 |  |  |  |  |  |  |  |
Windows Vista and A Virus?
 |
•
•
Join Date: Feb 2004
Posts: 9,986
Reputation: 
Solved Threads: 754
0
#21 19 Days Ago
•
•
•
•
Originally Posted by khwhitaker 
my husband was watching it and said that it shut itself down a couple of minutes after it had finished and something about a dump file but it went too fast for him to read it. Would it be in the event log?
Did you manage to upload that file for a scan? I need you to do that before we go further.
Although I appreciate the assistance, I will ask you to follow my instructions here or we can end up in confusion.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#22 19 Days Ago
•
•
•
•
Originally Posted by crunchie
Your combofix log was incomplete. Please post the entire log.
==
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
C:\Windows\System32\vudigoyi.exe
•
•
Join Date: Feb 2004
Posts: 9,986
Reputation:
Solved Threads: 754
0
#23 19 Days Ago
That looks like a question that only you can answer 
. You need to take a look. It may be hidden, so you will need to uncheck that option in Folder Options.
Alternatively, you could copy/paste the full path into the line at Jotti's.
. You need to take a look. It may be hidden, so you will need to uncheck that option in Folder Options.Alternatively, you could copy/paste the full path into the line at Jotti's.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#24 19 Days Ago
•
•
•
•
Originally Posted by crunchie
Looks like the same log as before still with the end missing. The log can be found in C:\Qoobox.
Did you manage to upload that file for a scan? I need you to do that before we go further.
Although I appreciate the assistance, I will ask you to follow my instructions here or we can end up in confusion.
txt file in C:\Qoobox...
2009-11-06 00:35:56 . 2009-11-06 00:35:56 1,270 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}.reg.dat
2009-11-06 00:35:18 . 2009-11-06 00:35:18 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B}.reg.dat
2009-11-06 00:19:55 . 2009-11-06 00:19:55 900 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.SYS.reg.dat
2009-11-06 00:19:02 . 2009-11-06 00:19:02 6,535 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-06 00:05:18 . 2009-11-06 00:10:56 62 ----a-w- C:\Qoobox\Quarantine\catchme.log
•
•
Join Date: Feb 2004
Posts: 9,986
Reputation:
Solved Threads: 754
0
#25 19 Days Ago
If that is all that is there, it looks like it's gone.
Try the online scan for me for now then.
Try the online scan for me for now then.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#26 19 Days Ago
•
•
•
•
Originally Posted by crunchie
That looks like a question that only you can answer
Alternatively, you could copy/paste the full path into the line at Jotti's.
. Ran it through both scanners nothing found in either one. Running online scan now. •
•
Join Date: Feb 2004
Posts: 9,986
Reputation:
Solved Threads: 754
0
#27 19 Days Ago
I still do not like the look of it.
1. Please open Notepad
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
FileLook:: C:\Windows\System32\vudigoyi.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://i5.photobucket.com/albums/y15...1/CFScript.gif
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
- Combofix.txt
- A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Last edited by crunchie; 19 Days Ago at 10:36 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#28 19 Days Ago
Will complete the above. In the mean time here is the online scanner log...
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 03:53:02
# local_time=2009-11-04 10:53:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 93997415 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196917
# found=0
# cleaned=0
# scan_time=3294
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 01:01:57
# local_time=2009-11-05 08:01:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94030234 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196139
# found=0
# cleaned=0
# scan_time=3410
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-06 02:54:45
# local_time=2009-11-05 09:54:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94080213 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=194134
# found=0
# cleaned=0
# scan_time=3399
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 03:53:02
# local_time=2009-11-04 10:53:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 93997415 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196917
# found=0
# cleaned=0
# scan_time=3294
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 01:01:57
# local_time=2009-11-05 08:01:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94030234 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196139
# found=0
# cleaned=0
# scan_time=3410
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-06 02:54:45
# local_time=2009-11-05 09:54:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94080213 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=194134
# found=0
# cleaned=0
# scan_time=3399
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#29 19 Days Ago
On doing the run I recieve an error message stating...
"This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel."
"This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel."
•
•
Join Date: Feb 2004
Posts: 9,986
Reputation:
Solved Threads: 754
0
#30 19 Days Ago
Thats a bit strange considering it has already run. Try the remedy given at http://keznews.com/4558_Restore_and_..._Windows_Vista for restoring file associations and try combofix again
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Windows Vista Infected Big Time!! (Viruses, Spyware and other Nasties)
- Windows Vista, AVG I-Worm/Nuwar.U (Viruses, Spyware and other Nasties)
- News Story: How to turn your iPhone into a Windows Vista clone (Windows Vista and Windows 7)
- Need help downloading antivirus with Windows Vista (Windows Vista and Windows 7)
- Windows Vista virus..help?? (Windows Vista and Windows 7)
- News Story: Windows Vista (Windows Vista and Windows 7)
- News Story: Windows Vista launch date set; Microsoft prepares (Windows Vista and Windows 7)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: virus wont let me connect to the internet or open spyware/virus protection.
- Next Thread: After Antivirus System Pro no web access
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
