Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad rootkit - may need custom script and program


  • This topic is locked This topic is locked
20 replies to this topic

#16 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 AM

Posted 10 November 2009 - 11:40 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as NetTest.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, click on the NetTest.bat file and post the resulting report..

@Echo off
cd /d %~dp0
ECHO Working....... Please wait
nbtstat -n >Report.txt
ipconfig /All >>Report.txt
Ping Yahoo.com >>Report.txt
Ping Google.com >>Report.txt
Net Start >>Report.txt
Notepad Report.txt
Exit


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


BC AdBot (Login to Remove)

 


#17 juliusec

juliusec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 12 November 2009 - 07:30 PM

Local Area Connection:
Node IpAddress: [192.168.0.102] Scope Id: []



NetBIOS Local Name Table



Name Type Status

---------------------------------------------

D74HZ8C1 <00> UNIQUE Registered

D74HZ8C1 <20> UNIQUE Registered

HOME <00> GROUP Registered

HOME <1E> GROUP Registered

HOME <1D> UNIQUE Registered

..__MSBROWSE__.<01> GROUP Registered


Wireless Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []



No names in cache



Windows IP Configuration



Host Name . . . . . . . . . . . . : D74HZ8C1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-21-70-7A-48-71

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 77.74.48.113

Lease Obtained. . . . . . . . . . : Thursday, November 12, 2009 6:19:02 PM

Lease Expires . . . . . . . . . . : Thursday, November 12, 2009 9:19:02 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-19-7D-24-4F-85



Pinging Yahoo.com [209.131.36.159] with 32 bytes of data:



Reply from 209.131.36.159: bytes=32 time=71ms TTL=50

Reply from 209.131.36.159: bytes=32 time=72ms TTL=50

Reply from 209.131.36.159: bytes=32 time=72ms TTL=50

Reply from 209.131.36.159: bytes=32 time=71ms TTL=50



Ping statistics for 209.131.36.159:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 72ms, Average = 71ms



Pinging Google.com [74.125.53.100] with 32 bytes of data:



Reply from 74.125.53.100: bytes=32 time=71ms TTL=48

Reply from 74.125.53.100: bytes=32 time=70ms TTL=48

Reply from 74.125.53.100: bytes=32 time=69ms TTL=48

Reply from 74.125.53.100: bytes=32 time=69ms TTL=48



Ping statistics for 74.125.53.100:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 71ms, Average = 69ms

These Windows services are started:

AOL Connectivity Service
Apple Mobile Device
Application Layer Gateway Service
Automatic Updates
Background Intelligent Transfer Service
Bonjour Service
COM+ Event System
COM+ System Application
Computer Browser
Creative Labs Licensing Service
Creative Service for CDROM Access
CryptSvc
DCOM Server Process Launcher
Dell Wireless WLAN Tray Service
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Help and Support
iPod Service
IPSEC Services
Java Quick Starter
LiveUpdate Notice Service
Machine Debug Manager
Media Center Extender Service
Media Center Receiver Service
Media Center Scheduler Service
MSSQL$MICROSOFTSMLBIZ
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Pure Networks Platform Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time
Workstation

The command completed successfully.

#18 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 AM

Posted 12 November 2009 - 09:48 PM

Hi, juliusec :(

The test came back negative. In regard to the Touch pad, I suggest you reload the drivers and test. Concerning Google and Yahoo, try to reinstall the plugin.

Keep me posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#19 juliusec

juliusec
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 13 November 2009 - 09:07 AM

That is awesome. :(

I am not clear on were to go to reload the drivers or plug in. If you point me in the right direction, I'll figure it out.

Thanks SOOOOOOOOOOOOO much for all your help.

Cheers,
Julius

#20 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 AM

Posted 13 November 2009 - 09:26 AM

The Synaptics driver for your cmputer is available at Dell.com:

http://support.dell.com/support/downloads/...-1&impid=-1

Follow the instructions therein for its installation.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#21 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 AM

Posted 23 November 2009 - 04:38 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users