kipperoo15
Posts: 18 +0
Mbam had a few hits last night. log attached. good morning 
Trojan.downlaoder.win32.agent
- Thread starter kipperoo15
- Start date
- Status
Well you were all clean last night so you are being reinfected by what you access on the web or email or Flash drive etc..
So lets get you some protections in now.
Get SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html install update and enable all
SpyBot S&D http://majorgeeks.com/download2471.html install it update it then do the Immunize then scan for good measure.
Hostman (Host Manager) http://www.abelhadigital.com/2008/07/hostsman-3157-released.html install let it update and download all 4 of the host blockers. Also let it disable DNS Client if it asks.
Finally Threatfire http://www.threatfire.com/download/ update and scan
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to co-exist and compliment other Virus scanners.
Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. Use in conjuction with you Virus scanner, it's like looking at it with 2 sets of eyes and from a different angle.
You will need to read the docs on this, as it works like some Firewalls that learn. When TF finds something it asks for approval or denial and if to remember this answer. It is very wordy for a few hours as it learns, as you allow or disallow different programs. The trick here is to recognize a baddie from a goodie.
For example the first time after you install TF and run IE it will tell you that IE is trying to run well you know you just clicked it ans that you do want to permit it so you would approve and remember the answer and you will not be asked about IE again.
Only after we get the above installed and working. Then we clean again with mbam sas and combofix. Then likely the Spybot Immunize, or SWBlaster or Hostman will block them and you will not even know it, or TF will catch it and you will know were the reinfections are coming from.
Mike
So lets get you some protections in now.
Get SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html install update and enable all
SpyBot S&D http://majorgeeks.com/download2471.html install it update it then do the Immunize then scan for good measure.
Hostman (Host Manager) http://www.abelhadigital.com/2008/07/hostsman-3157-released.html install let it update and download all 4 of the host blockers. Also let it disable DNS Client if it asks.
Finally Threatfire http://www.threatfire.com/download/ update and scan
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to co-exist and compliment other Virus scanners.
Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. Use in conjuction with you Virus scanner, it's like looking at it with 2 sets of eyes and from a different angle.
You will need to read the docs on this, as it works like some Firewalls that learn. When TF finds something it asks for approval or denial and if to remember this answer. It is very wordy for a few hours as it learns, as you allow or disallow different programs. The trick here is to recognize a baddie from a goodie.
For example the first time after you install TF and run IE it will tell you that IE is trying to run well you know you just clicked it ans that you do want to permit it so you would approve and remember the answer and you will not be asked about IE again.
Only after we get the above installed and working. Then we clean again with mbam sas and combofix. Then likely the Spybot Immunize, or SWBlaster or Hostman will block them and you will not even know it, or TF will catch it and you will know were the reinfections are coming from.
Mike
kipperoo15
Posts: 18 +0
I'm just about done running threatfire, I already installed updated and ran the other programs you prescribed.
I'm having another issue, I'm not sure if its in anyway related to this but maybe you can help. For some reason, my computer has my backup harddrive set as the main one, so when I try to install something (downloaded wow expansion from blizzard website, for instance) It doesn't let me because my E drive doesn't have enough space. Well, yeah, I know that, it's a backup drive. However, it won't let me choose to install it on my C drive. So, is there a way to reestablish the C drive as my main drive? thanks.
I'm going to run mbam, sas, and combofix when I'm done with firethreat.
I'm having another issue, I'm not sure if its in anyway related to this but maybe you can help. For some reason, my computer has my backup harddrive set as the main one, so when I try to install something (downloaded wow expansion from blizzard website, for instance) It doesn't let me because my E drive doesn't have enough space. Well, yeah, I know that, it's a backup drive. However, it won't let me choose to install it on my C drive. So, is there a way to reestablish the C drive as my main drive? thanks.
I'm going to run mbam, sas, and combofix when I'm done with firethreat.
Hmm
Not sure what is going by your description but answer this.
Is the backup drive an external or internal?
If external what happens to the drive letters if you shutdown and unplug it then boot without it? What drive letter is the Windows drive?
Need more details on the setup.
Mike
Not sure what is going by your description but answer this.
Is the backup drive an external or internal?
If external what happens to the drive letters if you shutdown and unplug it then boot without it? What drive letter is the Windows drive?
Need more details on the setup.
Mike
kipperoo15
Posts: 18 +0
It looks like the C is my windows drive, but there is a windows folder on each drive. They're both internal. The E is a small one, I really don't even know why its in here.
kipperoo15
Posts: 18 +0
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
kipperoo15
Posts: 18 +0
(C Layout: Partition Type: Basic File System: NTFS Status: Healthy (System) Capacity: 67.73GB Free Space: 14.67 GB % Free: 21% Fault Tolerance: No Overhead: 0%
(E Layout: Partition Type: Basic File System: NTFS Status: Healthy (Boot) Capacity: 6.74GB Free Space: 796 MB % Free: 11% Fault Tolerance: No Overhead: 0%
Layout: Partition Type: Basic File System: NTFS Status: Healthy (System) Capacity: 67.73GB Free Space: 14.67 GB % Free: 21% Fault Tolerance: No Overhead: 0%(E
Layout: Partition Type: Basic File System: NTFS Status: Healthy (Boot) Capacity: 6.74GB Free Space: 796 MB % Free: 11% Fault Tolerance: No Overhead: 0%I need to see deeper into your system so....
Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
Close all Apps and Browsers
Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.
If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.
Enter the OTScanit folder and run OTScanit.exe.
In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings
Top Left click Run Scan.
The scan can take some time so allow it time.
Then finished a log will open, save log, attach back to here.
Mike
Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
Close all Apps and Browsers
Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.
If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.
Enter the OTScanit folder and run OTScanit.exe.
In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings
Top Left click Run Scan.
The scan can take some time so allow it time.
Then finished a log will open, save log, attach back to here.
Mike
- Status
Similar threads
Latest posts
-
How Sam Altman became a billionaire without equity in OpenAI
- anastrophe replied
