Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had thinkpoint and DiskDoctor


  • Please log in to reply
No replies to this topic

#1 floyd1039

floyd1039

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 18 December 2010 - 11:19 AM

Do I need help?
Shame on me , I let Norton expire.
Around the first of December I discovered my desk top pc with the ThinkPoint screen showing, and so it began.
I used another computer to find this site and after some reading began trying to recover my desk top.
I downloaded and ran rkill, the shell merge, and TDSSKiller. Then reset the computer to November 26, updated and ran Malwarebytes, updated and ran Norton, downloaded and ran Kasperkey. I ran the three scans multiple times, and between times used Microsoft online security. I also ran disk clean up multiple times as it continued to fail.

On the seventh of December Malwarebytes reported this :
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5263

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2010 5:04:21 PM
mbam-log-2010-12-07 (17-04-21).txt

Scan type: Full scan (C:\|D:\|J:\|)
Objects scanned: 284193
Time elapsed: 1 hour(s), 40 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Owner\start menu\Programs\disk doctor (Rogue.DiskDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\15.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\17.tmp (Rootkit.TDSS.Gen) -> Delete on reboot.
c:\documents and settings\Owner\start menu\Programs\disk doctor\uninstall disk doctor.lnk (Rogue.DiskDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\disk doctor\disk doctor.lnk (Rogue.DiskDoctor) -> Quarantined and deleted successfully.

After that run I regained most of the use of the computer, but it began to have errors and stop working.It also wouldnot restart without ctrl/alt/delete,just showed a black screen. I can not do a screen capture so I copied this:
Generic Host Process for Win32 has encountered a problem and needs to close. We are sorry for the inconvenience.

Error signature
szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : ntdll.dll
szModver : 5.1.2600.5755 offset : 00023845

I also noticed attacks from the desktop pc on all the other computers on my home network.
An intrusion attempt by 192.168.1.9 was blocked.Application path\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORER.EXE.

However after I ran the updates from MS on December 16 the error and the attacks stopped.

Norton and Malwarebytes are not reporting any problems, and the computer seems to be performing OK.

Do I need to do anything else?

Thanks for a great site and in advance for any help you may offer.

floyd

Edited by hamluis, 18 December 2010 - 12:06 PM.
Moved from XP to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users