Author Topic: Scan Threat (Read 46972 times)

AKatRT · « **Reply #60 on:** November 06, 2010, 12:47:44 AM »

Log attached now in txt. Hope this works.

AKatRT · « **Reply #61 on:** November 06, 2010, 12:49:11 AM »

Apparently it did work thsi time - attaching the file in txt format that is. Now I ran this analysis at the AVS recommended settings in normal mode - FYI.

AKatRT · « **Reply #62 on:** November 06, 2010, 12:56:31 AM »

I have ran the AVZ analysis one more time with the setting changed to 'all servers and drivers'. Log attached.

AKatRT · « **Reply #63 on:** November 06, 2010, 01:23:01 AM »

Running another AVZ search with the antiviral toolkit. Again lots of warnings about 'proces masking'. Will try to get a log this time.

AKatRT · « **Reply #64 on:** November 06, 2010, 11:38:20 AM »

The search scan again takes for ever, goes slow, whilst the system indicates it is quarantining files. I have paused the search scan (afetr some 10 hrs I guess - and it may take another 5 to finish is my estimation)and have attempted to attach the saved the log with the results up to now. However there is a forum error message indicating that the file is too large. What to do please? Thanks.

essexboy · « **Reply #65 on:** November 06, 2010, 12:05:52 PM »

Could you upload to Mediafire and post the sharing link.

AKatRT · « **Reply #66 on:** November 06, 2010, 12:52:29 PM »

http://www.mediafire.com/?8dsd72ax81vlkyy

The above is indicated as the sharing URL. Hope this is what is needed. Thanks.

I wanted to ask you still please, when I first started out with Pondus, there waa a malware detector (forgot which one now) that identified temp files. In my case it listed a bunch of files but not the temp files that avast had indicated where the problem was. So i did not delete any. Should I run that program again perhaps and this time delete all those temp files the malware detector lists? Just a thought. Thanks.

essexboy · « **Reply #67 on:** November 06, 2010, 12:56:58 PM »

That did not look good as there are a lot of system processes masked

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Immediately that has finished I will need a fresh Combofix scan please

Download links
Link 1
Link 2

AKatRT · « **Reply #68 on:** November 06, 2010, 04:16:55 PM »

Unable to post with attachment. Get timed out. Did upload instead. URL is http://www.mediafire.com/?bth4nlnxu49bf2i. Machine getting slower and slower. Ran Dr Web in safe mode with networking. It found no infections. I did not as yet run the combofix - should I if no infections were found and should I run in safe mode? Was unable to communicate with the forum from safe mode with networking. And still very slow to ommunicate. Am now back in normal mode. Also, during the Dr Web scan, Windows showed a threat message indicating that Hosts files had been modified. It asked me if I wanted to return to default for Hosts, and I accepted. Also, it appears as if something is preventing me or causing me to get hung up when trying to access certain websites (hotmial, yahoo, etc); I also wonder if something is trying to redirect me. The URL when I access hotmail is http://sn130w.snt130.mail.live.com/default.aspx?wa=wsignin1.0
Not sure whether that means anything, but can only access hotmail when this URL is showing. Cannot access hotmail via MSN web for example.

Please advise. Thanks.

By the way, somehow lost the sequence and a new post was started in error. I'm struggling here - sorry. Thanks.

essexboy · « **Reply #69 on:** November 06, 2010, 04:39:56 PM »

Yes continue with the combofix run please - from safe mode if necessary

The link is to the windows live sign in page

YoKenny · « **Reply #70 on:** November 06, 2010, 05:51:23 PM »

@ AKatRT

Please Go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

It helps to know what timezone you are in.

AKatRT · « **Reply #71 on:** November 06, 2010, 10:36:51 PM »

OK, will run combofix.

In the meantime I had tried to run a full scan with Dr Web but was taking ages.

YoKenny: Understand, but nothing is easy. I am currently in the US travel back to Europe on Monday. Am on the move a lot and at work all the time - and thus not always access to sick laptop. Sorry. Thanks. Andre'

AKatRT · « **Reply #72 on:** November 07, 2010, 04:14:38 AM »

I have attached combofix log (I hope) - cannot locate a program generated log; this one I saved and hopefully it works for you. Thanks for sticking with me Essexboy!

AKatRT · « **Reply #73 on:** November 07, 2010, 05:39:39 AM »

Attached another version I found of the combofix log but hopefully = same as I sent an hour or so earlier.

Also ran MBAM one more time. Log attached (2 versions saved - I hope with identical content - one I saved manually)

Thanks.

essexboy · « **Reply #74 on:** November 07, 2010, 12:56:03 PM »

Hmmm this is weird - do you have the HTML file from AVZ ? If so could you upload that

At the moment I am seeing no malware of any description at all

Author Topic: Scan Threat (Read 46972 times)

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

essexboy

Re: Scan Threat

AKatRT

Re: Scan Threat

essexboy

Re: Scan Threat

AKatRT

Re: Scan Threat

essexboy

Re: Scan Threat

YoKenny

Re: Scan Threat

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

AKatRT

Re: Scan Threat

essexboy

Re: Scan Threat