Jump to content
Posted 16 December 2011 - 08:28 AM
Posted 16 December 2011 - 10:57 PM
Posted 17 December 2011 - 01:02 AM
Posted 17 December 2011 - 09:23 PM
Posted 17 December 2011 - 09:40 PM
Posted 17 December 2011 - 11:33 PM
Posted 17 December 2011 - 11:36 PM
When you figure out what really works, I'll be interested to see. I ran the fixNCR, then saemode rkill, then sas (paid pro version was running when I GOT INFECTED!), nothing found, then reboot to normal. Could NOT run the install on MBAM because all exe still disabled. ran rkill again and it shut down c:\windows\system32\grpconv.exe AFTER THAT, I was able to install and run MBAM, which saw nothing wrong with grpconv.exe, but did locate a rundll32.exe newly-appeared on my desktop and deleted that. It told me to reboot, so I did.
Upon reboot, network and processor slammed. I watch task manager every day and know what runs by heart. I'm on here now because I'm unloading ping.exe every two minutes to keep it from taking all the processor and bandwidth. Other files it has loaded (and I've unloaded) include msiexe and CeEkey.exe. I went to c:\windows\system32 and renamed two files, ping.exe and ping6.exe, and it's still running. Using ccleaner to sweep out recent, cache and temp files continuously.
Before getting back on the internet, I tried to go back to safe mode with networking. Here's the bottom line: the infection won't let me on the internet (assign an ip) unless HE can get on with me. NO INTERNET IN SAFE MODE.
I've read about 100 different sets of instructions and if I tried them all, I'd still be sitting here at Christmas, trying to get some work done. Meanwhile, this thing is delving into every piece of my system. Clearly this is a new and very virile threat, and nobody has completely figured it out yet.
Posted 17 December 2011 - 11:44 PM
Posted 17 December 2011 - 11:45 PM
Posted 18 December 2011 - 02:12 AM
Posted 18 December 2011 - 03:31 AM
Posted 18 December 2011 - 02:21 PM
Posted 18 December 2011 - 09:30 PM
Posted 18 December 2011 - 10:27 PM
Posted 18 December 2011 - 11:23 PM
Boopme, I did start another topic: fixed: Security 2012, no exe, ping, hoax links, popups
Please start another topic of your own as your situation is somewhat diffent than this one. You have a different rootkit..
Also state your Operating syatem,thanks.
0 members, 0 guests, 0 anonymous users