If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
malicious software removal tool
lopar wrote:
OK thanks but its definitely not there, caps or not. now i'm stuck Have you run chkdsk yet? Have you run sfc /scannow yet? -- 1PW |
Ads |
#17
|
|||
|
|||
malicious software removal tool
yes i saw the corruption on 15 this month.
i know about chkdsk and can run that if you think i shoudl but not heard of the sfc one - can you tell me how to do that ? "1PW" wrote: lopar wrote: OK thanks but its definitely not there, caps or not. now i'm stuck Have you run chkdsk yet? Have you run sfc /scannow yet? -- 1PW |
#18
|
|||
|
|||
malicious software removal tool
lopar wrote:
yes i saw the corruption on 15 this month. i know about chkdsk and can run that if you think i should but not heard of the sfc one - can you tell me how to do that ? System File Checker: http://support.microsoft.com/kb/310747 Have your Microsoft installation CD mounted in your CD/DVD drive, then from a command prompt: sfc /scannow Q: Have you written in a previous post that you checked "Scheduled Tasks" and that nothing is seen that corresponds to the 15th of the month? -- 1PW |
#19
|
|||
|
|||
malicious software removal tool
Latest thoughts/activity: since there is no mrt file it can't be running
automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). therefore i won't donwload next automatic update and see if problem recurs on 15/10. if it does there is something running on the mahine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? answers to your questions 1. have now run chkdsk and no probs 2. have checked scheduled tasks and nothing with that date in 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! thanks for your patience...... "1PW" wrote: lopar wrote: yes i saw the corruption on 15 this month. i know about chkdsk and can run that if you think i should but not heard of the sfc one - can you tell me how to do that ? System File Checker: http://support.microsoft.com/kb/310747 Have your Microsoft installation CD mounted in your CD/DVD drive, then from a command prompt: sfc /scannow Q: Have you written in a previous post that you checked "Scheduled Tasks" and that nothing is seen that corresponds to the 15th of the month? -- 1PW |
#20
|
|||
|
|||
malicious software removal tool
lopar wrote:
Latest thoughts/activity: since there is no mrt file it can't be running automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). This can be resolved later with a post to: microsoft.private.security.spyware.general (Windows Defender Specific Newsgroup) therefore i won't download next automatic update and see if problem recurs on 15/10. if it does there is something running on the machine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? My gut feeling says the trouble is elsewhere but where I don't know yet. You won't harm your system from what I read and you'll learn something. answers to your questions 1. have now run chkdsk and no probs Excellent. 2. have checked scheduled tasks and nothing with that date in Drat! 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! I understand. In the US, I'm a third of the world away from you, but I'm up anyway. Obey the call of Morpheus. thanks for your patience...... You are very welcome. I was hoping you could find time to follow Shenan Stanley's suggestions. Honestly, after that, the best move may be a "Flatten & Rebuild" but we can still check a few more things before then. -- 1PW |
#21
|
|||
|
|||
malicious software removal tool
i have had another thought, which i hope is not a source of great irritation
to you because i have only just thought if it. the corruption only occurs on my profile - there are 4 profiles on the system, 3 of which have admin rights inc mine (though no one else in the house does any system stuff or downloads). this realisation made me think about what the differences are between the profiles and the only difference is that mine has a non standard MS product on it - a screensaver http://www.download3000.com/download_45524.html it is available to all users but only activated on mine. plus i installed it in May and have been encountering this problem for about 4 or 5 months (so about right). is it possible then that there is some weird interaction going on between the s/saver and the defender /mrt updates (which are the only ones seeming to cause the problem)? if so is it possible to keep the s/saver (which is really rather nice) and also fix the problem do you think ? i have also now run malwarebytes and it found a few things inc a trojan. didn't look significant, but i wouldn't know.... on Stanley's sugestions, very comprehensive and welcome, however a last reort for me, partly because it looks like they would take 2 or 3 days to work thru and partly because they seem to involve uninstalling a lot of products and updates, and for a relatively inexperienced user like me (i am guessing you have a sense of where i am experience wise by now) this makes me nervous. "1PW" wrote: lopar wrote: Latest thoughts/activity: since there is no mrt file it can't be running automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). This can be resolved later with a post to: microsoft.private.security.spyware.general (Windows Defender Specific Newsgroup) therefore i won't download next automatic update and see if problem recurs on 15/10. if it does there is something running on the machine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? My gut feeling says the trouble is elsewhere but where I don't know yet. You won't harm your system from what I read and you'll learn something. answers to your questions 1. have now run chkdsk and no probs Excellent. 2. have checked scheduled tasks and nothing with that date in Drat! 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! I understand. In the US, I'm a third of the world away from you, but I'm up anyway. Obey the call of Morpheus. thanks for your patience...... You are very welcome. I was hoping you could find time to follow Shenan Stanley's suggestions. Honestly, after that, the best move may be a "Flatten & Rebuild" but we can still check a few more things before then. -- 1PW |
#22
|
|||
|
|||
malicious software removal tool
snipped
lopar wrote: snipped on Stanley's sugestions, very comprehensive and welcome, however a last reort for me, partly because it looks like they would take 2 or 3 days to work thru and partly because they seem to involve uninstalling a lot of products and updates, and for a relatively inexperienced user like me (i am guessing you have a sense of where i am experience wise by now) this makes me nervous. About 8-10 hours - if you don't pay close attention to it. It's not complicated, it's not dangerous. Everything I suggested is fairly safe - especially if done in the order given. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#23
|
|||
|
|||
malicious software removal tool
was there anything on my last post - where i talk about the screensaver ? i
typed it once, lost it then typed it again, but its looking blank from this end ? i have also just run sfc, it didn't give me any info, so i assume all ok. "1PW" wrote: lopar wrote: Latest thoughts/activity: since there is no mrt file it can't be running automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). This can be resolved later with a post to: microsoft.private.security.spyware.general (Windows Defender Specific Newsgroup) therefore i won't download next automatic update and see if problem recurs on 15/10. if it does there is something running on the machine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? My gut feeling says the trouble is elsewhere but where I don't know yet. You won't harm your system from what I read and you'll learn something. answers to your questions 1. have now run chkdsk and no probs Excellent. 2. have checked scheduled tasks and nothing with that date in Drat! 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! I understand. In the US, I'm a third of the world away from you, but I'm up anyway. Obey the call of Morpheus. thanks for your patience...... You are very welcome. I was hoping you could find time to follow Shenan Stanley's suggestions. Honestly, after that, the best move may be a "Flatten & Rebuild" but we can still check a few more things before then. -- 1PW |
#24
|
|||
|
|||
malicious software removal tool
lopar wrote:
was there anything on my last post - where i talk about the screensaver ? i typed it once, lost it then typed it again, but its looking blank from this end ? That's strange. i have also just run sfc, it didn't give me any info, so i assume all ok. Check the "cbs.log" carefully. "1PW" wrote: lopar wrote: Latest thoughts/activity: since there is no mrt file it can't be running automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). This can be resolved later with a post to: microsoft.private.security.spyware.general (Windows Defender Specific Newsgroup) therefore i won't download next automatic update and see if problem recurs on 15/10. if it does there is something running on the machine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? My gut feeling says the trouble is elsewhere but where I don't know yet. You won't harm your system from what I read and you'll learn something. answers to your questions 1. have now run chkdsk and no probs Excellent. 2. have checked scheduled tasks and nothing with that date in Drat! 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! I understand. In the US, I'm a third of the world away from you, but I'm up anyway. Obey the call of Morpheus. thanks for your patience...... You are very welcome. I was hoping you could find time to follow Shenan Stanley's suggestions. Honestly, after that, the best move may be a "Flatten & Rebuild" but we can still check a few more things before then. -- 1PW -- 1PW |
#25
|
|||
|
|||
malicious software removal tool
lopar wrote:
i have had another thought, which i hope is not a source of great irritation to you because i have only just thought if it. the corruption only occurs on my profile - there are 4 profiles on the system, 3 of which have admin rights inc mine (though no one else in the house does any system stuff or downloads). this realisation made me think about what the differences are between the profiles and the only difference is that mine has a non standard MS product on it - a screensaver hXXp://www . download3000 . c om/download_45524.html This too, AND that site, is very bad news indeed! it is available to all users but only activated on mine. plus i installed it in May and have been encountering this problem for about 4 or 5 months (so about right). is it possible then that there is some weird interaction going on between the s/saver and the defender /mrt updates (which are the only ones seeming to cause the problem)? if so is it possible to keep the s/saver (which is really rather nice) and also fix the problem do you think ? i have also now run malwarebytes and it found a few things inc a trojan. didn't look significant, but i wouldn't know.... This /is/ serious of course! The fact that you were asked to run MBAM four days ago doesn't help. Now. With the greatest precision, open the MBAM log and cut/paste the relevant infection information only, into a reply to this thread. Download, install, launch, and *UPDATE*, SAS. Then reboot into "Safe Mode" and only then, scan your system with SAS. Then reboot back to normal mode. Repeat the MBAM scan with the latest updates again. on Stanley's suggestions, very comprehensive and welcome, however a last resort for me, partly because it looks like they would take 2 or 3 days to work thru and partly because they seem to involve uninstalling a lot of products and updates, and for a relatively inexperienced user like me (i am guessing you have a sense of where i am experience wise by now) this makes me nervous. The devil is in the details! -- 1PW |
#26
|
|||
|
|||
malicious software removal tool
i'm sorry i don't know how to access the cbs.log?
"1PW" wrote: lopar wrote: was there anything on my last post - where i talk about the screensaver ? i typed it once, lost it then typed it again, but its looking blank from this end ? That's strange. i have also just run sfc, it didn't give me any info, so i assume all ok. Check the "cbs.log" carefully. "1PW" wrote: lopar wrote: Latest thoughts/activity: since there is no mrt file it can't be running automatically, therefore the problem is related to a download. ? link to za ? have manually downloaded the defender updates now from this link https://www.microsoft.com/security/p...?wa=wsignin1.0 and no effect, therefore its something to do with automatic downloads. (incidentally, i have to use this link to get updates to defender since the update tool in defender doesn't work - it tells me there are no updates available even when there is an icon in the sys tray telling me there are updates. this might therefore be relevant). This can be resolved later with a post to: microsoft.private.security.spyware.general (Windows Defender Specific Newsgroup) therefore i won't download next automatic update and see if problem recurs on 15/10. if it does there is something running on the machine. if it doesn't then theory confirmed, get the specific KB download manually, recheck for problem, if it occurs do system restore to before the download then get that specific KB update again but with disabled za (disable rather than uninstall) and see if that works. are you good with this logic ? My gut feeling says the trouble is elsewhere but where I don't know yet. You won't harm your system from what I read and you'll learn something. answers to your questions 1. have now run chkdsk and no probs Excellent. 2. have checked scheduled tasks and nothing with that date in Drat! 3. will get sfc tomorrow (don't know where you are writing from but its 4.30 am in uk and i'm tired ! I understand. In the US, I'm a third of the world away from you, but I'm up anyway. Obey the call of Morpheus. thanks for your patience...... You are very welcome. I was hoping you could find time to follow Shenan Stanley's suggestions. Honestly, after that, the best move may be a "Flatten & Rebuild" but we can still check a few more things before then. -- 1PW -- 1PW |
#27
|
|||
|
|||
malicious software removal tool
here we are
Malwarebytes' Anti-Malware 1.41 Database version: 2818 Windows 5.1.2600 Service Pack 3 18/09/2009 09:17:13 mbam-log-2009-09-18 (09-17-13).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 263880 Time elapsed: 2 hour(s), 30 minute(s), 43 second(s) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) - Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) - Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\Seekapp (Adware.SeekApp) - Quarantined and deleted successfully. C:\Program Files\Seekapp (Adware.SeekApp) - Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\cnkgtz_nav.dat (Adware.NaviPromo) - Quarantined and deleted successfully. C:\WINDOWS\hosts (Trojan.Agent) - Quarantined and deleted successfully. i already have superantispyware and run it regulalry, however will rerun in safe mode and let you know. "1PW" wrote: lopar wrote: i have had another thought, which i hope is not a source of great irritation to you because i have only just thought if it. the corruption only occurs on my profile - there are 4 profiles on the system, 3 of which have admin rights inc mine (though no one else in the house does any system stuff or downloads). this realisation made me think about what the differences are between the profiles and the only difference is that mine has a non standard MS product on it - a screensaver hXXp://www . download3000 . c om/download_45524.html This too, AND that site, is very bad news indeed! it is available to all users but only activated on mine. plus i installed it in May and have been encountering this problem for about 4 or 5 months (so about right). is it possible then that there is some weird interaction going on between the s/saver and the defender /mrt updates (which are the only ones seeming to cause the problem)? if so is it possible to keep the s/saver (which is really rather nice) and also fix the problem do you think ? i have also now run malwarebytes and it found a few things inc a trojan. didn't look significant, but i wouldn't know.... This /is/ serious of course! The fact that you were asked to run MBAM four days ago doesn't help. Now. With the greatest precision, open the MBAM log and cut/paste the relevant infection information only, into a reply to this thread. Download, install, launch, and *UPDATE*, SAS. Then reboot into "Safe Mode" and only then, scan your system with SAS. Then reboot back to normal mode. Repeat the MBAM scan with the latest updates again. on Stanley's suggestions, very comprehensive and welcome, however a last resort for me, partly because it looks like they would take 2 or 3 days to work thru and partly because they seem to involve uninstalling a lot of products and updates, and for a relatively inexperienced user like me (i am guessing you have a sense of where i am experience wise by now) this makes me nervous. The devil is in the details! -- 1PW |
#28
|
|||
|
|||
malicious software removal tool
lopar wrote:
i'm sorry i don't know how to access the cbs.log? Do a search for it. When found, it can be read with Notepad. -- 1PW |
#29
|
|||
|
|||
malicious software removal tool
ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing
at all found. ran search in explorer for cbs.log but nothing found with that name. search included system files hidden folders and sub folders ?? did you see the mwb log i posted ? "1PW" wrote: lopar wrote: i'm sorry i don't know how to access the cbs.log? Do a search for it. When found, it can be read with Notepad. -- 1PW |
#30
|
|||
|
|||
malicious software removal tool
lopar wrote:
ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing at all found. ran search in explorer for cbs.log but nothing found with that name. search included system files hidden folders and sub folders ?? did you see the mwb log i posted ? I believe a reboot deletes the cbs.log file unless it's renamed before the deletion occurs. MBAM Yes - I saw two Trojans and you also related the download3000 thing. I was hoping for a better outcome. However, the other things you have mentioned along the way leads me to believe that more serious damage has taken place. If the malware removals by MBAM and Shenan Stanley's cleanup procedure do not eliminate your repeating trouble, I believe a "Flatten and Rebuild" procedure is the next reasonable step. I do hope you have your system's original install/recovery CDs. "1PW" wrote: lopar wrote: i'm sorry i don't know how to access the cbs.log? Do a search for it. When found, it can be read with Notepad. -- 1PW -- 1PW |
Thread Tools | |
Display Modes | |
|
|