Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus2009 rootkit?


  • Please log in to reply
10 replies to this topic

#1 Cillasi

Cillasi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 01:46 PM

My son was following a link from a newspaper to a message forum when he was struck by this virus. My virus software noticed it but said something about not being able to quarantine it so he cancelled the window and went to do a system restore. All restore points are gone, except for one created at the same time the virus struck.

The folder "Application Data" is also "gone" - probably hidden. No trace of any files I've seen named that are associated with this virus have been found on my computer. If I try to do a search for them, the computer locks up. If I try to access a site like this, the computer locks up. My anti-virus software will not connect to the internet and seems to lock up during the scan process.

It seems I cannot install any programs (I read about changing the extension and will try that). I'm trying to run a system scan again to see if my virus software can pick it up, but somehow I doubt it will find an invisible culprit.

The program also lowers internet security to 0 and turns off "show pictures." You can see the program scanning each screen - probably adding a layer for misdirecting inquiries. I don't know if it is stealing information. While trying to find MBAM, I was misdirected to a bogus site with a similar name which is probably connected with the virus. Luckily, as both my son and I had seen the real site on our other computers, we realized we weren't where we were supposed to be.

I'll let you know if changing the file extension on MBAM allows the program to run, but, if this information indicates a different starting point to resolve this, please let me know...

Thanks!

Edited by Cillasi, 21 December 2008 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 03:45 PM

I changed the .exe extension to .scr on the malware program and it has run and deleted vundo and other things. I then had to reboot to delete other files but because I had changed the extension, it couldn't find the .exe file on startup. So, I copied the file and renamed it back to .exe, booted the .scr, did an update and am running it again. Lo and behold, more things are being found as we speak.

As soon as it's finished and rebooted, etc., I'll post my results here. Should be in a few minutes.

#3 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 04:42 PM

Here are the results of the first run before I updated the software:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/21/2008 3:35:23 PM
mbam-log-2008-12-21 (15-35-23).txt

Scan type: Quick Scan
Objects scanned: 64632
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 25
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 22

Memory Processes Infected:
C:\Documents and Settings\Ana-Rene Bolton\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iifDUmmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\schosdbj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvuuRigH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tyshb36rfjdf.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4e104f3-58f6-4125-a499-b5421557d512} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e4e104f3-58f6-4125-a499-b5421557d512} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4e104f3-58f6-4125-a499-b5421557d512} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuurigh (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b0da9816 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdummk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdummk -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Ana-Rene Bolton\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iifDUmmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KmmUDfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KmmUDfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\schosdbj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jbdsohcs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyshb36rfjdf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\wvuuRigH.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\TDSSarxx.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnpur.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSottu.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSyoqu.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmxfe.sys (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\TDSS904d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\winloggn.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\gEWNghfD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwUnOg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdbgj.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSkkao.log (Trojan.TDSS) -> Delete on reboot.

---------------------------------------------

Here are the results of the second run AFTER updating the software.

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2

12/21/2008 3:49:15 PM
mbam-log-2008-12-21 (15-49-15).txt

Scan type: Quick Scan
Objects scanned: 65015
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuurigh (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wvuuRigH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\1333653800.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\3874598592.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\2462174938.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ana-Rene Bolton\Local Settings\Temp\TDSS903e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


------------------------------------

Here are the results after a reboot:

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2

12/21/2008 4:04:19 PM
mbam-log-2008-12-21 (16-04-19).txt

Scan type: Quick Scan
Objects scanned: 65094
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------

I rebooted and ran the program again and got the same results:

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2

12/21/2008 4:20:01 PM
mbam-log-2008-12-21 (16-19-57).txt

Scan type: Quick Scan
Objects scanned: 65091
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------

I still cannot see my Application Data directory although it does show up in the program during the scan. Is there a way to unhide that folder?

I won't touch anything else until I hear back from someone, hopefully with a next step. Thanks!

#4 Flaxtelios

Flaxtelios

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Location:British Columbia, Canada
  • Local time:09:05 AM

Posted 21 December 2008 - 04:50 PM

Go to your C:/ Drive (In my computer) then open documents and settings.
From there find your user/account folder. Open that and then
on the top click on Tools/folder options/view.

Posted Image

You should be able to set your computer to view hidden files.
Click okay and refresh the folder.
You should be able to open/view the folder now.

As to make sure if your computer is now clean, I'm not a malware
removal expert. So I'll let someone else take over.

Good luck, There is one suggestion I can make though, it's
try to run a couple other spyware finders and scan your computer.
They might pick up something MBAM might have missed.

Edited by Flaxtelios, 21 December 2008 - 04:59 PM.

Hey I'm Kyle, It's an honour to be in your presence.... hey wait that's your line. :o
Sometimes the Hardest thing and the Right thing are the same.

#5 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 04:59 PM

Thanks, I managed to get the folder back, along with some others that were hidden. I don't think they were originally hidden, but now the folders are shaded - I guess to let you know that they are marked to be hidden. Is there a way to remove the hide switch on these folders?


Go to your C:/ Drive then open documents and settings.
From there find your user/account folder. Open that and then
on the top click on Tools/folder options/view.

You should be able to set your computer to view hidden files.
Click okay and refresh the folder.
You should be able to open/view the folder now.

As to make sure if your computer is now clean, I'm not a malware
removal expert. So I'll let someone else take over.

Good luck, There is one suggestion I can make though, it's
try to run a couple other spyware finders and scan your computer.
They might pick up something MBAM might have missed.



#6 Flaxtelios

Flaxtelios

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Location:British Columbia, Canada
  • Local time:09:05 AM

Posted 21 December 2008 - 05:00 PM

There should be, I believe, right click on the folder
(Under the general tab, in attributes, UNcheck the hidden box)
and select properties and you can unhide the folder.

Edited by Flaxtelios, 21 December 2008 - 05:02 PM.

Hey I'm Kyle, It's an honour to be in your presence.... hey wait that's your line. :o
Sometimes the Hardest thing and the Right thing are the same.

#7 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 05:08 PM

Duh...I knew that...really I did...honest! LOL...guess I had a brain freeze! Just didn't apply it to the current situation.

Thanks again!


There should be, I believe, right click on the folder
(Under the general tab, in attributes, UNcheck the hidden box)
and select properties and you can unhide the folder.



#8 Flaxtelios

Flaxtelios

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Location:British Columbia, Canada
  • Local time:09:05 AM

Posted 21 December 2008 - 08:15 PM

haha you're welcome.
Hey I'm Kyle, It's an honour to be in your presence.... hey wait that's your line. :o
Sometimes the Hardest thing and the Right thing are the same.

#9 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 21 December 2008 - 08:19 PM

I got Malwarebytes to run and have updated and run it several times, including the complete scan.

These two items keep popping back up no matter what I do

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

and I understand MS Juan resets security to accept all cookies, which is indeed happening. I don't know what MS Track System does.

Any ideas what to do now? I don't know if deleting these entries will wreck my computer.

Also, I'm getting the message

Run DLL

NVCPL.dll

The process cannot access the file because it is being used by another process.

Anyone know what that's about?

#10 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:05 AM

Posted 21 December 2008 - 08:48 PM

Cillasi,
I've merged your 2 topics.
Please keep all post about the same problem, in one topic.
Keeping all of your replies in one thread makes it easier for the ones helping you out, to keep track of what has, or hasn't been tried, yet.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#11 Cillasi

Cillasi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 22 December 2008 - 01:43 PM

Sorry if I'm being impatient, but does anyone have any idea how I can permanently get rid of those two registry keys that keep coming back and fnd out what's been allowing it? I've downloaded Firefox to bypass the accept all cookies problem and it seems to be working, but needless to say, I don't want to use the computer for anything sensitive until I can be relatively sure it's clean and not broadcasting my information back to some hacker.

I also got a message on my laptop yesterday that said there was an IRQ (?) conflict with another computer on the network. I've never, ever seen that message before and wonder if it was an attempt to invade my network (currently I don't allow sharing between computers). How exposed am I?

My son ran malwarebytes on his computer and uncovered some minor stuff, but not the bomb that's on the main computer. I haven't run in on my laptop yet, but I haven't experienced any odd behavior here either.

Thanks for all you guys do. I know it can be a thankless task at times. I do look through a lot of the postings here, but haven't really seen anything that addresses those stubborn registry keys and I don't want to run anything prematurely that may mask the problem.

My main concern right now is how safe my computer is to use. I could use some reassurance or warning :thumbsup: Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users