Author Topic: trojan,rootkit  (Read 10382 times)

0 Members and 1 Guest are viewing this topic.

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #30 on: March 12, 2014, 12:07:49 PM »
Hello,

I disabled the avast services, firewall and secure online.

So I started pre-scan and received the following message:

"Windows must now restart because the power service is terminated Unexpectedly.

Reboot of pc.

I looked at the root of the c drive and I did not find any log,
there i one pre-scan directory.(c:\pre-scan)

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #31 on: March 12, 2014, 12:20:16 PM »
I forget to stop antimalware byte,

i run pre_scan a second time and now i have a window with:

ScanIkill  diag script exit   expl/del  info-switch
sos-virus

what can i choose?  scankill?


gen-hackman

  • Guest
Re: trojan,rootkit
« Reply #32 on: March 12, 2014, 01:14:28 PM »
None , exit the program and give the report as it's asked

No problem for that

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #33 on: March 12, 2014, 09:23:44 PM »
There is no Pre_Scan_date_l’heure.txt in my C:\

want you the "directory Pre_Scan" rename in Pre_Scan_12/03/2014_12h10.txt?

i 'm sorry i don't understand very well ... or there is no log!

I have carefully read the instructions on the webpage "http://gen-hackman.purforum.com/t19-1-pre_scan-canned-speech"





sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #34 on: March 12, 2014, 11:09:01 PM »
Here is the file "Pre_Scan_12_03_2014_22_39_54.txt size 33ko.

http://cjoint.com/?3CmxfNIxJqT

Peter

gen-hackman

  • Guest
Re: trojan,rootkit
« Reply #35 on: March 13, 2014, 07:50:04 AM »
Hello , run again Pre_Scan , click on "Diag" in the menu which will appear for his twice launch , and at the end Attach C:\Pre_Diag_date_hour.txt

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #36 on: March 13, 2014, 11:23:07 AM »
Hello,

Diag run faster than Pre_Scan(14min for diag, 27min for Pre_Scan yesterday)

http://cjoint.com/?3CnluxyO5tf

peter

gen-hackman

  • Guest
Re: trojan,rootkit
« Reply #37 on: March 13, 2014, 02:49:51 PM »
it's clean

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #38 on: March 13, 2014, 09:49:31 PM »
hello,

before repairs the

program “aswmbr”
was planting in the following location:

avast scan engine c: \ windows
avast scan engine c: \ windows \ system32

scanning c: \ windows \ assembly \ GAC_MSIL \ Microsoft.VisualStudio.Tools.Applications
then the program crashed...

I could not see the end of the line.
I suspect this GAC_MSIL application (proc c and vb) is damaged somewhere.
What do you think about?

gen-hackman

  • Guest
Re: trojan,rootkit
« Reply #39 on: March 14, 2014, 08:11:44 AM »
was the antivirus deactivated when you used aswmbr ?

(c'est pas parce qu'un outil plante qu'il y a forcement infection ( ne pas tomber dans la paranoïa ^^) , surtout dans ce dossier le seul qu'il y ait en fichier infectieux c'est Desktop.ini appartenant à zeroaccess  , le seul depuis 6 ans que je desinfecte)

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #40 on: March 14, 2014, 10:29:12 AM »
Hello,
anti-virus malware and firewalls windows were well off,
this program even work without disabling anti-xxx before.

Could you be kind enough to explain briefly what is your diagnosis on the previous state of my pc.

Maybe tell me what I should avoid, abandon firefox?,

there is also an important point for me,
I just had trouble with an email account "firstname.lastname @ yahoo.fr"
how to avoid hacking a mailbox, mail account which you advise?

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: trojan,rootkit
« Reply #41 on: March 14, 2014, 10:40:21 AM »
Bonjour,

Pour l'internet, utilise Internet Explorer. C'est le plus sur.

Pour courriel, utilise, gmail ou votre e-mail d'emplois (le cas echeant).

If I understood correctly. G3N might've said you have ZeroAccess. That might be a mistake on my part. If so, and he can't remove I can get Magna or Essexboy.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #42 on: March 14, 2014, 01:20:15 PM »
Hello,

I think it's clean,

but there was perhaps something else to repair before the infection.

in this case who should i contact for repair "c: \ windows \ assembly \ GAC_MSIL "

a big thank you all for your patience, kindness and great skill,

peter

gen-hackman

  • Guest
Re: trojan,rootkit
« Reply #43 on: March 14, 2014, 08:29:37 PM »

sépadubidon

  • Guest
Re: trojan,rootkit
« Reply #44 on: March 14, 2014, 10:14:06 PM »
Hello,

I executed directly gmer in safe mode.
I had to answer twice
54 times to cancel a window called "no disc"
here is the log,
good evening.

http://cjoint.com/?DCowmppYmJp

peter