TechSpot

Infection reappears after Trend Micro scan; weird firewall problems

By maniac_lonestar
Jun 5, 2007
  1. MMDominator88

    MMDominator88 TS Rookie Posts: 119

    How long has it been since you've visited the windows update website ?

    From the links you included...I think the 3rd problem is due to not having one of the .NET framework updates from Microsoft

    I believe the second problem is due to your internet explorer settings being below recommended levels, go into the IE properties and reset the security settings to default level

    and as to the first problem, I honestly have no idea
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Often times a simple scan will not do the trick. In fact you'll find a simple scan from perhaps two or more different sources will still not do it. I strongly suggest you follow our Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonstar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    I already did HiJack this, no signs of problems. But can I use the free version of AVG and Combofix?

    Edited by Moderator: Removed quote. There's no need to quote the post directly above your own, unless you're only replying to a specific section, in which case you would only quote that particular section.
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Please post the requested logs, including HijackThis, for me to check thoroughly. AVG Antispyware and ComboFix are both free, so yes, you may use it. In fact I would recommend it. Do go through the steps required.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    still scanning...
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Take your time with the scans to do them properly. When the scans are all done, post all remaining required logs as attachments and I'll provide you instructions on how to proceed from then.

    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    Here is the list for avg...
     
  8. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I noticed that your AVG log displays 'Ignored' for all the files detected.
    I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

    Please post your HijackThis log too in your next reply.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    Ok, delete or quarantine? Why can't I delete?
     
  10. momok

    momok TS Rookie Posts: 2,265

    Hi,

    The recommended action is to quarantine. This would create a backup in the AVG AS quarantine folder, in the case (very very rarely) there is a false positive.

    Please post a fresh log with the above actions done, and also a HijackThis log. Also post a fresh ComboFix log. This may sound paranoid, but I have no idea if the infection has gotten worse or installed new files on your system or how many times you have rebooted your system in the time since your first few posts. Do not stagger your log posts. Post them all at one go please.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    Ok Quarantined.
     
  12. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Have HijackThis fix the following entries:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

    Navigate to the following file and delete it.
    C:\WINDOWS\iun6002.exe

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not stagger your log post replies.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

  14. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I had requested for HijackThis, ComboFix and AVG Antispyware logs. By do not stagger, I meant do not post each log in its own post, rather, post all of them at one go in a single post.

    Please post all requested logs in your next reply.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    Man LOL sorry
     
  16. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your HijackThis log is now clean. With regards to the other two however,

    As from my instructions, I mentioned that I required to see fresh logs. The ComboFix and AVG Antispyware logs were from the previous posts.

    By fresh logs, I mean you need to do like what you did with HijackThis, run a new scan, and perform the required actions, then save the log. That would be a fresh log.

    For AVG, pictorial instructions for the steps to quarantining and saving the log can be found HERE.

    Thus, in your next reply, I would expect to see 2 more logs: AVG Antispyware and ComboFix, both from a new scan.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    I'm scanning right now. I still get these cookies. I thought I installed Net Framkework 2.0, but I guess I didn't shall I proceed before or after this virus/ware operation?
     
  18. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    I also got "ComboFix-quarantined-files" but it's the same one, regenerated. I can't upload it.

    Ok um, Sorry dude but the scans keep getting me these cookies, but I am surfing Datpiff.com and techspot.

    I'm installing .NET Framework 2.0 Right Now.

    Ok I installed .NET Framework...Big mistake:
    http://img356.imageshack.us/img356/6461/afterinstallingnetframemj6.jpg
    http://img237.imageshack.us/img237/2449/afterinstallingnetframelg2.jpg
    http://img180.imageshack.us/img180/7098/afterinstallingnetframefb3.jpg
     
  19. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Please download and run CCleaner via step 9 of the instructions HERE. That will fix those cookies.

    However, there are two entries I see in that AVG log that are not cookies and shows 'no action taken'. Have you actually quarantined those? If not, please run a rescan and quarantine everything found. Also attach the log (after you have performed the quarantine) in your next reply.
    Pictorial instructions HERE.

    Your Combofix log is also clean now.

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    With regards to the trend micro scan, please see HERE for some insight on the issue. I'm not sure if they have fixed those issues already.
    If you follow the advice in the article recommended, you shouldn't face much problems in the future anyway.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. maniac_lonestar

    maniac_lonestar TS Rookie Topic Starter Posts: 118

    Hold Up, I'm gonna rest for a day, I forgot what I'm suppose to reply or attach.

    Yo, I did the AVG, scan and nothing came up.

    I also got updates for .Net Framework, and now I'm gonna scan the thing with Trend Micro Housecall

    Here is the only thing I can post:
    http://img103.imageshack.us/img103/2286/untitledex5.jpg
     
  21. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Have you read this in my post? As I mentioned earlier, your logs are all clean.


    Regards,
    Your friendly momok =)

    This thread is for the use of maniac_lonestar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...