Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No access to internet - no IE, no FF - no access to antivirus site, updates


  • This topic is locked This topic is locked
4 replies to this topic

#1 npapachris

npapachris

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 22 December 2008 - 09:43 AM

Hi, i encountered the following problem:
In normal mode (win xp pro) i could not access internet (no IE, no FF) neither update antivirus (nod32)
In safe mode i could run IE and FF but no aceess to antivirus sitres and updates.
I managed to run Combofix in safe mode. It found the rootkit and after reboot continued and produced the attached log.

Does anyone know how to read this?
Am i clean?

Thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 npapachris

npapachris
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 22 December 2008 - 09:53 AM

Well, sorry but after having sent the combofix log i read that i should not until asked for!
I apologize!

#3 npapachris

npapachris
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 23 December 2008 - 05:50 AM

What did i do wrong for not having any replies?
I am willing to learn... :thumbsup:

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:25 PM

Posted 28 December 2008 - 01:26 AM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,npapachris. :thumbsup:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer.

Step1

Please download DDS and save it to your desktop.
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
  • For more info, please go to Here
Step2

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


In your next reply, please post back:

1.DDS.txt (copy/pasted directly into Reply box )
2.Attach.txt (attached to post)
3.Ark.txt (attached to post)

#5 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:25 PM

Posted 10 January 2009 - 04:17 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users