Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need suspicious files analyzed(network)

02 Apr 2010   #11
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Could it be the Aurora exploit??
Here a free tool for corporation but works for others. Right click Run it as Admin it will run as elevated prompt cmd.

McAfee CSniffer
We have discovered that one of the exploits of the Aurora vulnerability is exfiltration of intellectual property via source code management tools like Perforce. McAfee CSniffer is a free tool which will scan your infrastructure to discover if you have unencrypted Perforce passwords which could be stolen and used to penetrate your source code library.

EDIT:
http://www.mcafee.com/us/enterprise/...ols/index.html


My System SpecsSystem Spec
.
03 Apr 2010   #12
DreemWarrior

Windows 7 ultimate X64
 
 

Thanks Jacee for the .bat ! unfortunately, I've still had no luck getting the adapter to work. When I run <ipconfig /all> , it IS connected, even in perfmon I can se it connected. 100Mbps connection I even changed Ethernet cable for good measure....
My System SpecsSystem Spec
03 Apr 2010   #13
DreemWarrior

Windows 7 ultimate X64
 
 

OMG!! lol I'm going to bed. I just sat here and typed for like 10-15 min explaining the outcome of the past 16 hrs, and freaking swerved the wrong way or something and dumped it all...
Anyway, the 'final solution' was to say files be d*mned, followed up with a nice and clean new install of OS. Still not sure exactly what happened or how, but my entire system was corrupt. Nearly every service that could be turned off and still manage to keep Windows BARELY up was. The file system looked like a rednecks family tree....VERY few branches, and the ones that were there were useless dead ends. The Reg files were well done also. Most of which I noticed after getting OCD about the network adapters and spending WAY too much time determined to come to a solution.( I get like that)
BTW, I didnt loose anything I cant replace. Learned that lesson the hard way more that once. I have the Vista HDD from the Dell right next to my rig in a nice shiny black case for just such emergencies So now I need to fing a good free partitioning software that will part without formatting.(Gonna keep Vista just like it is, and use the rest of the HDD for imaging
Thanks again Jacee for the .bat and your time. Sure makes for less work. (Thats my next crash course,writing files I need) OK, I hear a pillow screaming my name.....or is that my wife.....
Cheers!.
My System SpecsSystem Spec
.

03 Apr 2010   #14
thathagat

windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
 
 

Quote   Quote: Originally Posted by DreemWarrior View Post
Anyway, the 'final solution' was to say files be d*mned, followed up with a nice and clean new install of OS.
an image back up would have done a world of good...
My System SpecsSystem Spec
03 Apr 2010   #15
DreemWarrior

Windows 7 ultimate X64
 
 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2010 8:49:43 PM
System Uptime: 4/3/2010 9:48:52 AM (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | P7P55D DELUXE
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | LGA1156 | 3074/146mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 931 GiB total, 912.738 GiB free.
D: is CDROM (UDF)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 4/3/2010 7:13:09 AM - Installed Seagate DiscWizard
RP2: 4/3/2010 7:59:57 AM - Installed Intel Extreme Tuning Utility
RP3: 4/3/2010 8:11:15 AM - Installed Realtek 8136 8168 8169 Ethernet Driver
RP4: 4/3/2010 8:16:35 AM - Installed Realtek 8136 8168 8169 Ethernet Driver
RP5: 4/3/2010 8:51:43 AM - Installed Platform
RP6: 4/3/2010 9:04:38 AM - Installed Adobe Reader 9.1.
RP7: 4/3/2010 9:10:48 AM - avast! Free Antivirus Setup
RP8: 4/3/2010 9:25:46 AM - Installed Diagnostic Utility
RP9: 4/3/2010 9:32:29 AM - Windows Update
RP10: 4/3/2010 9:36:54 AM - Installed TurboV EVO
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AMD DnD V1.0.20
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
Diagnostic Utility
Intel Extreme Tuning Utility
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Realtek 8136 8168 8169 Ethernet Driver
The Lord of the Rings FREE Trial
TurboV EVO
==== Event Viewer Messages From Past Week ========
4/3/2010 8:49:44 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
4/3/2010 8:49:44 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
==== End Of File ===========================


Wow. And all that junk from drivers and updates.That is a great lil program Jacee....Yours? Wish I coulda DL and used it last night. I think it will find its way to a thumb drive.
My System SpecsSystem Spec
03 Apr 2010   #16
malexous

Arch Linux 64-bit
 
 

Quote   Quote: Originally Posted by DreemWarrior View Post
part without formatting
GParted -- Welcome
My System SpecsSystem Spec
03 Apr 2010   #17
DreemWarrior

Windows 7 ultimate X64
 
 

Quote   Quote: Originally Posted by thathagat View Post
Quote   Quote: Originally Posted by DreemWarrior View Post
Anyway, the 'final solution' was to say files be d*mned, followed up with a nice and clean new install of OS.
an image back up would have done a world of good...
I know... thats the downfall of larger HDDs...you a spare of equal size for backups, and until now I didnt....


And thanks Malexous. GParted it is.
My System SpecsSystem Spec
03 Apr 2010   #18
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That's not the enire DDS log ... there should be two parts to it. The program isn't mine, it was written by sUBs, an extremely, experienced 'malware fighter'.
My System SpecsSystem Spec
03 Apr 2010   #19
DreemWarrior

Windows 7 ultimate X64
 
 

Quote   Quote: Originally Posted by Jacee View Post
That's not the enire DDS log ... there should be two parts to it. The program isn't mine, it was written by sUBs, an extremely, experienced 'malware fighter'.
Hmmm, only one log on desktop. But as I said, at that time windows was barely able to run. Most services were disabled.And a ^5 to the sub for that one. Good stuff. I still am having some issuews though. After I had finished reinstall, I transferred a few files from ext. drive, and when I woke up(late this afternoon lol) they were no where to be seen...on either drive. That, and my graphics are poor as well. Conflict w/ 7 and ATI maybe
My System SpecsSystem Spec
05 Apr 2010   #20
DreemWarrior

Windows 7 ultimate X64
 
 
Networked??

Ok. This is REALLY becoming an issue here. I hate to be a pest when I could be helping others, but this is not my area of expertise. That being said, I DO know enough about it to know this is serious.
Since reinstalling 7, resetting network adapters, flushing DNS, reinstalling the correct drivers,I felt I had secured my system fairly well. It seems that just made matters worse. Now All my files as well as programs and NEW drivers, are disappearing at a rapid pace. Registry files are being re-written. Even MBAM has gone! All but a few log files I managed to locate deep in the system. Event viewer shows NO entry's now. Luckily I have a separate program that logs my entire system, but even that program has underwent changes.I dont want to give info-overload, but I managed to save a few things on disk. ( Lest they vanish) I was able to trace an IP and get a computer name, and tried shutting down their system, but now I just get 'Command completed with errors" msg. I REALLY dont feel like reinstalling again(Probably need to), but more to the point, I would like to know how to fight fire WITH fire, and prevent this in the future. BTW NoN, I tried the Csniffer, but It just disappeared when I ran it, and nothing since. Anywy, heres a few SAFE logs, and some snipsThe everest file is quite long(EVENTS) so I took an excerpt of a few entries.


Attached Files
File Type: zip Everestreport.zip (128.6 KB, 3 views)
File Type: txt networkloginsEverest.txt (11.7 KB, 31 views)
File Type: txt processes.txt (20.9 KB, 16 views)
My System SpecsSystem Spec
Reply

 Need suspicious files analyzed(network)




Thread Tools




Similar help and support threads
Thread Forum
Online Scanners - Scan Suspicious Files on your PC
How to Scan Suspicious Files using Online Scanners Sometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites...
Tutorials
Using virtual machine to open suspicious PDF files.
How safe is it to open an infected file on a virtual machine? Is there no chance that the computer hosting the VM will get infected? What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB...
Virtualization
Suspicious ocx-files with weak certificate, according to HitmanPro
HitmanPro reports a few "suspicious" ocx-files in the C:\Windows\SysWOW64\ folder on my notebook (Dell Studio 1558, Windows 7 Home Premium 64 bit). The filenames are COMCT332.OCX, COMDLG32.OCX, ... PICCLP32.OCX, etc. (May be the files were installed there by Visual Basic 6.) HitmanPro calls...
System Security
dmp files need to be analyzed
Hi guys, My system is crashing form last 2 days... I could boot my system through safe mode. But its failing, while i'm booting it on normal mode. Its going fine, till i'm typing my username and password. After that its crashing with the blue dump screen. I found the system is generated...
BSOD Help and Support
Suspicious Network Activity
Hello All I have installed Wondering Ips on my computer and have noticed that some suspicious network activity. Could someone recomend an app. that could help identify the activity that is going on and if it's good or bad. Any help will be appriciated. RalphG:confused:
Network & Sharing
Question about suspicious files winpatrol detected
I opened up winpatrol today to check for updates,then went through the various tabs and found the following suspicious files(the links are to virustotal analysis for the files that i uploaded).... ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:48.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App