Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits + trojans


  • This topic is locked This topic is locked
18 replies to this topic

#1 kb11

kb11

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 17 March 2010 - 01:31 AM

hello,
attaching first. not writing anything, for fear of comp crash. would write in a reply to this post, from another comp



dds report looks like this:

MZ   @  !L!This program cannot be run in DOS mode.$ PE L +I  2 n h   @     0            .code     PEC2FO .rsrc    $R Pd5 d% 3PECompact2 VK ўoTNlTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%
P@38:smX:T }  ؑGR>m-.:2 +]>hD t;aPMUN2=~xl@]lzMXx;c$'iNVm=U_
͉({|/$OrI?k"<5]0gN؞@/+2jJn
-~ Z:-vQUU5w_WԵlw"tU~6% S]Xёal(eTdkX>DL@a YNۋ!'n*FhaT~/EƱ!* Z$}«0N:+0o%CMEZČ0FOhϑ2[u5N5DhVRk*&- dMyI>"io_o1DǢ^.n+(!2:d5Vl
҇H%kQV+ktIlKX V$B˭a$Mmx"@XӨ\7!3a0es̞{fzŒG#} wFVTU1VKNJd_]ػAp|7ysX$%ngـ: tF0fZB |h%fAhw&-B3Ft~9B2uKa>uJ}PoJ(ވ6).wHh! jMijQ:c:1 W]ꏍ9Q[C%X8^z2vlmk'iG`ϰ(rNۄ(˼lSvuxy[{8vDG\ADw2XwS`d{@no(w @2,:͈ѳ =oQ6+j{7.dxL
a:v'vA .q%i8avZ\G>ZW֌{uxp09\@F\
;[@eem 0&rZ%a#'y7$2< O,a#ZuEnF
,OT4Kd'{80b͠OW DMgAJf0`>(dvn [d?QyT
IjwnnZͅrm3<ƓBJ%[*3+W=t~J.gCU"~WȆBxPfgO:UN|Ri.?_J嗏᱇/{M_:zY6 E
"0k^Μ'_
q
XRJ aH!dHS
`L \W8LSd&C``CLe]`ͨ
àJ9wJ!'S! p5$DXt.otk璘T$6m^&L2P-tcqFU~Q >5Xh.ӛ=Q?+=VpkzOU/4f^klFjd C?%⒁N!Z2yZ^q\<\QMiq]4z?þTuзUj>'~wbG򆷖M=#B'As@V?V-7qaisgC)]4{OS[KZi$\xΒ{1q@Qr: 99Kx^k?2uKy|w]
ql߼/wb
F΁:5awV~.NjWYA9a0
|9\H{tu*GնԌ/#(Z G/WB SuVCQ "ގT?--y%g?x™:TeDPayqm90RC `wYZktA;Cì+حz|{W/ֵ8n`!x.[v\ȫA) =9',-r bз9=Rv!@ v.71FnFZ$ɳ!v9_tfm *fBI&EvK$$
?[%}y@BɷIb~B=& Vߣ~! d>5A
4Xw][F3{!IR{pq(~Zp5H 1rl1^GçM[]tongue.gifT[+a)^ wLWZp>&f/6Y
WɓZ_ RmuI4&o~€Q,#]8Y}dF?~^؊^-y6)lM:ܻm /B-_1md=Qu4_fxAw;G/;t[S>˃[}Z6$'i|M6jMБ V~it}$6o Bv'=V[e+7fIZ.wHx_: Q
|.ط-[QI'jX_K ൵B\Q '7,$XH8]ZO2absRz>?x_׀wġcE3_G
Hq *h3Gݟw\Kl?`4b=kh|Is¾|UNj\W4f
^ F
&X[\#H_9\1h^?ߠ{Cv Hyh4yDec]o#+fm*\뉶I0P&L×Cp!  M~MWQ9[L Z/N#c3`Q>ħ:4e$zqC
=4SͪKZh}
H~": P1XX?cbĒl_H޽)[bA7wn>lkNOƼ2 \m |ў@.BsC]RQ3x {CZl)W^ WR>STxq%Xޤ3z(1 H1ބ6vzX
X0
sɀjVϨ[UU67VF`ƑyAsu:;<
@jp-9ȃRaٜ1A6E`N'`ḼqC\BR N+dsF
H=xZBf}T`yk.*O10hHI1!̷V#m_LxY)
()T՘L1NKzIY^e؇a6"nT"[?*ׇs+D |)joF;_
3ZRo8 ? o 8Ǐ ?̏ o8x ?̏ 8x o?̏ x ̏ o                                        0 @    kernel32.dll LoadLibraryA GetProcAddress VirtualAlloc VirtualFree  b 42sk z
+(|| H``0D$4HSUV/xW=x Aȸ783+r 6|$ l
@>\8T<#t" (, _LHqQ d(S9Tw_^ ]3[0Pf#~ˍ0=
sjFžAQ
';u*p+e9hD-*P CYE UG9<6NJ<ωvT2ӗ8,b$Ц$B |L1P9ID}
Ǧ7 &!GD`;TjB+Ðِˉ
M5Œd*;sL‘0L.us
)DT׬H 3!™,?(HJ0EH+OIy)n## C\,0 ;xUS*uU).ӇϗW&"$q) O
YտFJ H+ A:9oPX%
UF,IB+0Dr2`)ZzD%}T#`{+tongue.gifBDTW!&O
\L 3H 3D!\QR]*\.y37(1
d!aψ.G-0"ՐyX7.
ns^\,0)u
+&݃ %ĶyC|  Vms,!rux@HavP~?,`0}?LA g
EH
 . ;r6@ۤѠ| J$~04vV l\fdP0(.M ;wH< +!XEK)AGf]rޜ%I ̬O YWx4G K ,j8h3\U_ƞD7 P@I)Aģ
أ!4OK5c˒
H 4d ]؁4h* |!y0'FU 惎p"@8@!8
8{SWVU]L TC
Fo/gVv1/2H{HtsDw#~F&{@X#/o?QeFߐ0N,+Kj@ QF7!'
VM br͔(@, USٚ4-OO fQF Gnt{T͍l
Du:-cWtRQ1P?L & AR?Ұ
bjfH1 7$%DuC Ú@+B %|Wi783;@F ]^_[UI [h?9Q"E V~KtRuDD3Z uůGEOf*M? CS# ])V\
G>$X 0PN. UFu}Y!VzlMc@^6u;}4FU,gtȊ1u*:
fh~A^YHFt5;*0ūaxxQ94fvRPbYI?W5
A~'P(C tMs^b}(K,-E{ RѡlZ`;2=42uZU"GQRV#rP.}&5nH+ȅ6*&^ _2|C`QHRK}\K/oQ,@t2[F)36mMZa;}ud@4 +I^rr -@]--@˴kb ]9\Ct$sCQ=N M~!z{PWQSzeHHH Ϊmsvb]f\" E kd!FċKN@ kY\09NN"cGz }U=>1
Tn'ظtDRR'% %#jMAtfQ@,IZhaloM9%T"묈ծQ^o*0+;M fA6kIm JE@<@H|'``QevPK:,YeY
K4z/"! %!3OτJ{F-V4+zeHwAp licaton er=; /u.TheswAAųV+^uF3Ar+|$(|$a t  
#   @   -R AT$R +J3øxV4d USQWVRW SRj@h  sj KZPR3C ‹K C‹KK CPWVZXCRF+VK N׉? KZ h j WZ^_Y[]


gmer report:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-17 11:50:46
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Kunal\AppData\Local\Temp\pxldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenProcess [0x9E2F5B4C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenThread [0x9E2F5C3A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwTerminateProcess [0x9E2F5AB0]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 9C53DBB8

AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\parport.sys (*** hidden *** ) [MANUAL] Parport <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport@TypesSupported 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@DisplayName Parallel port driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@Group Parallel arbitrator
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@ImagePath \SystemRoot\system32\drivers\parport.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Parport@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Parport@EventMessageFile %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\System\Parport@TypesSupported 7
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@DisplayName Parallel port driver
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@Group Parallel arbitrator
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@ImagePath \SystemRoot\system32\drivers\parport.sys
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@Start 3
Reg HKLM\SYSTEM\ControlSet002\Services\Parport@Type 1

---- EOF - GMER 1.0.15 ----

Hello,

I had initially posted into another forum here: http://www.bleepingcomputer.com/forums/t/302937/rootkit-trojan/

As suggested there, I tried running Defogger (it did the disabling)

However, DDS did not run successfully. Upon clicking it, it directly opens a notepad file titled DDS which is filled with illegible characters and runs into great lengths (I've copy pasted a part of the file in the previous post of this topic)

GMER was able to run, and report is copy pasted in the previous post.

As soon as i connected to the internet, the symptoms mentioned in the previous topic (http://www.bleepingcomputer.com/forums/topic302937.html) re occurred: ie Windows Explorer stops working and then tries to restart. Also, Task Scheduler, Desktop Windows Manager and Bit Defender Agent stop working.


PS - I googled for DDS not running, and came across this http://www.bleepingcomputer.com/forums/t/297865/cant-run-ddsscr-opens-in-notepad/
I also have AutoCAD 2008 installed on this laptop, and I re looked at the DDS file and it is identified as an AutoCAD Script. I dont know if this is causing the error in running DDS, since I have AutoCAD also installed on my desktop and on that the DDS ran fine (The desktop's issues are being looked at separately in this topic: http://www.bleepingcomputer.com/forums/t/302287/multiple-malwares/ )

Thank you for your help,
Regards,
Kunal

Edited by boopme, 17 March 2010 - 12:06 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 20 March 2010 - 11:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 21 March 2010 - 08:29 AM

Hello myrti,

The laptop in question was not turned on since the time I made the first post.

Today when I turned it on to run OTL, it gave the previous symptoms: Within a few seconds of turning on the laptop WIndows Explorer stops working, it tries to find the solution to the problem and tries to restart Windows Explorer. Simultaneously, Task Scheduler stops working as does Services and Controller Application.
Along with these, I received a new notification today: Windows has encountered a problem and will restart automatically in one minute. Please save all your work now.


Then Windows restarts and the whole cycle begins all over again. Im perplexed by what to do with this.

Just as I mentioned earlier (http://www.bleepingcomputer.com/forums/t/302937/rootkit-trojan/) I can format the C drive again and reinstall windows if needed, since I have no data on it. I have some data on D drive which isnt backed up. But if need be, I can format that drive too without backing up the data.

Thanks,
Kunal


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 21 March 2010 - 03:34 PM

Hi,

if you are inclined to reformat, then this may be your best and quickest option.

if you prefer to try and fix please try to provide a log from OTLPE:
OK this file is big Print these instruction out so that you know what you are doing

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to SafeList
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 21 March 2010 - 03:42 PM

hi,
i think i will go in for a reformat. however, id like to run some checks after formatting, to make sure i dont have anything lurking around. what would you suggest for that?
also after formatting, should i first install all drivers and windows updates or first run these checks?

thanks,
kunal

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 21 March 2010 - 05:53 PM

Hi,

I would try to bring the PC up to date before installing an anti virus program on it and run scans on it. However please install the SPs offline if possible and connect to the internet only after installing the updates and an antivirusprogram.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 23 March 2010 - 12:16 PM

hello,
i formatted the laptop, installed vista. and upgraded it offline to SP2.
then i installed kaspersky internet security 2010 and ran a complete scan - it detected and deleted Trojan-Downloader.Win32.Genoma.amwr which it found in E\ProgramFiles\Internet Explorer\rasadhlp.dll
(The E drive is Dell's recovery drive and I dont store any data on it)

I then ran Malwarebytes Anti Malware, Spybot Search and Destroy and Ad Aware. The first two didn't detect any thing. Ad Aware removed two cookies: *atdmt* and *2o7*

do you think i should run the dds and gmer scans and post a log?

thanks,
kunal

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 24 March 2010 - 04:58 PM

Hi,

this looks like a false positive from Kaspersky. The other detections are harmless. Cookies do not pose a threat to the security of your PC as such. If you want them gone, I can tell you how to disable them in your browser.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 March 2010 - 10:38 PM

hi myrti,

if cookies as such do not cause any harm, i dont mind leaving them enabled.

now, i have some external storage devices that i may have inadvertently plugged in to the laptop earlier and may have infected them. i use:
- 2 thumb drives (USBs)
- 2 external portable Hard Disk Drives
- 2 SecureDigital memory cards for a digital camera
- an IPod
- and a Cell Phone with a 512mb memory card

Is there any way to check if these are infected, and to protect them? I havent plugged in any of them into the laptop for fear of a cross-infection

regards,
kunal

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 26 March 2010 - 12:55 PM

Hi,

there are a couple of tools that will allow to protect your removable media, I usually suggest flash_disinfector:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. (This will prevent any infection present on the key to be executed)
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 28 March 2010 - 12:57 PM

hey,
i downloaded and tried to run flash disinfector.
but after visa's UAC warning about letting flash disinfector run, nothing happens. the mouse just shows the waiting symbol for a few seconds, but nothing follows.
this happens even after i switched off kaspersky, adaware and spybot

- kunal

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 30 March 2010 - 06:59 AM

Hi,

can you please try to right-click and select "run as admin". Let me know if that works.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 30 March 2010 - 12:01 PM

hi,
i tried running it as admin too. but that made no difference.
there is still nothing that happens

- kunal

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:26 AM

Posted 03 April 2010 - 11:45 AM

Hi,

then please try Pandy Vaccine: Panda Vaccine

After you download it, you can run it and select the flash drive you wish to vaccine under USB drive vaccination. I would not use the PC vaccination, since ComboFix already disabled that one.
The program is only available for fat formatted flash drives though and the flash drives should not be used with Linux-PCs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 04 April 2010 - 12:39 PM

Hi myrti,
Panda Vaccine worked on the USB drives. is there something similar available for SD cards?

Regards,
Kunal




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users