Solve : worms in my computer?

1.	Solve : worms in my computer?
Answer» Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Quote KillAll:: File:: c:\windows\DUMP78e9.tmp c:\windows\DUMP74e1.tmp DDS:: Trusted Zone: bcnonline.com\www Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt I don't need to see the log from this action. *********************************************** SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your DESKTOP. Double click Sysprot.exe to start the program. Click on the Log tab. In the Write to log box select the following items. Process << Selected Kernel Modules << Selected SSDT << Selected Kernel Hooks << Selected IRP Hooks << NOT Selected Ports << NOT Selected Hidden Files << Selected At the bottom of the page Hidden Objects Only << Selected Click on the Create Log button on the bottom right. After a few seconds a new window should appear. Select Scan Root Drive. Click on the Start button. When it is complete a new window will appear to indicate that the scan is finished. The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here. After doing the CFScript and the SysProt, and after the smoke cleared, I am looking for the text file. At first it seemed to tell me there was nothing found....poking around I found this. MZ? ÿÿ ? @ P º ?Í!?LÍ!This program cannot be run in DOS mode. The main body of this log was deleted by myself, Dave.** It´s all Greek to me........ the SysProt ran fine ( I think) did I miss something? Quote MZ? ÿÿ ? @ P º ? Í!?LÍ!This program cannot be run in DOS mode. $ Did you follow the instructions? It states that you cannot run this in DOS mode. I did not run it in DOS, I am not nearly that smart, I ran it like I was instructed. Here is something I found on the desktop at the end of the day. # Archive C:\Documents and Settings\gne\Escritorio\SysProt.zip 2009-03-15 23:11 Folder Folder SysProt 2009-03-15 20:18 145408 139772 SysProt\SysProt.exe 2009-03-15 23:10 268146 214248 SysProt\SysProt_AntiRootkit_Help.pdf # # TOTAL Size Packed Files # 413554 354020 3 Ok. Let's just forget about this scanner and we'll TRY another. * Download the following TOOL: RootRepeal - Rootkit Detector * Direct download link is here: RootRepeal.zip * Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan. * Click this link to see a list of such programs and how to disable them. * Extract the program file to a new folder such as C:\RootRepeal * Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button. * Select ALL of the checkboxes and then click OK and it will start scanning your system. * If you have multiple drives you only need to check the C: drive or the one Windows is installed on. * When done, click on Save Report * Save it to the same location where you ran it from, such as C:RootRepeal * Save it as rootrepeal.txt * Then open that log and select all and copy/paste it BACK on your next reply please. * Close RootRepeal.

Answer»

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::

c:\windows\DUMP78e9.tmp
c:\windows\DUMP74e1.tmp

DDS::
Trusted Zone: bcnonline.com\www
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this action.

*************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your DESKTOP.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

After doing the CFScript and the SysProt, and after the smoke cleared, I am looking for the text file. At first it seemed to tell me there was nothing found....poking around I found this.
MZ? ÿÿ ? @ P º ?Í!?LÍ!This program cannot be run in DOS mode.
The main body of this log was deleted by myself, Dave.
It´s all Greek to me........ the SysProt ran fine ( I think) did I miss something?
Quote

MZ? ÿÿ ? @ P º ? Í!?LÍ!This program cannot be run in DOS mode. $

Did you follow the instructions? It states that you cannot run this in DOS mode. I did not run it in DOS, I am not nearly that smart, I ran it like I was instructed. Here is something I found on the desktop at the end of the day.
# Archive C:\Documents and Settings\gne\Escritorio\SysProt.zip
2009-03-15 23:11 Folder Folder SysProt
2009-03-15 20:18 145408 139772 SysProt\SysProt.exe
2009-03-15 23:10 268146 214248 SysProt\SysProt_AntiRootkit_Help.pdf
#
# TOTAL Size Packed Files
# 413554 354020 3

Ok. Let's just forget about this scanner and we'll TRY another.

* Download the following TOOL: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it BACK on your next reply please.
* Close RootRepeal.

Solve : worms in my computer?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment