TechSpot

Another PC 8 steps & log, hopefully no SDBot

By Matt444
Apr 27, 2009
  1. So this is from the laptop where I got the explorer.exe file that got my desktop back on my desktop pc. Hopefully this one isn't infected, even though Spy Sweeper on the other machine quarantined the explorer.exe file from this PC.

    I still haven't gotten any help on my other thread, either. Am I doing something wrong, or is my problem just too rare?
    Let me know if I need to change something.
    Thanks, Matt.

    :)
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    File Sharing Programs found in logs: Limewire

    Info on using P2P Programs => http://www.techspot.com/vb/topic124748.html

    Quote from 8-Step Removal Guide:
    Please note: If you decide to fully remove Limewire (and any other P2P application)
    You will need to run the (updated) scans, and attach the logs again
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology for the delay Matt. My name is Bobbye and I will assist with your system problems. There are more problems than helpers, so once in a while a thread slips through unanswered.

    I am reviewing the logs and will come back and edit this post when through. Hang in there!
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thread was answered within 5 to 10 mins of original post !
    This thread did not "slip" by ;)
     
  5. Matt444

    Matt444 TS Rookie Topic Starter

    Thanks kimsland and Bobbye!!

    kimsland,
    Sorry about Limewire. I forgot I even had that on my machine. I uninstalled all traces of it with Revo Uninstaller and the new logs are posted. I really do appreciate the quick response. I think Bobbye might be referring to my original thread about SDBot & KSOD on my desktop PC. I still think I have a problem with that one. I'm hoping this Laptop is OK, though. Let me know what you think. I noticed that you edited my last post on that thread and merged 4 posts. I just wanted to make sure that you know these two threads are for two different machines. I'm not sure if we should keep these separate, to eliminate confusion, or how you want to handle the logs for the 2 different PC's? Thanks again for your help.

    Bobbye,
    If you were indeed referring to the original thread about my other machine, that would be great if you would have time to look at those logs. I am worried about the SDBot that Spy Sweeper and Combofix keep putting into quarantine, which in turn removes explorer.exe (resulting in the Black Screen of Death).

    Again, thanks to both of you for your help with my threads/logs.

    Matt.:grinthumb
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The only posts I can edit are my own. That would have been the moderator, kimsland.

    NOW I know so I deleted what I had written and started over!

    Matt, it would be best if you did not refer back and forth between machines. IF you are seeking help on more than one machine, please make that obvious in the post you make starting the thread- don't even refer to the other computer unless the problem is some network issue.

    kimsland, the comment is referring to the original thread 2 days ago:
    Previous SDBot Trojan. Now KSOD. Completed 8 Steps & 3 Logs posted
    Found here: http://www.techspot.com/vb/topic126558.html

    There was a question and a reply, but no response after the logs were posted- except:
    Moderator Edit:
    Member reposted here: http://www.techspot.com/vb/topic126652.html

    That was for a different machine and because of the edit, I wasted a lot of time!

    It is getting very confusing to our members when comments like this are made. His comment here:
    Is correct!

    Okay Matt, let's get you back on track. I do remember a discussion earlier about logs for 2 different systems- was that correct? And then you were going to try and resolve one system, then start on the other? Is that correct? But somedays I confuse easily, so my thought of being really smart and using information from both of the threads was not so smart at all and I deleted that post!

    Here, Now, I am only using the information I read on this thread!
    This is on current thread:
    Mbam 4-28-2009 is clean.
    SAS 4-28-2009 is clean.
    Combofix 4-28-2009 shows: Files Created from 2009-05-28 to 2009-4-28>>> 5=May and it hasn't come yet!
    Is NOT correct. It s/b/ 2009-03-38 to 2009-4-28

    Entries show:
    ComboFix 09-04-25.A3 - Maddog808 04/28/2009 7:53.3 - NTFSx86 here:
    P2P still on system:
    2009-04-27 08:40 -------- d-----w c:\users\Maddog808\AppData\Roaming\uTorrent

    And this presents a possibilty that piracy might be used to obtain otherwise unavailable material:
    2009-04-18 07:16 -------- d-----w c:\programdata\SlySoft
    2009-04-18 07:13 -------- d-----w c:\program files\SlySoft
    2009-04-10 00:40 103744 ----a-w c:\windows\system32\drivers\AnyDVD.sys

    SlySoft AnyDVD: AnyDVD is a Windows driver that removes the protection of encrypted movie DVDs automatically in the background. AnyDVD is a Microsoft Windows driver allowing decryption of DVDs on-the-fly, as well as targeted removal of copy preventions and user operation prohibitions (UOPs). The AnyDVD program runs in the background, making discs unrestricted and region-free.

    Other than what I have mentioned, I don't see any malware on this machine.

    .
     
  7. Matt444

    Matt444 TS Rookie Topic Starter

    Bobbye,
    Sorry about the confusion. I am new to all this, so if I do something wrong, just let me know and I will correct that. Thanks again for the quick response.

    That is correct. The logs in this thread are for my laptop, which I wasn't having any problems on. I just wanted to make sure it wasn't infected because when I copied a file over to my other computer, Spy Sweper and Combofix on that other computer put that file in quarantine.

    Is this a problem with Combofix? Should I uninstall and reinstall it?

    OK I ran the AVG Remover. Thanks for noticing.

    I want to get rid of all traces of Utorrent, as I am sure downloading files was my problem in the first place. I will install it again then use Revo Uninstaller to try to remove them all.

    Should I get rid of AnyDVD? I use the program to back up my DVD collection. I have two young children, and if they get their hands on those discs, it's all over. I didn't know Any DVD was a risk, but if so, let me know and I will look for something else to use to back up my movies. I use a Networked Media Tank to view my media, so I need something to back up the media.

    I will run CCleaner, Hijackthis, and Combofix again, and post the logs.

    As far as my other computer, would you be able to look at the logs in that thread located here: http://www.techspot.com/vb/topic126558.html

    That is the computer I am having problems with.

    Thanks again Bobbye,
    Matt.

    ----------------------------------

    New Logs Posted

    No AVG and no Utorrent, I hope.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks Matt, you clarified that nicely. you didn't do anything wrong. I just didn't remember the conversation about two systems until after I worked them both into one!

    Combofix logs the files created in the last 30 days. For some reason, yours says Files Created from 2009-05-28 to 2009-4-28 instead of 3-28 to 4-28. Make sure the date on the system is right:
    Right click on the clock> Adjust date and time> change date if needed. This is the first Combo log I've seen like this- I'll ask around and see if anyone else saw a log like it.

    The logs look okay to me. Yeah! You got rid of the 'extras'! If the system is running well, you can remove the cleaning tools:

    Uninstall combofix
    Uninstall combofix by going to Start -> Run -> type in combofix /u <-Note the space and hit enter

    You can also hold your windows key and press R to open the box.
    [​IMG]

    Download OTCleanIt HERE & save it to your desktop.
    Clear your existing System Restore points and establish a new clean restore point:
    IF you need any more help on this system let me know.
    I'll go back to the other system tomorrow- have saved the URL
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Matt, I'm working on your other thread now. "Previous SDBot"
     
  10. Matt444

    Matt444 TS Rookie Topic Starter

    Thanks for all your help Bobbye. :)

    I'll be looking for your instructions on how to remove this tricky little trojan!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...