Author Topic: New Virus? (Read 25054 times)

essexboy · « **Reply #15 on:** September 24, 2011, 11:07:03 PM »

Subtle difference in climate I should imagine

RoughDobermann · « **Reply #16 on:** September 24, 2011, 11:07:49 PM »

Quote from: essexboy on September 24, 2011, 11:07:03 PM

Subtle difference in climate I should imagine

Yes, 330+ days of sunshine was hard to get used to!

RoughDobermann · « **Reply #17 on:** September 25, 2011, 04:10:26 PM »

Should I run ComboFix now?

essexboy · « **Reply #18 on:** September 25, 2011, 04:55:08 PM »

Yes please

essexboy · « **Reply #19 on:** September 25, 2011, 04:56:57 PM »

Quote

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found

This is the problem - alas TDSSKiller is not yet up to removing the complete zero access

RoughDobermann · « **Reply #20 on:** September 25, 2011, 05:08:03 PM »

Still rename Combofix to svchost?

essexboy · « **Reply #21 on:** September 25, 2011, 05:09:35 PM »

No requirement now as the main bad boy has gone

RoughDobermann · « **Reply #22 on:** September 25, 2011, 05:22:15 PM »

I still have Symantec Antivirus Corporate running, but don't see a way to end/disable it in the client or taskbar. How do I disable it? The link on the previous page to help with this is dead.

Pondus · « **Reply #23 on:** September 25, 2011, 05:27:13 PM »

Uninstallers for Security Software
http://thewebatom.net/uninstallers/security-software/

RoughDobermann · « **Reply #24 on:** September 25, 2011, 05:28:41 PM »

Is there a way to just stop/disable it rather than uninstalling it? This a work machine.

essexboy · « **Reply #25 on:** September 25, 2011, 05:29:31 PM »

Run combofix but do not allow Norton to quarantine or stop any files running

RoughDobermann · « **Reply #26 on:** September 25, 2011, 05:33:55 PM »

Quote from: essexboy on September 25, 2011, 05:29:31 PM

Run combofix but do not allow Norton to quarantine or stop any files running

Is it going to "tell" me if it tries that? Honestly, I've never seen Symantec (Norton?) do anything. I didn't even know it was installed!

essexboy · « **Reply #27 on:** September 25, 2011, 05:36:50 PM »

Yes there may be notifications - just click ignore

RoughDobermann · « **Reply #28 on:** September 25, 2011, 06:07:10 PM »

Quote from: essexboy on September 25, 2011, 05:36:50 PM

Yes there may be notifications - just click ignore

Okay, Combofix ran and produced this report. I still don't have Internet access, however.

Paul Rodgers · « **Reply #29 on:** September 25, 2011, 06:11:14 PM »

Quote from: RoughDobermann on September 25, 2011, 06:07:10 PM

Quote from: essexboy on September 25, 2011, 05:36:50 PM
Yes there may be notifications - just click ignore

Okay, Combofix ran and produced this report. I still don't have Internet access, however.

I had to fix this same rootkit. If I remember correctly Combofix tells you to run it again if you don't have internet access. You can also try a repair install.

Author Topic: New Virus? (Read 25054 times)

essexboy

Re: New Virus?

RoughDobermann

Re: New Virus?

RoughDobermann

Re: New Virus?

essexboy

Re: New Virus?

essexboy

Re: New Virus?

RoughDobermann

Re: New Virus?

essexboy

Re: New Virus?

RoughDobermann

Re: New Virus?

Pondus

Re: New Virus?

RoughDobermann

Re: New Virus?

essexboy

Re: New Virus?

RoughDobermann

Re: New Virus?

essexboy

Re: New Virus?

RoughDobermann

Re: New Virus?

Paul Rodgers

Re: New Virus?