Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help/Check for hidden malware, please


  • This topic is locked This topic is locked

#16
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

C:\WINDOWS\YOURAPP.EXE

Click on the submit button. Please post the results in your next reply. Repeat for:

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

  • 0

Advertisements


#17
Tactical Monkey

Tactical Monkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Result was same for all three files:

'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'

This occured in normal settings as well as with both Avast On-Access Protection and Windows Firewall turned off.
  • 0

#18
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
May not be there anymore. Do this so you can see hidden files and folders - click here to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

Use Window Explorer to see if you can find them - let me know.
  • 0

#19
Tactical Monkey

Tactical Monkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It apears that all of them are present, they all show 0 KB.
  • 0

#20
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
That at least correlates with the combofix output. They are legitimate names, I just didn't expect to see them in the results.

There doesn't appear to be anything lurking on your system. I assume you are still having the same problem connecting to servers - are you using the same machine to post here?

Try uninstalling and reinstalling the Norton Firewall to see if you can get that back up again. Let me know.
  • 0

#21
Tactical Monkey

Tactical Monkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Excellent. Norton Firewall is back up and running. Updates worked and other programs seem to be working correctly.
Any idea where in all that the problem was solved, or what did it in the first place?

Many thanks.
  • 0

#22
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Probably in the first few steps when we removed CWS.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. * Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?

Do you require any further assistance or should I close the topic?
  • 0

#23
Tactical Monkey

Tactical Monkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Close away. Thanhs again for the help -
As an aside, I'd never cleaned my restore points before - so I gained almost a meg of space on that drive, which will be super helpful for my much needed defrag.

Cheers!
  • 0

#24
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :whistling:



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP