Home > Solved Hijackthis > Solved: HiJackThis Log. Please Help. Sony Rootkit

Solved: HiJackThis Log. Please Help. Sony Rootkit

Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Open OTLPE. scanning hidden autostart entries ... . check over here

I have attached the log here.[attachment=2991] Then I run the FRST again in OTLPE (and within OTL env) and here is the log. [attachment=2988] Then I run the FSS in OTLPE Now I am running the Avast full scan. This is really a nasty virus I have ever found. #14 Papirus, Dec 29, 2012 Fiery New Member Joined: Jan 11, 2011 Messages: 2,030 Likes Received: 34 Hi, In the Will try safe mode and re-try tonight/tomorrow. https://www.bleepingcomputer.com/forums/t/335143/hijackthis-log-please-help-diagnose/

Lolo 0 Page 1 of 3 1 2 3 Next Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics 2 user(s) are reading this topic 0 members, Winter Soldier replied Mar 3, 2017 at 6:47 AM Update Vivaldi Web Browser Updates kev216 replied Mar 3, 2017 at 6:43 AM SECURE SHvFl Configuration V2 JM Security replied Mar 3, hmmm....)Can't read disks. After that, boot your computer to safe mode and run the scan: 1.

Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close Okay, I installed AVG 7.5 and a-squared Security Center on my computer. Post the log afterwards. ============================= Please download a fresh copy of Combofix from here and run it. #19 Fiery, Dec 30, 2012 Papirus New Member Joined: Dec 25, 2012 Messages: Run McAfee Rootkit remover and it somehow stills shows it is infected: Windows build 5.1.2600 x86 Service Pack 3 Checking for updates ...

You must rename it before saving it. Sorry.Anyway, I'll keep plugging away. The same for the "HKLM\system\controlset004\services" entry and delete that "ovfsthsqvbtbquxcwcrceoewnqsccqxlnyirme" Restart the PC Now go to the folder  "C:\WINDOWS\SYSTEM32\DRIVERS\"  and see if the file "OVFSTHTCXESWAFGQNBMFPYDPPOVMOWIULFREUY.SYS" shows, maybe not. I'm still researching this topic but the fact that I'm left vulnerable (and keeps appearing in my Bellsouth Spyware Security) still bothers me.

alvarom1972 Regular Visitor3 Reg: 13-Apr-2009 Posts: 8 Solutions: 0 Kudos: 0 Kudos0 Re: antivirus dont scan Posted: 18-Apr-2009 | 4:14PM • Permalink Hi, Here the log after the malware scan: Malwarebytes' Okay, lets see if you can run it. So I figure that my thread will be deleted because I do not follow the forum rule. That is a good sign, Combofix has found some baddies. 0 #15 lps102 Posted 15 May 2009 - 03:29 PM lps102 Member Topic Starter Member 28 posts Hi Emeraldnzl, It is

The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. http://www.techmonkeys.co.uk/printthread.php?tid=18541 Malware Found --> ZeroAccess trojan detected!!! --> Registry key: HKEY_CLASSES_ROOT\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af
9c1}\InprocServer32 ( fixed ) --> Malicious file: C:\WINDOWS\system32\wbem\wbemess.dll ( will be deleted a fter restart ) --> Registry key: HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F
57F}\InprocServer32 I download  highjack this and here is the log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:58:24 AM, on 4/20/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: c:\documents and settings\All Users\Start Menu\Programs\Startup\ VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2002-4-25 40960] WiziWYG XP Startup.lnk - c:\program files\Praxisoft\WiziWYG XP\WiziWYGXP.exe [2008-12-28 6029369] .

Check out the forums and get free advice from the experts. http://visu3d.com/solved-hijackthis/solved-hijackthis-help.html Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system. 0 #7 lps102 Posted 15 May 2009 - 02:44 PM lps102 Member Topic Starter Member For Vista or Windows 7, right-click and select "Run as Administrator to start" Wait until Prescan has finished ... The Internet, as this book shows, raises questions not only about how to protect intellectual creations, but about what should be protected.

  1. Could you let me know if I do it incorrectly by doing the above steps?
  2. Click here to Register a free account now!
  3. In this scenario, always confirm the reboot action to be on the safe side.
#11 Fiery, Dec 27, 2012 Last edited by a moderator: Mar 13, 2014 Papirus New
  • it exists in My Computer.
  • Now a new window has open with the following masage: Combo-fix has detected the presence of rootkit activity and needs to reboot the machine Kindly note down on paper, the name
  • Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

    Jump ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection to 0.0.0.10 failed. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. this content After that steps I get to the main windows and all other options you mentioned are available on that window.

    Stay logged in Toggle Width Style MalwareTips 2.0 Home Contact Us Help Terms and Rules Privacy Policy Top About Us Our community has been around since 2010, and we pride ourselves When the tool opens click Yes to disclaimer. Reboot 10.

    I do understand that viruses are create first before the anti-virus but this one was serious enough to disable the anti-virus scan of Norton and crippled the whole security of my computer.  I will definitly

    Also the File Age drop down is defaulted to 30 days. 12. Attached Files Supplementary.txt 13.42KB 108 downloads Edited by cfink17, 01 March 2007 - 03:36 AM. Win32/Rootkit.Agent.ODG.trojan, unable to clean [Solved] Started by lps102 , May 13 2009 08:51 AM Page 1 of 3 1 2 3 Next This topic is locked #1 lps102 Posted 13 May Below are the OTL and Extra log files. [attachment=2983] [attachment=2984] I also have another problem now.

    Please re-enable javascript to access full functionality. Hmmmm.. mumford68 Super Bot Obliterator18 Reg: 01-Feb-2009 Posts: 525 Solutions: 5 Kudos: 59 Kudos0 Re: antivirus dont scan Posted: 21-Apr-2009 | 5:00PM • Permalink Hi Alvarom, I'm very glad to hear things http://visu3d.com/solved-hijackthis/solved-hijackthis-log-please-look-at-it.html Can you check your list of installed products and also windows updates and I will compare with mine and then maybe we can pin point a product or windows conflict.

    alvarom1972 Regular Visitor3 Reg: 13-Apr-2009 Posts: 8 Solutions: 0 Kudos: 0 Kudos0 antivirus dont scan Posted: 13-Apr-2009 | 9:14PM • 21 Replies • Permalink Hello, I had Norton 2.0 and i Reboot (it asked for a reboot) 4. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Please try the request again.

    Hopefully, we'll solve this problem.-------Edit:http://www3.ca.com/s...px?id=453096365This is interesting.