Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware.Zbot & Trojan.Tracur found on my laptop


  • This topic is locked This topic is locked
3 replies to this topic

#1 mgkidw0

mgkidw0

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 07 October 2009 - 10:31 PM

I have been working in another forum "Am I infected? What do I do?" Here is that link: Click Here After doing several things and posting several logs, the gentleman helping me sent me to this forum.

I am running Windows XP. I have intalled several new programs over the past couple of weeks. I have Malwarebytes' Anti-Malware and have the IP protection enabled. I also have Avira AntiVir Personal - Free Antivirus and keep them updated.

I have been having an issue with my computer being very slow and freezing up over the past couple of weeks. Everytime I attempt to open a new site or start IE, it prompts and states it has blocked access to a malicious IP = 95.211.1.176 and 95.211.1.173 (it is 80% of the time this IP, but sometimes it is another one; can't remember it though). Also, when I run IE, Avira will alert me stating it has detected a "pattern of the HTML/Infected.WebPage.Gen.HTML script virus" and I will quarantine this. This has alerted me on sites such as Google, eBay, eBates and others. I am unsure what is going on. Also, Malwarebytes' has found several items that it has quarantined such as Trojan.Tracur and Spyware.Zbot (since posting on the other forum at the above link and running the software he told me to run. I don't really see anything different in the task manager.

I am unsure this has anythig to do with the problems I have mentioned above, but my keyboard is now skipping many letters. I have to watch what I type and it does not type about every 8th letter or so. This has never done this before and it started doing this only when my computer stared slowing down. I just thought it might have something to do with it.

I am more than willing to work hard and do whatever you ask to get rid of these things on my computer. I have read about the dangers of Zbot especially and I want to rid all remanents of it off my computer.

Any help or advice would be greatly appreciated. Thank you, in advance, for your time, attention and reply to my issues.

Here are the logs that have been requested to prepare to post here.

DDS.txt log

DDS (Ver_09-09-29.01) - NTFSx86
Run by Missy at 22:56:20.00 on Wed 10/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Missy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
Trusted Zone: brother.com\www
Trusted Zone: paypal.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-24 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-24 55656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-18 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-23 604488]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-18 19160]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2009-10-05 05:37 <DIR> --d----- c:\documents and settings\missy\DoctorWeb
2009-10-04 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-04 16:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-04 16:55 <DIR> --d----- c:\docume~1\missy\applic~1\SUPERAntiSpyware.com
2009-10-04 16:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-03 11:32 <DIR> --d----- c:\windows\system32\NtmsData
2009-10-02 20:57 <DIR> --d----- c:\program files\Trend Micro
2009-10-02 17:14 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-01 19:13 3 a------- c:\windows\prnuse09.d1l
2009-10-01 19:13 10 a------- c:\windows\prsn09.d1l
2009-10-01 19:11 <DIR> --d----- c:\program files\Payroll 2009
2009-09-30 22:48 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-09-30 22:48 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-09-30 22:48 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-09-30 22:48 <DIR> --d----- c:\docume~1\missy\applic~1\Intuit
2009-09-30 22:47 <DIR> --d----- c:\program files\common files\Intuit
2009-09-30 22:47 <DIR> --d----- c:\program files\Quicken
2009-09-30 22:47 165 a------- c:\windows\QUICKEN.INI
2009-09-30 22:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-09-29 11:34 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-09-29 11:34 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-09-29 11:33 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-29 11:33 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-29 00:07 <DIR> --d----- c:\docume~1\missy\applic~1\Alzex
2009-09-29 00:07 <DIR> --d----- c:\program files\Personal Finances Pro
2009-09-29 00:04 615 a------- c:\windows\system32\Ofe5RZWm6QNWj.vbs
2009-09-28 23:57 615 a------- c:\windows\system32\ZwEDSnMBQveBI.vbs
2009-09-28 18:22 264,704 a------- c:\windows\system32\MaggiUninstall60.exe
2009-09-28 18:21 299,520 a------- c:\windows\uninst.exe
2009-09-28 18:21 <DIR> --d----- c:\documents and settings\missy\WINDOWS
2009-09-28 12:17 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-27 22:12 208,744 a------- c:\windows\system32\muweb.dll
2009-09-27 22:12 268,648 a------- c:\windows\system32\mucltui.dll
2009-09-27 22:12 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-27 00:36 <DIR> --d----- c:\program files\Nsasoft
2009-09-26 14:15 107,864 a------- c:\windows\system32\tsccvid.dll
2009-09-26 14:15 <DIR> --d----- c:\windows\system32\QuickTime
2009-09-26 14:14 <DIR> --d----- c:\program files\common files\TechSmith Shared
2009-09-26 11:06 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-25 19:45 <DIR> --d----- c:\docume~1\missy\applic~1\GetRightToGo
2009-09-25 18:22 86 a------- c:\windows\Brfaxrx.ini
2009-09-25 18:22 0 a------- c:\windows\brdfxspd.dat
2009-09-25 18:22 126,976 -------- c:\windows\system32\BrfxD05a.dll
2009-09-25 18:22 176,128 -------- c:\windows\system32\BroSNMP.dll
2009-09-25 18:22 5,120 -------- c:\windows\system32\BrDctF2L.dll
2009-09-25 18:22 3,072 -------- c:\windows\system32\BrDctF2S.dll
2009-09-25 18:22 73,728 -------- c:\windows\system32\BrDctF2.dll
2009-09-25 16:18 <DIR> --d----- c:\docume~1\missy\applic~1\Brother CreativeCenter
2009-09-25 16:18 <DIR> --d----- c:\program files\Brother CreativeCenter
2009-09-25 11:56 <DIR> --d----- c:\documents and settings\missy\.housecall6.6
2009-09-24 16:50 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-09-23 15:46 615 a------- c:\windows\system32\fJiFrYVw90iMuVV.vbs
2009-09-23 15:46 615 a------- c:\windows\system32\1gqB13rU0Qnhg.vbs
2009-09-23 15:45 615 a------- c:\windows\system32\FkRtF.vbs
2009-09-23 15:45 615 a------- c:\windows\system32\f2Psb.vbs
2009-09-23 15:41 615 a------- c:\windows\system32\q7RxIx8.vbs
2009-09-23 15:39 615 a------- c:\windows\system32\N1sbVlTp5O35Q.vbs
2009-09-23 15:38 615 a------- c:\windows\system32\V28rWAxrR404WB9.vbs
2009-09-23 15:34 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-09-23 15:34 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-09-23 15:34 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-23 15:34 <DIR> --d----- c:\docume~1\missy\applic~1\TuneUp Software
2009-09-23 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-23 15:32 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-09-23 15:32 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-23 10:35 <DIR> --d----- c:\program files\PhotoCardMaker
2009-09-23 09:35 615 a------- c:\windows\system32\1bRoZ.vbs
2009-09-23 09:34 615 a------- c:\windows\system32\hpbdf0U.vbs
2009-09-23 08:28 615 a------- c:\windows\system32\pY3j7.vbs
2009-09-23 08:28 615 a------- c:\windows\system32\Olhn9MgfFiWrx.vbs
2009-09-23 08:28 615 a------- c:\windows\system32\QxRDvpbOY9rm5g8.vbs
2009-09-23 08:27 615 a------- c:\windows\system32\Ia45w.vbs
2009-09-23 08:27 615 a------- c:\windows\system32\FRamh.vbs
2009-09-23 08:27 615 a------- c:\windows\system32\Z7CEwiy1cklPZ.vbs
2009-09-23 08:26 615 a------- c:\windows\system32\h9p3tPtYeLGX4.vbs
2009-09-23 08:26 615 a------- c:\windows\system32\cH42c.vbs
2009-09-22 10:48 <DIR> --d----- c:\docume~1\missy\applic~1\FastStone
2009-09-20 11:31 <DIR> --d----- c:\docume~1\missy\applic~1\DJ Nitrogen
2009-09-20 11:31 <DIR> --d----- c:\program files\DJ Nitrogen
2009-09-20 11:03 <DIR> --dsh--- c:\windows\ftpcache
2009-09-20 11:03 <DIR> --d----- c:\program files\Photo Watermark Professional
2009-09-19 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames
2009-09-19 16:14 <DIR> --d----- c:\program files\AceMoney
2009-09-19 16:13 <DIR> --d----- c:\program files\Family Budget Planner
2009-09-19 16:12 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-09-19 16:12 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-09-19 16:05 <DIR> --d----- C:\GO-BUDGET 4
2009-09-19 15:50 <DIR> --d----- c:\program files\simpleDBudget
2009-09-19 15:47 53,760 a------- c:\windows\system32\ZlibTool.ocx
2009-09-19 15:47 958,224 a------- c:\windows\system32\MSCHART.OCX
2009-09-19 15:47 440,352 a------- c:\windows\system32\MSHFLXGD.OCX
2009-09-19 15:47 <DIR> --d----- c:\program files\CBE
2009-09-19 00:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Protexis
2009-09-19 00:24 80 ---shr-- c:\windows\system32\DE55CA5C49.dll
2009-09-19 00:11 22 a------- c:\windows\system32\syoepk_lib0.dll
2009-09-18 09:25 <DIR> --d----- c:\program files\Avery Dennison
2009-09-18 09:19 212,480 -------- c:\windows\pcdlib32.dll
2009-09-18 09:19 <DIR> --d----- c:\program files\Serif
2009-09-18 09:18 189,828 a------- c:\windows\Photo Pos Pro Uninstaller.exe
2009-09-18 09:16 <DIR> --d----- c:\program files\common files\Thraex Software
2009-09-18 09:16 <DIR> --d----- c:\program files\Photo Pos Pro
2009-09-18 09:01 <DIR> --d----- c:\docume~1\missy\applic~1\Malwarebytes
2009-09-18 09:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 09:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-18 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-18 09:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 08:52 <DIR> --d----- c:\program files\FastStone Image Viewer
2009-09-16 11:37 <DIR> --d----- c:\program files\MSXML 4.0
2009-09-16 11:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alpha Software
2009-09-16 11:22 <DIR> --d----- c:\docume~1\missy\applic~1\Alpha Software
2009-09-16 10:18 24,576 a------- c:\windows\system32\msxml3a.dll
2009-09-16 10:00 <DIR> --d-h--- c:\windows\PIF
2009-09-16 09:07 <DIR> --d----- c:\docume~1\missy\applic~1\RapidTyping
2009-09-16 09:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidTyping
2009-09-16 09:07 <DIR> --d----- c:\program files\RapidTyping
2009-09-15 19:22 <DIR> --d--r-- c:\docume~1\missy\applic~1\Brother
2009-09-15 15:23 244 a------- c:\windows\Brpfx04a.ini
2009-09-15 15:23 93 a------- c:\windows\brpcfx.ini
2009-09-15 15:23 419 a------- c:\windows\BRWMARK.INI
2009-09-15 15:23 27 a------- c:\windows\BRPP2KA.INI
2009-09-15 15:22 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-09-15 15:22 6,784 a------- c:\windows\system32\drivers\serscan.sys
2009-09-15 15:22 50 a------- c:\windows\system32\bridf08a.dat
2009-09-15 15:22 73,728 -------- c:\windows\system32\BRCrypt.dll
2009-09-15 15:22 106,496 -------- c:\windows\system32\BrMuSNMP.dll
2009-09-15 15:22 102,400 -------- c:\windows\system32\BrMfNt.dll
2009-09-15 15:22 63,488 -------- c:\windows\system32\BrNetSti.dll
2009-09-15 15:22 57,856 -------- c:\windows\system32\BrWiaNCp.dll
2009-09-15 15:22 42,496 -------- c:\windows\system32\Brnsplg.dll
2009-09-15 15:21 1,522,176 a------- c:\windows\system32\BrWia08a.dll
2009-09-15 15:21 167,936 -------- c:\windows\system32\NSSearch.dll
2009-09-15 15:21 <DIR> --d----- c:\program files\Brother
2009-09-15 15:19 <DIR> --d----- c:\program files\Nuance
2009-09-15 15:18 31,767 a------- c:\windows\maxlink.ini
2009-09-15 15:17 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-09-15 15:17 <DIR> --d----- c:\program files\ScanSoft
2009-09-15 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-09-10 15:47 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-10 15:47 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-25 08:13 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 09:58 626,824 a------- c:\windows\system32\PosIpLiB.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:41 528,384 a------- c:\windows\system32\PosGRP.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-04-09 15:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040920090410\index.dat

============= FINISH: 22:56:55.01 ===============
________________________________________________________________

attach.txt is attached
________________________________________________________________

Rootrepeal report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/07 23:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF487000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BBA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8155000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8ca0886

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8ca087c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8ca088b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8ca0895

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8ca089a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8ca0868

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8ca086d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8ca08a4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8ca089f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8ca0890

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8ca0877

==EOF==

____________________________________________________

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 mgkidw0

mgkidw0
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 17 October 2009 - 12:33 PM

Please help! I know you all are busy. I posted on October 7 and haven't heard anything. When I read postings such as topic 264454 which started October 14 and got a response almost immediately, I have to wonder what the process is in the staff responding. I thought it was they take them in order, but obviously not. Do I need to post again? You all say not. So, here I am...knowing I can get help on this site since there are knowledgeable staff members, but having no idea when I will be helped. I see in this forum that when the posts are answered after a long period of time, you ask to repost all the report logs that we have already posted to begin with (which I understand due to the long period of time), but most often than not, no one responds and then the topic is closed.

I am showing frustration in this reply and for this I am sorry. I do think you need some sort of "bump" or something to allow those that are still interested in getting help after a certain period of time be able to let you know they are still waiting (other than to just let you see that no one has responded to their posting in over 2 weeks or so).

I know this may push my posting back farther from getting a response, but I had to say these few things. Thank you.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 AM

Posted 23 October 2009 - 07:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 AM

Posted 27 October 2009 - 04:03 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users