| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 128965 | 2013-01-25 23:04:00 | computer is insane ,_ | Vince (406) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1324938 | 2013-01-27 02:12:00 | I googled - O23 - Service: AVEPCOYVYOKME - Unknown owner - C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\[[AVEPCOYVYOKME.e xe]] (file missing) or at least the bit in brackets [[ ]], and this is what I got! I'm afraid I don't remember it. pressf1.pcworld.co.nz |
Vince (406) | ||
| 1324939 | 2013-01-27 04:20:00 | It looks like a whole bunch of entries mande by malware that makes pseudo random file names with a bias towards using V and Y a lot. I'm picking all to do with a single bit of malware that started it all. You might not find any matching filenames when you google it if it has been semi randomly generated. | Paul.Cov (425) | ||
| 1324940 | 2013-01-27 07:36:00 | Try something like AVG bootable scanner CD | Agent_24 (57) | ||
| 1324941 | 2013-01-28 02:24:00 | I ran rootkitRevealer and this is what it revealed.revealed. HKLM\SECURITY\Policy\Secrets\SAC* 9/4/2002 3:18 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 9/4/2002 3:18 AM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rel iability\LastAliveStamp 1/28/2013 10:50 AM 16 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\CertMapping 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Client 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Listener 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Plugin 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Service 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS\CustomRemoteShell 12/5/2012 7:18 PM 0 bytes Security mismatch. What do I do now? I have always tried to stay away from the registry. |
Vince (406) | ||
| 1324942 | 2013-01-28 04:32:00 | I'll let someone else answer that... but Rootkit revealer can and will show up things that aren't rootkits, as long as they are 'suspicious' | Agent_24 (57) | ||
| 1324943 | 2013-02-03 20:26:00 | I ran rootkitRevealer and this is what it revealed.revealed. HKLM\SECURITY\Policy\Secrets\SAC* 9/4/2002 3:18 AM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 9/4/2002 3:18 AM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Rel iability\LastAliveStamp 1/28/2013 10:50 AM 16 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\CertMapping 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Client 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Listener 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Plugin 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\Service 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS 12/5/2012 7:18 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSM AN\WinRS\CustomRemoteShell 12/5/2012 7:18 PM 0 bytes Security mismatch. What do I do now? I have always tried to stay away from the registry. Could someone please advise me on this. What do I do now? |
Vince (406) | ||
| 1324944 | 2013-02-12 00:01:00 | :mad: I am pretty sure that I have found the source of the infection. It was the installer for 'free YouTube downloader'. The program its self seems to be OK. I just wish I could remember which site I download it from, so I could warn them. |
Vince (406) | ||
| 1324945 | 2013-02-12 00:17:00 | If you think its a rootkit use tdsskiller. [deleted suggestion to engage in activity against Youtube's TOS] | Speedy Gonzales (78) | ||
| 1324946 | 2013-02-12 03:24:00 | If you think its a rootkit use tdsskiller. [deleted suggestion to engage in activity against Youtube's TOS] tdsskiller found "Locked file: Service atapi". Describes it as suspicious, so would I. OR HAS IT JUST FOUND ATAPI.SYS ?? AVAFind cant find service atapi! |
Vince (406) | ||
| 1324947 | 2013-02-12 03:43:00 | You may have an infected atapi.sys file? Is your computer crashing? | Speedy Gonzales (78) | ||
| 1 2 3 4 | |||||