LSArtem

Moderator
  • Content Count

    80
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by LSArtem

  1. Hello SST, please send us in attach all detected files or "Quarantine" files.
  2. If you are going to make changes in router settings please be sure that you made a backup of all settings, saved your passwords and connection configuration!!!! After that you can restore to default settings by clicking on a small button that is placed in a little hole backside of your router. http://www.tp-link.com/en/article/?id=83
  3. Hello! Thank you guys for clarifying the situation. Because it was looking like we are catching the ghosts here So we can suspect that we have a deal with : Infected router Infected ISP Poisoned DNS Some harmful extension was installed in browser and was synchronized among other PCs (Chrome, FF, Opera). So you can try to: Use another DNS as main (for example 8.8.8.8) Try to web surf using Mobile Internet or another ISP Launch your browser in safemode Check launch parameters in all browser icons
  4. 1. Gmer can only modify values in registry. You can erase (or left empty string ) a value and click save button. 2. Please clarify your problem. Is this issue happens in all browsers? Is it happens only on some sites or all websites? How do you launch your browser? (From icon on a desktop, etc) Does antivirus is on when you are surfing? Do you allow to run some objects on a site?
  5. Please read tutorial "How to use ComboFix" here. In the end you will find instructions how do remove a program. Next time don't allow to run suspicious Popups or keep from suspicios sites. First of all suspicious site can contain malicious flash applet, and the second normal site can be infected and include hidden iframes with malicious scripts. About IE - you used Google Chrome and Firefox, please continue use them - just clear the cahce from the browsers. Maliciuos scripts could be stored in cache of your browser.
  6. If you want to delete Combofix please open Command line (Start->Run) and promt a string in a dialog box " combofix /uninstall ". And please don't forget to clear browser cache!!!
  7. For registry keys modification and direct file access you can use this tool. To see Advanced options you can click on ">>>" button.
  8. Hello! Please do such actions: try to find and delete such key in registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CATCHME HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CATCHME HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\catchme HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CATCHME\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CATCHME HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\catchme HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme Try to Delete a file:C:\Users\windows7\AppData\Local\Temp\catchme.sys (if file could not be deleted - reboot the system and try again) Uninstall "PxMergeModule" If exist - try to delete files: C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\[email protected] C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\[email protected] C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\[email protected] C:\Users\windows7\AppData\Roaming\Mozilla\Firefox\Profiles\900sfl63.default\extensions\[email protected] C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} Download and run TDSSKiller from here. Do a scan and share your results. Also you can try to run Firefox browser with turned off extensions https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode#w_how-to-start-firefox-in-safe-mode
  9. Hello. All your files mostly detected by AV vendors. 1. Malicious sample, detected by almost all well known antiviruses and detects as Zbot or Yakes. 2. Adware application, potential unwanted program. Remove it.
  10. Jpellan, after detailed analysis i didn't find any suspicious or malware applications, running on your computer. One untrusted tool - KMSnano (this is Windows 8 activation tool). You also may have problems with your system because you have two installed antiviruses. - AVG and AdAware. It can be the reason of many system faults. And i guess your Adobe products can't connect to *.adobe.com servers because you redirect all requests to localhost. P.S. I think you had malicious file in your dropbox folder and AV notify you / delete file.
  11. Hi jpellan! Please download this tool. Unzip it and launch. Choose File-> Standard scripts and select points 1, 2, 4, 5, 8 and press button "Execute selected scripts". After that open "./avz4/Log" directory and archive and send files, please.
  12. Hello, read this post please http://www.lavasoftsupport.com/index.php?/topic/33524-activation-failure/
  13. Disabling Java is not a good solution. Java vulnerabilities are used for DoS or arbitrary code execution, for example - downloading and launching malicious file. But it is not used for redirection. Do you mean "Java Script"? If you have problems with redirection it means that your computer is infected or you have problems with configuration of your browser. By the way check your "hosts" file.
  14. Hello! It seems that you are using System Tray Cleaner tool. Is it true?
  15. Hello! Try to follow this instructions.
  16. Hello! Due to this logs I can say that your system is clear. But also i can see some conflicts in your system. Some services are not working properly. Try to boot in "safemode with networking" and check your Network connections. Also you had few errors from your DHCP server so network could be frozen too. And please DON'T USE several antivirus products! It can be a reason of your system crash! Yor system is running Ad-Aware + Windows Defender. That is not good. Please check it again and be sure that your Windows Defender if off. BTW you can find ready solution for dldtCATSCustConnectService service fix on Microsoft forum
  17. Hello! One of the main problems that you use lots of antivirus products. I counted about 10 of them in your logs. It can be a big conflict between AVs and system can work very slow. For example, you use Avast and AAW in the same time. BTW from words to deal. If you don't use Sophos Anti-Rootkit please stop "MEMSWEEP2" service, delete this service and kill file "C:\Windows\system32\ED5B.tmp". Please check you "C:\Windows\system32\drivers\etc\hosts" file. If you have such strings: [CODE]127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com[/CODE] clear your "hosts" file. Make new logs and send them here please.
  18. Hello [b]k9pud. [/b] You wrote that you have a problem. Could you give us more info? Do you have only problem with your computer speed?
  19. Hello! What version of AAW do you use? Do you have "Remind me later" checkbox on your nagscreen?
  20. Hello Gentlemen! Seems that you had not "clear" uninstall of AAW10. I checked Uninstall on the latest version of AAW - 10.1.211.3382. All of GFI network drivers were uninstalled after reboot. Please watch this video: http://www.youtube.com/watch?v=ZrGUYQZhOMk
  21. Hello Buttonbox![list=1] [*]According to your words i noticed that you have no problem with license. Don't worry:) ! [*]Full scan speed depends on this factors: [/list][list] [*]Speed of Processor, speed of your hard drive, count of files on your hard drive; [*]antivirus scan technic (rootkit scan, file scan, etc ) [*]Count of other processes that are working in same time with scanner. [/list] [b]You[/b] [b]don't need[/b] [b]to[/b] [b]start Full Scan every day! You have real-time protection. [/b]If you are going to launch malware executable - antivirus will say you that it is malicious file and won't allow you run it. If you are going to start full scan as to me i always start it at night, because i know that a have lots of files on my hard drive. And even on my fast comp it will take hours and hours of scanning. Its better to do quick scan for a couple of days - it will scan your current working processes and system files. if you have lags during antivirus full scann of your computer its a normal process.
  22. [quote name='njnitehawk' timestamp='1337166060' post='135663'] i nstalled 10 on 05/14/12 and when went to update definitions it states everything is up to date were previous versions updated everyday can you confirm what i should or should not be doing [/quote] Hello! Did you update your definitions?
  23. [b]buttonbox[/b] please open your AAW, click "Options" that is above and see General information. If you'll see that: [img]https://lh3.googleusercontent.com/-Q-mYIyWeT0o/T7ZGQzjZw7I/AAAAAAAAADI/cYNbHA4KXyE/w649-h350-k/scr.PNG[/img] this means that your AAW client is not activated. See Expiry Date.
  24. [quote name='devstaff' timestamp='1337338727' post='135751'] The new version is faster than the old one that Ive tried for some days ago, and now I can run your software on m PC without any lag. Thanks for the help [/quote] Glad to hear it! You are welcome!
  25. BTW have you checked minimal system requirements for this AAW version? You can find recommended Technical Specs [url="http://www.lavasoft.com/products/ad_aware_free.php"]here[/url]. I think you can't increase productivity of antivirus product without increasing computer's computational capability. This option (see above) will provide minimal PC security - file scan, defense against malicious file launching in real-time and secure Internet browsing. If you are afraid of your system is infected - you can see this [url="http://www.lavasoftsupport.com/index.php?/forum/36-help-with-stubborn-infections/"]topic[/url] or download, run [url="http://www.filehippo.com/download_hijackthis/"]HiJackThis[/url] tool and attach log file here. P.S. please write your system configuration!