Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » [SOLVED] Weird Problem

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Closed Thread
Page 2 of 2 < 1 2
Thread Tools
 
  #21 (permalink)   Top
Old 10th February 2008, 06:17 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
The log for the ConboFix thing..

Doing the second part of your post now.
Last edited by Howard; 11th February 2008 at 07:18 PM.
  #22 (permalink)   Top
Old 10th February 2008, 06:19 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Looking good. We may get away without running the Kaspersky scan
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
  #23 (permalink)   Top
Old 10th February 2008, 06:27 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
Lmao, i hope so! The Dr.Web scan is 20% done so far so I'll be posting the other 2 logs you need soon.

OK - Done..

Dr.Web log contents:

Quote:
rmcastnt.sys;c:\windows\system32\drivers;Program.E liteKeylogger.36;Renamed.;
videx.sys;c:\windows\system32\drivers;Program.Elit eKeylogger.36;Renamed.;
rsvpsvr.exe;C:\WINDOWS\system32;Program.EliteKeylo gger.36;Deleted.;
rmcastnt.#ys;C:\WINDOWS\system32\drivers;Program.E liteKeylogger.36;Incurable.Moved.;
videx.#ys;C:\WINDOWS\system32\drivers;Program.Elit eKeylogger.36;Incurable.Moved.;
Hijackthis log attached to post.
Last edited by Howard; 11th February 2008 at 07:18 PM. Reason: Posts merged. Please use the edit button, rather than making a new post when there are no other posts inbetween. Thanks.
  #24 (permalink)   Top
Old 10th February 2008, 06:45 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Were you aware of the Keylogger?

The log looks fine now. Try The updates again and let me kno wthe exact error you get (if any)
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
  #25 (permalink)   Top
Old 10th February 2008, 06:48 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
Yer, i did uninstall it but there were obviously files left over.

That Dr.Web program wasn't showing some buttons, but i think i still managed to do a full scan.

What updates?
  #26 (permalink)   Top
Old 10th February 2008, 06:56 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Weren't you having problems with Windows Updates?
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
  #27 (permalink)   Top
Old 10th February 2008, 06:57 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
Yep, check my first post for more details.
  #28 (permalink)   Top
Old 10th February 2008, 06:59 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Ok, and the problem is still there after Combofix and Dr Web?
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
  #29 (permalink)   Top
Old 10th February 2008, 07:02 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
Let me check..

Omg.. It's fixed!!

*Gives evil a cookie*

Thanks for the help!

Last edited by Howard; 10th February 2008 at 07:17 AM.
  #30 (permalink)   Top
Old 10th February 2008, 07:16 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
I was thinking it would be.


Time to do some cleanup and secure the work you have done.
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.

  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

Next

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2


Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Let me know how everything went.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
  #31 (permalink)   Top
Old 10th February 2008, 07:22 AM
Victim.'s Avatar
Newcomer
  
Join Date: Feb 2008, 25 posts.
Reputation: Victim. is on a distinguished road
OK - Done all that now without a problem.

Think thats it?

Thanks for the help again.
  #32 (permalink)   Top
Old 10th February 2008, 07:30 AM
Howard's Avatar
TST Master
  
Join Date: Dec 2007, 3,366 posts.
Reputation: Howard has a spectacular aura aboutHoward has a spectacular aura about
I`m now marking this thread as solved.

If you need this thread re-opened please contact a moderator or PM me.

Regards Howard
Closed Thread
Page 2 of 2 < 1 2

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 08:59 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.