New
#21
Bob
Jacee is our security expert. If she says your infected... go with her suggestions.
Mike
Bob
Jacee is our security expert. If she says your infected... go with her suggestions.
Mike
ESET "cant get update"
HostsXpert did not work
did manual overright of host with this in it
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
ESET still "cant get update"
dont know how to "configure custom proxy settings"
yes
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 5482
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
1/8/2011 12:32:35 PM
mbam-log-2011-01-08 (12-32-35).txt
Scan type: Full scan (C:\|)
Objects scanned: 441402
Time elapsed: 49 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\Windows\System32\mygwponzjrmcpzjs.dll (Trojan.Agent) -> Delete on reboot.
c:\Windows\SysWOW64\mygwponzjrmcpzjs.dll (Adware.BHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kzxuxqckjufniyxkf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D12F52ED-36B5-EB19-5297-930A048A5B09} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D12F52ED-36B5-EB19-5297-930A048A5B09} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D12F52ED-36B5-EB19-5297-930A048A5B09} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D12F52ED-36B5-EB19-5297-930A048A5B09} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqpysxqfivxgfk (Trojan.Agent) -> Value: fqpysxqfivxgfk -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\W7\AppData\Local\Temp\browserhotfix4.exe (AdWare.Adrotator) -> Quarantined and deleted successfully.
c:\Windows\System32\kzxuxqckjufniyxkf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\kzxuxqckjufniyxkf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\mygwponzjrmcpzjs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\mygwponzjrmcpzjs.dll (Adware.BHO) -> Quarantined and deleted successfully.
Excellent.
Jacee is offline at the moment.
Corrine and Niemiro are off line also.
Windows Update might work now but I have a feeling it won't.
You could try this again now that the bugs may be gone. Both options if necessary.
Windows Update - Reset
Eset is something I have never used nor have any ideas about nor fixing Windows Update beyond the reset.
Sorry I'm not more help at the moment.
Mike
no i ran Malwarebytes before doing the other stuff that all failed
Just a thought here, is windows update service started or running?
Uggg! You may have a Rootkit involved here
Follow the instructions here to download and run TDSS Killer How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
Please save the log report, then copy and paste it in your next reply.
OK but while i do that i have a question.
1. if infected on this drive , can it ever affect OSes on other drives
2. is it just limiting the functions and causing inconvenience of is it key logging and/or some other thing that can look at / access private data. ?
i ran a scan with TDSSKiller
it took 4 seconds to run and found nothing