Author Topic: Welcome to NGINX  (Read 63043 times)

0 Members and 1 Guest are viewing this topic.

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #30 on: May 09, 2012, 04:38:13 AM »
Let's check for the rootkit...

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #31 on: May 09, 2012, 05:21:57 AM »
Arrgghh, I could scream!!  Its that locked file, Service: sptd, suspicious object medium risk C:\Windows\system32\Drivers\sptd.sys.  I have run TDSSKiller 3 times, quarantined it twice, rebooted once, options are: Skip, Copy all to quarantine, or delete.  Not sure what to do about this third one sitting on my desktop because copying to quarantine does nothing.  Please advise.  Attached logs of same, apparently not as file is too big, hope this one gets to you.  Quarantined anyway.

Cheers,
« Last Edit: May 09, 2012, 05:30:07 AM by nanajana »
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #32 on: May 09, 2012, 01:55:48 PM »
Don't worry about that.  It is part of the Daemon programs you have on your system.  Daemon programs will sometimes use rootkit technology that is picked up occasionally by antivirus programs.  It is a false positive.  :)

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #33 on: May 09, 2012, 02:11:03 PM »
Hi,

Well that is good news!  I also ran a new eset last night and it didn't find any malicious threats, or for that matter, threats of any kind.  So this should be it, we can put this baby to bed!!  I will go ahead now and change my passwords, that is going to be a huge job but a necessary one. :(

Cheers, :)
Janice
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #34 on: May 09, 2012, 03:13:56 PM »
Hi,

Glad that we could help!  :)

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #35 on: May 09, 2012, 03:32:35 PM »
Hi,

Your very welcome and I too am glad that you could help.  Thanks again!

Cheers
I love this forum, with all its extremely knowledgeable personnel!

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #36 on: May 11, 2012, 05:57:03 PM »
Hi,

I was searching out win32 bagle.gen.zip worm which as you know I had on my computer.  TrojanDownloader:Win32/Bagle.gen!A creates the following registry subkeys and entries as part of its installation routine:
 
Adds value: "frstrunn"
With data: "1"
To subkey: HKCU\Software\bisoft
 
Adds value: "EnableLUA"
With data: "<value>"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\Security Center\Svc
 
where <value> is a certain number.
 
Adds key: HKCU\Software\Local AppWizard-Generated Applications
 
and all its associated subkeys.
 
It may also create the following folders:
 

    %AppData%\drivers
    %AppData%\drivers\downld

So while preforming regedit, looking for any of this I come across Adds key: HKCU\Software\Local AppWizard-Generated Applications.  I found it in  HKEY users:  Software.  Tried looking for the rest but not sure if its not there or I'm not looking in the right spot.  Please advise what now!

Cheers
I love this forum, with all its extremely knowledgeable personnel!

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #37 on: May 11, 2012, 06:32:45 PM »
Hi,

I ran aswMBR and then OTL, not sure if I should have run OTL first.  Attached logs from same.
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #38 on: May 11, 2012, 07:51:43 PM »
Hi,

Please double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".

  • Click the Scan button to start scan.
  • When scan finishes, press the Fix Button. Once the Fix is done, press the Save Log button and save the log to your desktop. You need to reboot your computer when its done before you do anything else, then post the log that will be on your desktop.

[SIZE="1"]Click the image to enlarge it[/SIZE]

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #39 on: May 11, 2012, 08:44:15 PM »
HI,

I can't get the scan to finish, its frozen on 13:27  Scanning:  C:\Users\Janice\AppData\Local\Microsoft\Windows Live\Installer\catalog\.  That's all I can see, so should I click on fix or should I exit and start again.
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #40 on: May 11, 2012, 08:47:09 PM »
Start it over and see if it will finish.  If not, boot to Safe Mode and attempt to run the instructions that I provided. 

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #41 on: May 11, 2012, 11:10:13 PM »
Hi
 
still trying to run  this.  had to go out but left it running in safemode,  its taking forever and yesterday when i ran avast quick scan it ran for 45 mins and then said no threats!!!  anyway i  will check it out when i get home but if you don't hear from me i will be away til sunday, shut down the computer and tryagain.  if it works i will post the log

cheers
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #42 on: May 11, 2012, 11:30:20 PM »
Sounds like a plan.  :)

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #43 on: May 12, 2012, 12:12:58 AM »
It completed but said it would damage the partition if I ran fixmbr.  So that's it for now, I need a break!!!!   Try again Sunday

Cheers
I love this forum, with all its extremely knowledgeable personnel!

hrr4

  • Guest
Re: Welcome to NGINX
« Reply #44 on: May 12, 2012, 05:33:53 AM »
I was having the same problem


I was having the same problem tried almost everything in my case when i was deleting the cache through IE's Delete button it didnt fix my problem.
 
When i manually deleted all the files from
 
AppData\Local\Microsoft\Windows\Temporary Internet Files
 
The problem went away you might want to try deleting ur temp files manually.
 
 
 Same Problem another comp :
Another way i fixed it on my other computer is simply by rightclicking on the tab and refreshing.