10.09.2009, 03:35 PM | #1 |
100%
Join Date: Mar 2008
Posts: 591
|
... i think i'm pretty much fucked...
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 03:39 PM | #2 |
100%
Join Date: Mar 2008
Posts: 591
|
... computer AIDS... went straight for the immune system... anyone want to have unprotected cybersex?
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 04:03 PM | #3 |
100%
Join Date: Mar 2008
Posts: 591
|
...help, anybody?
i have hijack this, but i don't know how to use it...
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 04:06 PM | #4 | |
invito al cielo
Join Date: Mar 2006
Posts: 12,664
|
Details usually help.
__________________
Message boards are the last vestige of the spent masturbator, still intent on wasting time in some neg-heroic fashion. Be damned all who sail here. Quote:
|
|
|QUOTE AND REPLY| |
10.09.2009, 04:17 PM | #5 |
100%
Join Date: Mar 2008
Posts: 591
|
during reboot, it either replaces the file mbam.exe (malwarebytes anti-malware) with a spurious file, or removes it altogether...
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 04:21 PM | #6 |
100%
Join Date: Mar 2008
Posts: 591
|
reinstalling malwarebytes will reach close to the end of the process and then spit out the following error:
Unable to execute file: C:\Program Files\Malwabytes' Anti-Malware\mbam.exe CreateProcess failed; code 2. The system cannot find the file specified.
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 04:21 PM | #7 |
invito al cielo
Join Date: Mar 2006
Location: mars attacks
Posts: 42,574
|
i thot you were a macaholic and macs didn't have viruses?
i feel deceived... |
|QUOTE AND REPLY| |
10.09.2009, 04:22 PM | #8 |
100%
Join Date: Mar 2008
Posts: 591
|
if you can decode the details:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:10 PM, on 10/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\program_util\mozilla firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\hasplms.exe C:\program_util\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\program_util\McAfee\VirusScan Enterprise\EngineServer.exe C:\program_util\McAfee\Common Framework\FrameworkService.exe C:\program_util\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\program_util\McAfee\VirusScan Enterprise\Mcshield.exe C:\program_util\McAfee\VirusScan Enterprise\ShStat.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\69194130\69194130.ex e C:\WINDOWS\system32\ctfmon.exe C:\program_util\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [luzanonol] Rundll32.exe "c:\windows\system32\revesele.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O20 - AppInit_DLLs: c:\windows\system32\revesele.dll,fiyamepe.dll O21 - SSODL: miyelugaw - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll O22 - SharedTaskScheduler: gahurihor - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\program_util\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\program_util\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\program_util\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: NBService - Nero AG - C:\program_util\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 04:46 PM | #9 | |
invito al cielo
Join Date: Mar 2006
Posts: 12,664
|
Ah, malwarebytes is a bit of software. Without doing the usual googling (Googling problems is your friend) I would suggest that it's probably worth trying a different anti-virus to interrogate the problem. AVG or one of the other free ones. I don't really know. Google it.
__________________
Message boards are the last vestige of the spent masturbator, still intent on wasting time in some neg-heroic fashion. Be damned all who sail here. Quote:
|
|
|QUOTE AND REPLY| |
10.09.2009, 04:53 PM | #10 |
100%
Join Date: Sep 2009
Location: the space between dreams and reality
Posts: 666
|
throw your computer out of a window.
__________________
|
|QUOTE AND REPLY| |
10.09.2009, 05:55 PM | #11 |
invito al cielo
Join Date: Feb 2007
Posts: 21,165
|
mcafee could be doing it.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\69194130\69194130.ex e would be something I'd look at too. do you know what it is? I don't trust numbered .exe files or .exe's that load from documents and settings. ps: macs don't have folders called "documents and settings". |
|QUOTE AND REPLY| |
10.09.2009, 05:58 PM | #12 |
invito al cielo
Join Date: Feb 2007
Posts: 21,165
|
ps: try booting up in safe-mode first.
|
|QUOTE AND REPLY| |
10.09.2009, 06:02 PM | #13 |
expwy. to yr skull
Join Date: Dec 2006
Posts: 1,554
|
just believe floatz
__________________
"Most consumers have no concept..." |
|QUOTE AND REPLY| |
10.09.2009, 08:03 PM | #14 | |
100%
Join Date: Mar 2008
Posts: 591
|
Quote:
yes... i have tried removing that several times with Hijack This... but a number of things keep reappearing after i "fix" them. most ominously: O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent which i figure is responsible for killing my anti-virus software... god, i hate computers.
__________________
|
|
|QUOTE AND REPLY| |
10.09.2009, 08:31 PM | #15 |
invito al cielo
Join Date: Feb 2007
Posts: 21,165
|
first, try to uninstall malwarebytes.
install spybot s&d and adaware (free). start them and update them (but don't scan). unplug yr modem after you've updated them both. boot up in safe mode (for xp-based it can usually be done by hitting the F8 key right after bios loads). select the setting with limited drivers. go to C:\Program Files\ and delete the entire folder \Malwarebytes' Anti-Malware folder (if it still exists). go to C:\documents and settings1\allusers\applications.. and delete \69194130 NOTE: look inside the folder and make sure it's not something you really want to keep. I doubt it, but check just in case. empty to the recycle bin. now, run spybot s&d and adaware. if yr machine is up to it, you can try running both at once, but that can bog you down if the pc can't handle it. http://www.safer-networking.org/index2.html <- spybot s&d http://www.lavasoft.com/ <- adaware take 2 pills and call me in the morning. |
|QUOTE AND REPLY| |
10.10.2009, 08:10 AM | #16 |
invito al cielo
Join Date: Mar 2006
Location: France
Posts: 7,997
|
This is highly dubious too :
O20 - AppInit_DLLs: c:\windows\system32\revesele.dll,fiyamepe.dll O21 - SSODL: miyelugaw - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll O22 - SharedTaskScheduler: gahurihor - {f7a7021d-ee1d-49e8-a3d0-0e2c7f8bdd2b} - c:\windows\system32\revesele.dll Do a scan of your hard drives with Stinger and then Housecall, and give us the scan results.
__________________
"Si seulement nous avions le courage des oiseaux qui chantent dans le vent glacé" |
|QUOTE AND REPLY| |
10.10.2009, 08:20 AM | #17 | ||
invito al cielo
Join Date: Apr 2007
Location: the future where it's hot and dark
Posts: 5,926
|
Quote:
Quote:
Hey there not to sound like a smart ass, but GUI does usually stand for graphic user interface, possibly whatever sits in the system tray. Are you sure that mbam.exe and mbamgui.exe are not fine and both part of the same program? What exactly did you find wrong before you started trying to "fix" things, as you put it?
__________________
tiny and lost. |
||
|QUOTE AND REPLY| |
10.10.2009, 08:23 AM | #18 |
invito al cielo
Join Date: Jan 2007
Posts: 8,095
|
I had the same problem actually and atsonicpark just told me to rename the .exe file.
|
|QUOTE AND REPLY| |
10.10.2009, 09:22 AM | #19 |
invito al cielo
Join Date: Apr 2006
Location: No. 10
Posts: 3,289
|
I just found I had a similar problem and now I can't connect to the internet.
|
|QUOTE AND REPLY| |
10.10.2009, 10:36 AM | #20 | |
100%
Join Date: Mar 2008
Posts: 591
|
Quote:
....you are right... it does not sound like a malicious file. what went wrong was that i got hit with a browser hijacker and a flood of pop-ups. so i tried to remove them with the program that i use to remove browser hijackers (malwarebytes anti-malware) only to find that it would not run and in fact had been removed from my computer. floating and torn, thanks for the help... i will follow the instructions when i have a little more time.
__________________
|
|
|QUOTE AND REPLY| |