Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unfixable? The end of antimalware? Linux the only answer??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unfixable? The end of antimalware? Linux the only answer??

Unread postby ohnonotagain » November 29th, 2010, 4:14 pm

Hi sorry for dramatic headline but needed help fast and no one seems able to. Posted this on another forum but no luck. If anyone has any ideas even if it means something drastic like installing linux (will need help with that!!) then pls feel free to post.

ohnonotagain
Topic Starter
Starter



Posts: 4

Experience: Beginner
OS: Unknown



help pls
« on: November 28, 2010, 03:17:19 AM »
Capability to block access to several security-related Web sites by modifying the hosts file.

View detected locations



A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.

View detected locations



MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).

View detected locations



Capability to delete the network shares C$, ADMIN$, IPC$, etc. A network-aware worm may secure shares in order to protect itself.

View detected locations



• Summary of the detected memory objects:
Severity Level Memory Object
Process "svchost.exe", heap page: [0x029f0000 - 0x02a30000]

View detected characteristics



Process "svchost.exe", heap page: [0x02ab0000 - 0x02af0000]


Process "svchost.exe", heap page: [0x02af0000 - 0x02b30000]

View detected characteristics


identified by threat expert. all other scanners missed it. kept getting lost internet connection and dns errors when visiting certain websites. how do i repair this file plse thanks.
IP logged
harry 48
Egghead



Thanked: 118
Posts: 2,822

Certifications: List
Computer: Specs
Experience: Familiar
OS: Windows 7


lay back , relax and chill out

harry the handyman.wordpress.com 1 1 1 [Thanked over 50 times.]

Re: help pls
« Reply #1 on: November 28, 2010, 04:47:25 AM »
go to below and complete , post 3 logs , a malware expert will help you

http://www.computerhope.com/forum/index ... 313.0.html
IP logged
don't take life to seriously . . . no one get's out alive ! so smile and be happy
http://harrythehandyman.wordpress.com/ D.I.Y help site

ohnonotagain
Topic Starter
Starter



Posts: 4

Experience: Beginner
OS: Unknown



Re: help pls
« Reply #2 on: November 28, 2010, 12:00:36 PM »
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2010 at 06:33 PM

Application Version : 4.46.1000

Core Rules Database Version : 5921
Trace Rules Database Version: 3733

Scan type : Complete Scan
Total Scan Time : 01:57:21

Memory items scanned : 742
Memory threats detected : 0
Registry items scanned : 9290
Registry threats detected : 0
File items scanned : 142118
File threats detected : 0




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5207

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

28/11/2010 18:43:02
mbam-log-2010-11-28 (18-43-02).txt

Scan type: Quick scan
Objects scanned: 149349
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:36, on 28/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Real-time Defender Professional\RuleEditor.exe
C:\Program Files\WinMHR\WinMHR.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Real-time Defender Professional\Alarm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\MICROS~2\wkcalrem.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PS_Alarm] C:\Program Files\Real-time Defender Professional\Alarm.exe
O4 - HKLM\..\Run: [PS_RuleEditor] C:\Program Files\Real-time Defender Professional\RuleEditor.exe
O4 - HKLM\..\Run: [Winsonar] C:\Users\nunakin\AppData\Local\Winsonar\winsonar.exe
O4 - HKCU\..\Run: [WinMHR] C:\Program Files\WinMHR\WinMHR.exe /minimize
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.6.11\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8181 bytes


using vista 32bit home basic. computer is a amd athlon dual core ql 64 based laptop nvidia geoforce 8200m g 3gb ram thanks
IP logged
ohnonotagain
Topic Starter
Starter



Posts: 4

Experience: Beginner
OS: Unknown



Re: help pls
« Reply #3 on: November 28, 2010, 12:11:19 PM »
just one other thing. i have another kind of last line of defence program called trusteer rapport. it has reported the following in last week -

attempt to alter function Ldrloaddll blocked (quite a few times)

also 16 password keyword protection events (anti keylogging) activations

1 blocked cookie access event - rapport prevents the capturing of trusteer rapport cookie SESS37802e1C51708b11897d0B1f9ba86017

6 blocked screen capture events-programs are SystemExplorer.exe, Bubbles.scr, a2start.exe, dwm.exe, iexplorer.exe, Bubbles.scr

thanks in advance
IP logged
ohnonotagain
Topic Starter
Starter



Posts: 4

Experience: Beginner
OS: Unknown



Re: help pls
« Reply #4 on: November 28, 2010, 12:15:56 PM »
sorry very last thing. norton reported recently it blocked an intrusion attempt from something like a phoenix kit or something. did scan and found trojan which was removed but that might not have anything to do with this!! dear dear. what is the net coming too dont go on any dodgy sites really dont...nothing safe is it.. ???
IP logged
harry 48
Egghead



Thanked: 118
Posts: 2,822

Certifications: List
Computer: Specs
Experience: Familiar
OS: Windows 7


lay back , relax and chill out

harry the handyman.wordpress.com 1 1 1 [Thanked over 50 times.]

Re: help pls
« Reply #5 on: November 28, 2010, 12:30:58 PM »
quote; what is the net coming too dont go on any dodgy sites really dont...nothing safe is it.. true very true

read and download this http://www.mywot.com/en/download/ff lets you know good sites

sit back and wait for an expert , i cannot help with malware
ohnonotagain
Banned Member
 
Posts: 4
Joined: November 29th, 2010, 4:10 pm
Advertisement
Register to Remove

Re: unfixable? The end of antimalware? Linux the only answer

Unread postby NonSuch » November 29th, 2010, 4:38 pm

The first thing you need to do is read the forum rules... >Forum Posting Rules - Please Read<

Hi sorry for dramatic headline but needed help fast and no one seems able to. Posted this on another forum but no luck. If anyone has any ideas even if it means something drastic like installing linux (will need help with that!!) then pls feel free to post.

Most help sites, including this one, are operated and supported by volunteers. If you need "fast help" then you should take your machine to a trusted local shop and have them fix it for you.

Don't invite anyone to "feel free to post" because we do not permit untrained unauthorized individuals to post advice here.

We answer logs on a first come first helped basis. If, after reading our forum rules, you decide you have time to wait your turn like everyone else, then start a new topic and post only your HijackThis log and Uninstall List, along with a brief description of your problem (we don't want or need to see posts/comments from other sites) then wait for a trained helper to assist you.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware