June 10, 2009 at 9:52 am #32022
I found this for you Woodyblade, it looks like a real Nasty. It shows up in the Virus Scan.http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentgtn.htmlTuscany said this in the first Post.[A couple weeks ago, we had a guy come in and use ComboFix to clean it up and so the computer is now running on a modified BOOT.ini[The Dates on the scans seem to be current?Could it be a Combo Fix that went wrong, or a New Infection?June 10, 2009 at 2:31 pm #32023
Tuscany,Can I ask you what your onboard Anti Virus is and also any others rather than Malwarebytes that you showed us?I think that could also be part of this. It seems like the Infections occurred after your ComboFix was sorted out? Just going on what you Stated in your first Post as I pointed out to Woodyblade.It looks more and more like a connected Problem with Malware.Just in case, If I was you, I would Back up all Data that you may need, not executable Programs with .exe after them Just in Case you may need to format and Reinstall to get rid of it. You should also Back up your Data on a regular Basis in case of this situation.BTW, always Back up to either another Secondary partition/Drive, or to CDs or DVDs, NEVER on your C:Drive, That all get's wiped in Format and Reinstall, nothing remains.including Viruses.DDJune 10, 2009 at 3:52 pm #32024
Can I ask you what your onboard Anti Virus is and also any others rather than Malwarebytes that you showed us?
I gave a MediaFire link to my AntiVir full scan log in my previous post.
I think that could also be part of this. It seems like the Infections occurred after your ComboFix was sorted out? Just going on what you Stated in your first Post as I pointed out to Woodyblade.
This current problem started after ComboFix but I had much worse problems before I used it. Besides this one problem, my computer is running fine with regular speed, no popups, etc.
Just in case, If I was you, I would Back up all Data that you may need, not executable Programs with .exe after them Just in Case you may need to format and Reinstall to get rid of it. You should also Back up your Data on a regular Basis in case of this situation.
I would have reformatted a long time back if this was an option for me but I don't have a Windows install disk.June 10, 2009 at 11:53 pm #32025
To tell you the truth…There is alot of stuff there and any average person would format. Because even if you try and remove all of this, you would be lucky to get every little bit…Having said that...If I was in your situation I would:Stop all connections to the internet. You do not want any files sending your personal data away...Who knows...Then I would go here http://www.hijackthis.de/ and press on the direct download link in the top right. Download the program. Scan your computer. Paste the log back into the website that you downloaded the program from. Keep the log open.Press on analyze.Now you can clearly see what is bad and what is harmless...Now go back to the log and put a tick next to a bad item and press on the button, more information. This will tell you if it is a Windows system file that cannot be deleted. Most should be fine to delete manually...Hyjackthis gives you the full path and info to go with it. I would be deleting this stuff asap. Before deleing stuff you could post your hyjack this log here for us to see...Like I said...I do not deal with all this because I would be formatting my computer asap..Please correct me if I am off the track.You could just start deleting what you see in your log above but you have no information on what the file is.June 11, 2009 at 1:22 am #32026
Disregard what I said previously….I have just spoken to an expert on viruses...He says go to http://avast.com/eng/download-avast-professional.htmlDownload 4.8 pro...It is a full working trial for 30 or 60 days...Install the program...When it asks to schedual a system boot scan say yes and restart the computer.... Follow the prompts...This will take out malware..The reason he says to use this is because it will scan the entire system before windows loads. This means that the registry files can be accessed and removed safely without windows interfering. Not many antivirus programs do that...Most scan when windows is running only....Hope this works, however we are not clear that this is actually a virus yet...The log looks a bit odd to us...June 11, 2009 at 2:31 am #32027
All this info must be driving you crazy but here is a link about combofix..and it is designed to only remove specific trojans, not all…http://www.bleepingcomputer.com/combofix/how-to-use-combofixJune 11, 2009 at 9:50 am #32028
Sorry I would have replied back sooner been busy, In my opinion seeing all that in your Malwarebytes Log and your Anti-Virus I have to agree with Mitz formatting looks to be the best option in this case, You have MyWebsearch which is a annoying toolbar that can be a great pain in the behind to remove it takes anything over an hour to delete the registry keys it leaves – http://en.wikipedia.org/wiki/MyWay_Searchbar#Removal, amongst all that it is full of a few different trojans, bots, backdoor software and downloaders. That anti-virus scan you ran has over 30 pages listed with the Trojans, Spyware amongst other things. So I don't think Combofix is to blame the computer is truly full of different Malware. Even if you could get all that removed it would be hours upon hours of work tracking everything down and getting rid of it with the software tools available as well as the chance that you might not ever be secure again unless you format it but obviously it seems a problem unless you have the OS Discs (Which you don't)I guess we'll have to try and help you, certainly worth a try.Firstly run the boot scan as Mitz suggested with Avast, Then re-run Malwarebytes and once the scan is done select the option which should say something like delete or attempt to delete the infected files (You didn't do that last time according to your log, since it said "No Action Taken" against them all), then repost both logs for us.June 11, 2009 at 5:53 pm #32029
I havent looked at the virus scan, my anti virus and firefox both think the site where you have hosted the scan is malicious and i couldnt be bothered resetting my security preferences lol.Its obvious from the malware bytes log that that scan shows a lot of bugs, and everyone who is seeing the virus scan says the same, so I guess you can take it as found that its a major bug problem and reinstalling is the easiest and most effective solution. Since you dont have any O/S discs, may I suggest that Windows 7 can be downloaded and installed free. Its Vistas replacement and you can download a legal and licenced version from the microsoft site. Please read here
Mitz from Tips4pcJune 15, 2009 at 4:30 am #32030
Sorry for the late reply.Woodyblade -Here is the new MalwareBytes log:
Malwarebytes' Anti-Malware 1.37Database version: 2182Windows 5.1.2600 Service Pack 26/14/2009 1:24:10 PMmbam-log-2009-06-14 (13-24-10).txtScan type: Quick ScanObjects scanned: 92168Time elapsed: 9 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)
Mitz -I installed Avast! Pro but when I installed it and restarted, it wouldn't let me connect to the Internet through Opera either.June 15, 2009 at 6:59 am #32031
If the problem is on more than one computer now it is something to do with the router/modem or your network setup.June 15, 2009 at 10:18 am #32032
@TuscanyWell the log seems clean this time, looks like any Malware you may have had is gone? You got a reply from those at GTG yet?Has everyone else who uses your Router always had problems?If so then it sounds like your network setup as Mitz has pointed to, more specifically the Router will probably have a Firewall that is blocking the connections from certain programs or possibly the programs are being blocked when trying to go through a certain virtual port on the Router (Of which there are over 65000 virtual ports I think? I think 80 is the general port for HTTP Connections normally the port the Browser uses?).I'll just ask a question that should help in dealing with this, so Mitz or Dak can help you on the Networking partWhat is the Manufacturer and Model/Make of your Router?@MitzThe logs are dated at the top of the log, I assume you've seen the dates associated with them, the first Malwarebytes log is dated 8th June (2 days after Tuscany posted) so both are after Combofix was run, the other being dated at the 14th June.CheersJune 15, 2009 at 11:07 am #32033
Thats what is confusing…what actually got rid of the viruses? I think I am missing something here???? Anyway...to add to Woody's questions...Did you set your network up yourself and was it working fine before the combofix? When Dak suggested you reset the router did you use the router setup wizard again also?June 15, 2009 at 4:30 pm #32034
Thats what is confusing...what actually got rid of the viruses? I think I am missing something here?
MalwareBytes got rid of the viruses.Woodyblade -
Well the log seems clean this time, looks like any Malware you may have had is gone? You got a reply from those at GTG yet?Has everyone else who uses your Router always had problems?
I haven't gotten a reply from GTG yet and I haven't checked about problems with the router.June 15, 2009 at 8:21 pm #32035
Go here to see how to get into your router when you do not know the IP..http://www.tips4pc.com/Articles/Networking%20tips/how_find_the_ip_address_of_your.htmJune 15, 2009 at 10:55 pm #32036
I found the IP address by clicking on “Network Connections”, right clicking on the icon and choosing “Status”. I then clicked on Support when I found the IP Address which was different from what I saw using ipconfig. I typed it into the URL and got an error message saying it couldn't find the page.The other IP I tried at least gave me the username/password prompt but the username and password given by the site you posted and others doesn't work.
You must be logged in to reply to this topic.