Author Topic: win32Dropper (Read 10547 times)

essexboy · « **Reply #15 on:** February 12, 2011, 06:00:42 PM »

Were you able to create a bootable USB ? As OTLPE works outside of windows and will still run, thereby enabling me to see what is wrong

cb12 · « **Reply #16 on:** February 13, 2011, 02:22:48 AM »

No, I hadn't done that yet. Uhoh....

cb12 · « **Reply #17 on:** February 20, 2011, 09:33:21 PM »

Is there anything you can suggest on your end at this point or will I need to take it to someone in-person? Thank you!

essexboy · « **Reply #18 on:** February 20, 2011, 09:38:33 PM »

If you run the OTLPE it will produce a log for me to analyse and create a fix

cb12 · « **Reply #19 on:** February 20, 2011, 10:17:02 PM »

OK, so I'm just a bit confused. I thought that since I didn't create the OTLPE before my computer crashed, I was hooped. But are you saying that I can create the OTLPE from another computer, and use it on my netbook to fix it? If so, I will do that right now!

essexboy · « **Reply #20 on:** February 20, 2011, 10:19:38 PM »

Spot on OTLPE works within a windows pre install environment - you will get a windows xp style system running from the USB stick. Your windows on the hard disc will be analysed but does not need to run

cb12 · « **Reply #21 on:** February 21, 2011, 01:16:09 AM »

OK, I have posted the log. And thank you so much for giving me another reboot option - I was able to save my files, which was half my worry!

essexboy · « **Reply #22 on:** February 21, 2011, 08:39:26 PM »

Could you save the file as ANSI please as it is very difficult to interpret

cb12 · « **Reply #23 on:** February 22, 2011, 04:45:01 AM »

Sorry about that - I have posted the log again.

essexboy · « **Reply #24 on:** February 22, 2011, 08:36:05 PM »

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

Insert your USB drive with fix.txt on it
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

cb12 · « **Reply #25 on:** February 28, 2011, 12:58:37 AM »

thank you! i have posted my log.

essexboy · « **Reply #26 on:** February 28, 2011, 07:07:32 PM »

That looks as though you are running from normal mode, is that correct ?

If so lets sweep for orphans

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

cb12 · « **Reply #27 on:** March 01, 2011, 05:08:18 AM »

yes! my computer booted normally. i am soooo happy. here is what mbam produced:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5910

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/28/2011 8:07:02 PM
mbam-log-2011-02-28 (20-07-02).txt

Scan type: Quick scan
Objects scanned: 139024
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\CorinneB\my documents\downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\documents and settings\CorinneB\my documents\downloads\EXPLORER.EXE (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

thank you!!

essexboy · « **Reply #28 on:** March 01, 2011, 07:48:50 PM »

Are you experiencing any further problems ?

cb12 · « **Reply #29 on:** March 05, 2011, 04:15:19 PM »

nope!! thank you so much!

Author Topic: win32Dropper (Read 10547 times)

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper

essexboy

Re: win32Dropper

cb12

Re: win32Dropper