|
| ||
| Re: 2 trojans reappear Hi, Did as was instructed, but after double clicking the batch file it gave me a black screen with...paraphrasing: Could not find c:\windows\system32\stu2.exe 'pauseDel' is not recognized as internal or external command, operable program or batch file..................... when I checked system 32, I did not see a "Stu" file, but there was a userinit file.....I think that is good? Here is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:06 PM, on 12/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- End of file - 1326 bytes Thanks,,,,,,george |
| ||
| Re: 2 trojans reappear Hi, George... I don't know how pauseDEL got into that last batch command... :) .. it should have had just pause as the second command. But no matter. And i did not see where stu2.exe got deleted in our procedure... Any further occurrences of the two trojans? |
| ||
| Re: 2 trojans reappear Hi, I ran Malwarebytes full scan this morning and No trojan.agent appeared. Should i run it in safe mode with files "not hidden"? or anything else... Thanks George |
| ||
| Re: 2 trojans reappear I would be satisfied, george, with where you are at now. The hidden files thing is just a presentation option for explorer... it does not actually set attributes on a file that are not already there. Other pgms can see them. Do a quick scan in safe mode if you wish, but any keys present would be found in normal mode; you would be hoping to spot a rootkit only that had not started up. |
| ||
| Re: 2 trojans reappear Hi, Did another scan last night and nothing appeared..thank you, again, very, very much. I really appreciate your time and effort!. Have a great day. George |
| ||
| Re: 2 trojans reappear You are welcome, George. Please go Start, Run, and type or paste in: combofix /u -this will remove combofix and its quarantine folder with malware contents. |
| All times are GMT -4. The time now is 4:30 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC