Need suspicious files analyzed(network)

Page 1 of 3 123 LastLast

  1. Posts : 589
    Windows 7 ultimate X64
       #1

    Need suspicious files analyzed(network)


    If someone in the know wouldn't mind looking at these files for me, it will be greatly appreciated!
    This all started with a system crash a few days ago. What I thought was a crash due to OC parameters, seems to be something entirely different. I have found NUMEROUS signs of a virtualization of my system from an unknown source.
    My registry has been altered, my entire file system changed ownership to (?). Programs I've been using regularly, cease to work(Outlook, MS Office, SAS)
    My event viewer if FULL of errors and warning relating to files and programs being shut down and reinstalled with a "virtual". The only things I have installed pre-crash were PCtools firewall, and Opera. I booted into system via Winternals ERD. Great lil disk to have,BTW.
    What I found there was a little unnerving. If there is an IT pro or someone familiar with this sort of thing who could take a look and see what's going on with my system,I'd be very grateful.
    Thing about the files and such, is they have(for the most part) been restored, or at least released. I still have no email, and I cant boot to safe mode. ( nNo option for it anymore) Hence the use of ERD.
    I know this is a rather vague description, but its been a long, information laden night. I'll attach what I haved so far in a zip. They are plain txt files.
    Thanks......
    Need suspicious files analyzed(network) Attached Files
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Try running Malwarebytes' Anti-malware
    download Malwarebytes' Anti-Malware to your desktop
    |MG| Malwarebytes Anti-Malware 1.45 Download
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

    If you have infected files that you've zipped, I don't think any of us would venture to download and unzip
      My Computer


  3. Posts : 589
    Windows 7 ultimate X64
    Thread Starter
       #3

    Jacee said:
    Try running Malwarebytes' Anti-malware
    download Malwarebytes' Anti-Malware to your desktop
    |MG| Malwarebytes Anti-Malware 1.45 Download
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

    If you have infected files that you've zipped, I don't think any of us would venture to download and unzip
    No, the files are fine. Theyre txt w no code.I run Mbytes regularly,along w SAS. But SOMEthing is happening for sure. I cant access my email(Outlook 10), because...

    "Log Name: Application
    Source: Outlook
    Date: 4/2/2010 3:32:04 PM
    Event ID: 30
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: all_me-PC
    Description:
    Starting reconciliation for the store C:\Users\all_me\Documents\Outlook Files\info@jadercorenovations.com.pst for the following reason: The store was last opened on a different machine.


    Whats up with that???
      My Computer


  4. Posts : 589
    Windows 7 ultimate X64
    Thread Starter
       #4

    wow, Here's a peach of a HijackThis log...sfc only found one error. Go figure. Going to look for a good online scanner now.\

    Question. Does anyone know how to restore (or access) safe mode when its been disabled, short of another repair install. (it didnt restore it then)??
    Need suspicious files analyzed(network) Attached Files
      My Computer


  5. Posts : 3,028
    Windows 7 Ultimate (x64) SP1
       #5

    DreemWarrior said:
    wow, Here's a peach of a HijackThis log...sfc only found one error. Go figure. Going to look for a good online scanner now.
    Good idea. Use a few different ones tho
      My Computer


  6. Posts : 589
    Windows 7 ultimate X64
    Thread Starter
       #6

    For what its worth...
    Need suspicious files analyzed(network) Attached Files
      My Computer


  7. Posts : 589
    Windows 7 ultimate X64
    Thread Starter
       #7

    Question. Does anyone know how to restore (or access) safe mode when its been disabled, short of another repair install. (it didnt restore it then)??
    NM...I must be tired. MSCONFIG /boot safe /minimal
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #8

    Your MBam log is clean and I don't see any suspicious files in the HJT log. There's a few things you don't need to have running in the background if you're not using them, though.
      My Computer


  9. Posts : 589
    Windows 7 ultimate X64
    Thread Starter
       #9

    Jacee said:
    Your MBam log is clean and I don't see any suspicious files in the HJT log. There's a few things you don't need to have running in the background if you're not using them, though.
    did you happen to peek at the other files?
    Tells more of the issue
    I just enabled the master Admin, tried to run MBAM and got an error stating please send this to support staff....it is disabled...as well as MOST services. I cant even get to internet. (using spare XP rig) And still cantg boot to safe mode..msconfig says it is in boot safe/minimal mode, but no joy. AARGG I really hate these things.And I tent to chase the offending file(Bad idea,I know)

    *BTW, thanks Jacee for taking time to lend a hand..I can help others easier than I can my own.lol:).
    Last edited by DreemWarrior; 02 Apr 2010 at 17:32. Reason: spelling
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    First, let's flush DNS cache and restore your original Hosts file:

    Copy and paste these lines in Note pad.
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0
    Save as flush.bat to your desktop.
    Right click on the flush.bat, choose to run as Administrator, then run the batch file.

    Next:

    Download DDS from one of these links:

    Mirror 1 Mirror 2 Mirror 3
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.
    The scan will instruct you to post Attach.txt as an attachment.
    (You can copy and paste the .txt file if you want to.)
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:54.
Find Us