jurgenv

Volunteer Security Advisor
  • Content count

    2,456
  • Joined

  • Last visited

Community Reputation

0 Neutral

3 Followers

About jurgenv

  • Rank
    Advanced Member
  • Birthday 01/04/1990

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Belgium
  1. I'm glad you solved it.
  2. do you still have problems?
  3. I think it's from a cd-rom..
  4. You must upload this file: E:\Knight.exe
  5. Archive the file with winzip or winrar and upload the archive.
  6. * Go to http://www.virustotal.com/ and upload the following file: E:\Knight.exe Post the results in your next answer. 1. Download Deckard's System Scanner (DSS) to your Desktop http://www.techsupportforum.com/sectools/Deckard/dss.exe (or other convenient location). 2. Close any open applications and windows. 3. Double-click on dss.exe to run it, and follow the prompts. 4. When the scan is complete, a text file will open - main.txt 5. Copy the text from that log and paste it into your post with the results of Virustotal. Note: Some firewalls may warn that sigcheck.exe is trying to access the internet. Please allow it permission to do so.
  7. I don't see any malware in your logs... I wouldn't do those instructions because it's not for vista... I'll seek for a second opinion..
  8. Looking good, do you still have problems?
  9. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database: Extended [*]Scan Options: Scan Archives Scan Mail Bases [*] Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply.
  10. 1. Download this file - combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  11. jurgenv

    Vundo Infection

    Sorry for the late respons, I didn't received an e-mail notification.. If you still want help, post a new hijackthis log here.
  12. * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, Click Options > Change settings Choose the "Scan"-tab, remove the mark at "Heuristic analysis". Back at the main window, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  13. jurgenv

    Vundo Infection

    * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, Click Options > Change settings Choose the "Scan"-tab, remove the mark at "Heuristic analysis". Back at the main window, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  14. jurgenv

    Vundo Infection

    * Open hijackthis en tick the following lines: O4 - HKLM\..\Run: [16296643] rundll32.exe "C:\WINDOWS\system32\pdpaxarv.dll",b O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe * Make sure all other windows are closed except hijackthis and click on "fix checked" * Reboot your computer and tell me how everything is working.
  15. jurgenv

    Vundo Infection

    Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.