Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

beyond malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 roblev

roblev

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 02 June 2010 - 07:26 PM

See other topic here: http://www.bleepingcomputer.com/forums/t/321056/reinstalling-xph-os/ ~ OB

can't install OS without major issues. Good copy of XPH w/ sp3, new hard drive, OS loads but will not allow me to load antivirus or antimalware. Can't extract tools. Already flashed the bios with an update.

Pasting in CF log from that other topic. Please note there were two other runs after this one. ~ OB

ComboFix 10-06-02.01 - Windows 06/02/2010 16:42:43.1.1 - x86
Running from: h:\documents and settings\Windows\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of h:\windows\system32\dfrgntfs.exe was found and disinfected
Restored copy from - h:\windows\system32\dllcache\dfrgntfs.exe

Infected copy of h:\windows\system32\freecell.exe was found and disinfected
Restored copy from - h:\windows\system32\dllcache\freecell.exe

Infected copy of h:\windows\system32\spider.exe was found and disinfected
Restored copy from - h:\windows\system32\dllcache\spider.exe

Infected copy of h:\windows\system32\d3d9.dll was found and disinfected
Restored copy from - h:\windows\system32\dllcache\d3d9.dll

Infected copy of h:\windows\system32\ole32.dll was found and disinfected
Restored copy from - h:\windows\system32\dllcache\ole32.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 20:22 . 2010-06-02 20:22 -------- d-----w- h:\program files\microsoft frontpage
2010-06-02 20:21 . 2010-06-02 20:20 77423 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-02 20:14 . 2010-06-02 20:14 21640 ----a-w- h:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 cerc6;cerc6; [x]

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
h:\windows\system32\wscntfy.exe
h:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-06-02 16:45:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-02 20:45

Pre-Run: 157,315,948,544 bytes free
Post-Run: 157,289,353,216 bytes free

- - End Of File - - 4212E568CAF4E33DB4379853FF334125

Attached Files


Edited by Orange Blossom, 02 June 2010 - 09:19 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:50 PM

Posted 06 June 2010 - 11:22 AM

Hello roblev

Welcome to BleepingComputer smile.gif
==========================
IF you are still having issues I would suggest running memtest which can be found here > http://www.memtest.org/
Download and burn the .iso file to a cd and boot from it and let it test the memory.
I suspect something is corrupting the files but it may or may not be memory.
Let me know the results.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 roblev

roblev
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 07 June 2010 - 12:16 AM

you were right. I had a bad stick. Thanks.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:50 PM

Posted 07 June 2010 - 07:17 AM

You are welcome smile.gif


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users