  6. Amiga That brings back memories, I remember thinking Amiga's were the best thing ever around that time as Id updated from an Amstrad 464 (which Ive still got collecting dust somewhere in my attic )
  7. Hi Dennis, I don't think so but this isn't common so its anyone's guess what they hoping to achieve, it sort of defeats the purpose if they damage the system beyond repair as any revenue they would of made from the original malware that gets installed before Virut such as Smitfraud and Vundo type infections will also be lost if the user has to format. Generally file infectors tend to mostly spread using backdoor bots or other network worms so for example a PC gets infected with a IRCBot but the system is already infected with a file infector such as Parite or Virut so it then infects
  8. The main problem is that AV programs tend to do a great job at detecting the virus once its trashed the machine but not so great at detecting the installer for the infection so it could easily get past the real time protection on some security programs, for example here's the results for a virut installer from last week and only 6 out of 32 vendors detected it at VirusTotal File install.exe received on 09.15.2007 16:28:26 (CET) Result: 6/32 (18.75%) AntiVir 7.6.0.10 2007.09.14 W32/Virut.W BitDefender 7.2 2007.09.15 Win32.Virtob.2.Gen eSafe 7.0.15.0 2007.09.13 Suspicious Trojan
  9. Hi guys, We always say using crack and serial sites is very dangerous as most of the malware around today is distributed from those sites but in the last few weeks they have been adding a file infector named Virut into the bundle and this is coming from multiple keygen and crack sites, Virut will infect .exe and .scr files on the system and once it gets on the machine the only solution is to format and reinstall Windows, you can attempt to clean it using whatever Antivirus program you can think of but the AV programs will also be attacked by the virus, even if they are able to disinf
  10. There's not much you can do AJ once your email address gets on the spam lists except hope most of them are caught by the spam filter http://www.secureworks.com/media/press_rel...70802-botstorm/ http://www.informationweek.com/windows/sho...cleID=201311245
  11. Good choice AJ as the page will contain exploit scripts which will attempt to load infections as soon as it's opened, the recent variants are patching tcpip.sys to load trojan files so it doesnt need other startup entries or show in tools like HJT. http://www.sophos.com/security/blog/2007/07/419.html They've recently changed tactics to spam all sorts of messges but its essentially the same junk http://www.f-secure.com/weblog/#00001255
  12. AndyManchesta

    mic's log

    Hi Mic Its no bother mic, we are happy to help For SFP.exe just skip that part as alot of those files should be genuine, ones connected to gromozon and another is maybe an Adware installer but we can run another scan abit later to see if there is problems, there's probably still an active gromozon infection so removing that is the main concern for now. Let me know if you have any problems with the remaining steps Cheers
  13. Your Welcome Luc, Im glad we could help Happy Surfing Andy
  14. Hi Luc, That looks fine You can now delete all the tools and files we used LinkOptCheck <-- Folder LinkOptFix <-- Folder C:\Avenger <--Folder requested-files[Date/Time].cab <-- Folder Avenger.exe <--File LinkOptFix.exe <-- File SFP.exe (Suspicious File Packer) <-- File fix.reg <-- File Gromozon Remover <-- File Check.bat <-- File Check.txt <-- File uninstall_list.txt <-- File C:\avenger.txt <-- File C:\user.txt <-- File C:\regresult.txt <-- File C:\Gromozon_removal log <-- File You have multiple versions o
  15. AndyManchesta

    mic's log

    Hi Mic, thanks for your patience These auto analysis sites are really no use at all these days, there's far too many infections around that do not show any signs in HijackThis so although its probably ok to give them a try as part of a clean up process it would be dangerous to believe that the system is clean based on their results. There's infections that add rootkit components so their entries will not show in logs, infections that use Microsoft company details in their service files so HijackThis regards them as safe and doesnt list them, infections that hide all entries for certa
  16. Hi Luc, That looks good, just afew leftover files to remove but Id like you run the Gromozon remover again to make sure its now showing clear, 1. Please download The Avenger by Swandog46 to your Desktop Click on Avenger.zip to open the file Extract avenger.exe to your desktop 2. Copy all of the text contained in the code box below (making Files to delete: the top line) to your Clipboard by highlighting it and pressing (Ctrl+C): Files to Delete:C:\Documents and Settings\Administrateur\Local Settings\Temp\PXR1.tmp C:\Documents and Settings\Administrateur\Local Settings\Temp\P
  17. Hopefully this will be the last scanner we need to use though as its detection rate is excellent I'll get an email notification when you reply so we can continue either later tonight or tomorrow Andy
  18. Try Deckard's Association Fix Tool (DAFT) to make sure none of the file associations are damaged http://www.techsupportforum.com/sectools/Deckard/daft.exe Double-click the daft.exe icon. Read the disclaimer and click OK. Click on the Scan button then save the logfile. This will save as daft.txt which you can then post back if it finds any problems Andy
  19. Just delete these files then: C:\WINDOWS\apisv.exe C:\WINDOWS\msgh.exe C:\WINDOWS\system32\atlws32.exe C:\WINDOWS\system32\ntlg.exe If you have problems finding them set Windows to show hidden and system files Click Start. Goto MyComputer then C:\drive Select the Tools menu from the top bar and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". UnCheck the "Hide protected operating system files (recommended)" option. Click Yes to confirm then OK Set this back once you have checked for the
  20. Hi Luc The gromozon remover has done a great job there None of the files were packed correctly by the suspicious file packer though except PATCH.EXE which is a legit file from Trend Micro so could you try uploading them at VirusTotal Visit VirusTotal Open the scan site and copy and paste this into the Upload a File area (next to Browse) C:\WINDOWS\apisv.exe Then click Send File, wait until all the results are shown and it shows Finished in the current status area then copy and paste the full results to notepad (Start > Run > type Notepad and press OK) then click
  21. Hi Mic, welcome to the forum, Ive asked one of the Moderators for this area of the site to split your post into a new topic to prevent confusing this thread, once thats done I'll be happy to assist you in removing anything that remains, Thanks
  22. Hi Luc, Thanks for the logs, there's still afew problems showing so this will take afew steps to help you get the machine clean again. Run Hijack This and choose Do A System Scan then place a check next to these entries O2 - BHO: Class - {0A5F82EA-0DD1-4033-7C1A-F9F2F5775550} - C:\WINDOWS\uvwog1.dll (file missing) O23 - Service: UpdHab - Unknown owner - C:\Program Files\Fichiers communs\System\swA.exe Close all open browser and other windows except for HijackThis and press the Fix Checked button Please download the Suspicious file Packer from Safer-Networking.org and unzip
×
×
  • Create New...