[Resolved] Need help again, nasty attacks
#46
Posted 05 November 2009 - 05:42 PM
Register to Remove
#47
Posted 06 November 2009 - 02:34 PM
Preparation
1) Download Dr Web Cureit from here and save it to your Desktop.
2) Log off from the internet and disconnect your modem cable for the duration of the fix.
Removal
1) Double click drweb-cureit.exe to begin - the program takes a few seconds to open so give it time.
- Click Start.
- When a new window appears, click OK to start the express scan - this will only take a short while.
- If anything is found, click Yes when you are asked if you want to Cure?
- Once the express scan has finished, click the Select drives button on the left - this will place a red dot over all of your hard drives.
- Click the green arrow on the right and the main scan will begin.
- If you see a pop-up informing you of an infected file and asking if you want to Cure? or Move?, click Yes to All.
- Now all you can do is wait while the scan completes as it needs no further action on your part.
- Once the scan has completed, you may see a list of infected files appear.
- If so, there will be a button to the left of them that resembles a pile of papers with a red tick on top - click it.
- A green dot will appear over each of the file icons and also light up four more buttons.
- You need to click the second one down that resembles a green cup and select Move incurable from the menu that appears.
- Then from the main menu (top left), click File > Save report list.
- You will need to change the filename from DrWeb to "DrWeb.txt" - it is important that you include the quotation marks.
- Click Save and the report will be saved by default to My Documents although you can save it elsewhere if you wish.
- Close DrWeb Cureit.
Post a fresh HJT log, the contents of DrWeb.txt AND a description of how your PC is running.
#48
Posted 06 November 2009 - 06:35 PM
Edited by coastalbuck, 07 November 2009 - 05:40 AM.
#49
Posted 07 November 2009 - 04:14 PM
#50
Posted 08 November 2009 - 05:27 AM
#51
Posted 08 November 2009 - 01:45 PM
Please go to Jotti's and click on the Browse... button at the top and navigate to the following file and then click on Submit:
C:\Windows\System32\drivers\atapi.sys
When all the scans have been completed, please copy and paste the results into your next reply.
If this site is busy, try VirusTotal: Click the Browse ... button, navigate to the file and double click it and then click the Send button.
You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done. *
#52
Posted 08 November 2009 - 05:40 PM
#53
Posted 09 November 2009 - 03:11 PM
#54
Posted 09 November 2009 - 04:32 PM
#55
Posted 10 November 2009 - 06:20 AM
Register to Remove
#56
Posted 10 November 2009 - 02:49 PM
I'd also like you to do the following:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind eapsvc32.dll eapsvc.dll
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
#57
Posted 10 November 2009 - 06:44 PM
#58
Posted 11 November 2009 - 02:25 PM
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
#59
Posted 14 November 2009 - 09:25 AM
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-14 06:07:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxoqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-14 10:15:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxoqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
I don't think it found anything, or, I'm not doing it right. It seemed to scan files, so maybe I did it correctly. The redirects remain, and the machine is quite slow and not very responsive. Start up takes forever as well, as does opening firefox or any other program for that matter.
#60
Posted 14 November 2009 - 02:23 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users