Author Topic: flices.biz/gate.php  (Read 23189 times)

0 Members and 1 Guest are viewing this topic.

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #15 on: August 17, 2012, 01:39:12 PM »
I have downloaded Dr Web Live CD to my desktop but the files have to be extracted and I cannot find a programme to run.  I am stuck and am hoping that someone can help, please.

Edit - the programme is downloaded to my desktop as WinRaR.  I extracted the files but none of them made sense (to me).
« Last Edit: August 17, 2012, 01:47:49 PM by burnside »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #16 on: August 17, 2012, 01:54:39 PM »
The file should have downloaded with an ISO extension and not RAR .. Did you change it at all ?

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #17 on: August 17, 2012, 02:52:50 PM »
It downloaded as an ISO extension, as drweb-livecd-600.iso - WinRAR (evaluation copy).  The files are extracted to a folder and in that is another folder called "boot".  No exe files.

I must be doing something wrong.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #18 on: August 17, 2012, 03:05:59 PM »
Just downloading now... It is coming down on my system as an ISO

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #19 on: August 17, 2012, 03:23:25 PM »
HI - I have downloaded it twice, takes well over an hour and always arrives as WinRAR


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #20 on: August 17, 2012, 03:28:11 PM »
It appears that you have winrar on your system and it is changing the ending

Could you rename the extension to .ISO ie delete the - WinRAR (evaluation copy).   part
Then double clicking the ISO file will start imgBurn

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #21 on: August 17, 2012, 03:57:01 PM »
Not able to rename the extension but I have opened it with imgBurn.  About to reboot - fingers crossed!

Many thanks.

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #22 on: August 18, 2012, 12:07:25 AM »
Well, after nearly 7 hours Dr Webcd froze - near the end of scan it would seem. No idea what to do next. 

The laptop is partitioned.  C Drive was completely clean.  D Drive, which is used to back up the C Drive, had 49 files which were not readable.  No threats.

I have attached the new OTL log. Wish I knew what it all means.

The laptop seems to be working okay today.  No warnings from Avast so am I probem free?

Many thanks, once again

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #23 on: August 18, 2012, 12:17:30 AM »
Could you attach the OTL log  ;D


burnside

  • Guest
Re: flices.biz/gate.php
« Reply #24 on: August 18, 2012, 11:14:25 AM »
Sorry - not sure what happened there.  I did add it - will try again.

I have switched on this morning and everything seems to be running smoothly: no popups either. 

Last night, before it froze while scanning the Avast software programme on the D drive, DrWeb did find the Trojan Siggen4.16488.  Not sure how it ended up there.  I have not backed up to the D drive for sometime - I use a removable hard drive.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #25 on: August 18, 2012, 02:51:58 PM »
    Could you re-run RogueKiller again please so that I can check the status of the drivers

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #26 on: August 18, 2012, 10:12:03 PM »
Hello.  I have run RogueKiller and attached the two reports.  What does all that "faked driver" mean?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: flices.biz/gate.php
« Reply #27 on: August 18, 2012, 10:25:07 PM »
Those are the trojan agent's fake drivers. Follow essexboy's instructions to the dot,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #28 on: August 18, 2012, 10:32:09 PM »
That is why I thought you had a file infector... Although Dr Web does not think so

Do you have your CD as I feel the best option here is to reformat the system

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #29 on: August 18, 2012, 10:57:15 PM »
What is a file infector, is there anyway to tell how long it has been there and is it still functional?  Was it possible to tell if the fake drivers were on the C or D drive?  Am I at risk when logging onto secure sites? Gulp.

Do you mean the R-CD that I used yesterday for Dr Web?  Yes, I do have it. 

I am in the dark here and am not even sure if I am asking the right questions!