Home > Hjt Log > HJT Log - Mope

HJT Log - Mope

I am not sure what is happening here. Attached Files 01-21-17.zip 418bytes 2 downloads Back to top #50 garioch7 garioch7 RCMP Veteran Malware Response Team 1,874 posts OFFLINE Gender:Male Location:Port Hood, Nova Scotia, Canada Local time:08:03 PM Posted A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. I'm no computer wiz at all and I regret this.

I downloaded HJT and got ready to install the .exe.. That raises thepossibility of a serious boot sector malware infection. Is there an option to "clean"? Regards, -Phil Member of the Unified Network of Instructors and Trusted EliminatorsProudly Supporting Bleeping Computer to Defend the Freedom of Speech Back to top #49 ep2002 ep2002 Topic Starter Members 321

I'm going to run it now and save a log file then post it in the correct section. A black screen will appear and then disappear. Shawn ===================================================== Logfile of HijackThis v1.99.1 Scan saved at 11:55:45 AM, on 12/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe

Java would mess up on Firefox so I decided to find a program to scan for some spyware. Sorry, it was not clear to me how to post without quoting the previous message in its entirety. Well as usual, I went to clean them and it deleted an important file. Several functions may not work.

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Here's the 2nd log file. Also.. jedi My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

I am not an ESET user, never have been, so I am not familiar with the product. After that is completed, please fun the System File Checker scan that I requested in this post. I would prefer to try to kill these first, as I'm behind a router and firewalled, which should minimize some of the risks. Double click ComboFix.exe & follow the prompts.3.

C:\WINDOWS\system32\drivers\symavc32.sys 178688 bytes executable C:\WINDOWS\system32\drivers\Jcv46.sys 185344 bytes executable scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Even when I go into safe mode and login as administrator, I do not seem to have administrator rights.I tried removing the bho no names listed, but I cannot get rid If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all I've been working with computers since '84 & I've been online full time since '98. 5.

Thanks Back to top #11 sdiggory sdiggory Member Members 11 posts Posted 03 January 2008 - 06:18 AM Word Wrap is off now: Logfile of Trend Micro HijackThis v2.0.2 Scan saved Start by deleted the out of date version of HJT you are running: C:\Program Files\HijackThis\HijackThis.exe Follow these directions to get the new version and properly position it. This meaning Eset. I'm not saying ALL of them were from the DL folder, but a good portion were.

C:\WINDOWS\system32\ntoskrnl.exe No streams found. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name. This allows s to remotely control your computer, steal critical system information and Download and Execute files I would counsel you to disconnect this PC from the Internet immediately. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log) Do not reboot your computer after running Rkill as the malware programs will start again.

And I thought that I was running a pretty tight ship here at my house. Click OK. Even for an advanced computer user.

I installed it back using the Windows XP CD and all was well.

Except when I got back into Windows, I was now having troubles loading MSN Messenger, Yahoo Messenger and CTRL+F wouldn't work. Instructions to run a ESET Smart Security full scan can be found at this link. If nothing happens or if the tool does not run, please let me know in your next reply. . I have my XP disk, but I don't relish the thought of rebuilding the laptop from scratch, finding installation keys for downloaded programs, etc.

So I am not sure what is going on with ESET Smart Security scans on your computer. Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer I've noticed the icon has disappeared a few times over the last few months. Thanks Attached Files ESET Infected Files.jpg 59.47KB 0 downloads ESET Infected Files-2.jpg 71.34KB 0 downloads ESET Scan Drives.jpg 78.2KB 0 downloads Back to top #52 garioch7 garioch7 RCMP Veteran Malware Response

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log Thanks Back to top #7 sdiggory sdiggory Member Members 11 posts Posted 02 January 2008 If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Now b/c I need this computer again I'm going to have to do another "no action" on the scan.

I was just worried and I didn't know what to do. ;; Okay.. Upon restart, I couldn't log into windows because I was missing "oleaut32.dll". HijackThis Log Started by sdiggory , Dec 31 2007 12:06 PM Page 1 of 2 1 2 Next This topic is locked 21 replies to this topic #1 sdiggory sdiggory Member SDFix: Version 1.122 Run by cust on Wed 01/02/2008 at 07:43 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: smtpdrv Path: System32\DRIVERS\smtpdrv.sys smtpdrv - Deleted

It does not count as help. I removed the log. Click Select All found at the bottom of the list. The others were malware I got from sites using Chrome.

Back to top #8 Simon9one Simon9one Self-Proclaimed Dictator of the World Anti-Spyware Brigade 4,311 posts Gender:Male Location:The Capital Wasteland Posted 20 July 2007 - 09:15 AM Silly me, I didn't even C:\WINDOWS\repair\smrs.exe http://www.sophos.co...32agobotrc.html Turns off anti-virus applications Allows others to access the computer Steals information Downloads code from the internet Reduces system security Records keystrokes There is more that I can't identify! Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Back to top #4 rickboston rickboston Member Full Member 41 posts Posted 02 March 2008 - 02:38 PM Hi Jedi,I could not get VundoFix to work I kept getting an RPC

More information about boot sectors can be found at this link. tears suck. >< Computers are evil. =( Thanks for offering your assistance..