| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96058 | 2008-12-27 20:43:00 | I would like to know about these threats | JOEJG (10295) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 732875 | 2008-12-28 00:03:00 | My dad uses Outlook for his email, I read that it could've been the cause passed through email. I better get him to change to Live or something. The only things we buy are clothes from his walking shop and Norton subscription. Yes I did a fresh XP install and I formatted the C drive instead of the D. Trojan Remover picks up nothing now, and this is my Hijackthis: C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Program Files\drst.exe D:\Program Files\Dragdiag.exe C:\Program Files\Internet Explorer\iexplore.exe D:\My Downloads\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TrojanScanner] D:\My Downloads\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\My Downloads\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [STManager] "D:\Program Files\drst.exe" -b O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A203C8-D996-4B36-94C8-03E32F3BD676}: NameServer = 193.36.79.100 193.36.79.101 -- End of file - 1723 bytes |
JOEJG (10295) | ||
| 732876 | 2008-12-28 00:05:00 | I need all of the log. Post everything from the beginning of the log So windows was on D before?? If it is and you didnt format D, its still there. No point reinstalling on C, if the trojan is still on D |
Speedy Gonzales (78) | ||
| 732877 | 2008-12-28 00:19:00 | It was on C. And that is the full HJT log. It's no bigger. | JOEJG (10295) | ||
| 732878 | 2008-12-28 00:22:00 | Tick this then tick fix checked. Or uninstall it Close browsers O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm |
Speedy Gonzales (78) | ||
| 732879 | 2008-12-28 00:34:00 | Okay. I'm really hoping its not on D, I'm doing another seperate Trojan Remover on it at the moment. That's where my walking movies and pictures are, but if it comes down to it, I'll have to. I'm pretty sure those that got picked as trojans were on the C: though. And earlier when I checked to see what was modified, D hadn't been modded for many months. All clear? I'll get onto changing account details, or at least check up on it. |
JOEJG (10295) | ||
| 732880 | 2008-12-28 01:09:00 | Install Avast Home and update it. Then scan both of them | Speedy Gonzales (78) | ||
| 732881 | 2008-12-28 01:20:00 | Okay, but I will need sleep, then I'll use it. Been on this case for way too long now. My connection will be offline when the comp's off. Will see you tommorow? Thanks for your help! |
JOEJG (10295) | ||
| 732882 | 2008-12-28 13:47:00 | I haven't done it yet since I'm at the other location. But I've read this: aumha.net Completely compromised? So when this happens you should really buy a new PC?! Otherwise it says to reformat the drive. Which is what I've done by reinstalling Windows on it. So what's the difference between this and as quoted ''You can’t clean a compromised system by reinstalling the operating system over the existing installation. Again, the attacker may very well have tools in place that tell the installer lies. If that happens, the installer may not actually remove the compromised files. In addition, the attacker may also have put back doors in non-operating system components.'' Except that I've used the programs to remove? |
JOEJG (10295) | ||
| 732883 | 2008-12-28 20:21:00 | ''You can’t clean a compromised system by reinstalling the operating system over the existing installation That part is correct. To be certain - you would save all the data on both drives to another source, external drive etc. Boot from windows XP CD, go through the procedure of reinstalling windows, when it gets to selecting the drive - tell it to delete the partitions, ( BOTH C & D) that will completely wipe the drive - just formatting it wont guarantee to remove the bug if its still there. Reinstall Windows from fresh, make up the second partition again if you want, then make sure you have a GOOD AV installed ( NOT Norton - its crap). Before you replace the data back on the drive, scan it from a clean system, as long as its clean there shouldn't be a problem. What sometimes happens is these bugs put in whats called a Rootkit (en.wikipedia.org) which could be in drive C or D- IF you had one of these, depending on which one it is, they can be impossible to remove, or even detect, without wiping the drive. There are programs that will "try" to remove them, and some work some dont. I have a PC in the workshop currently, had several rootkits - just when you think its clean - guess what reappears ;) |
wainuitech (129) | ||
| 1 2 | |||||