Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lost Control Panel and Admin access. Link now on desktop [RESOLVED]


  • This topic is locked This topic is locked

#16
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That was probably because of the virus, and now that we have got rid of (hopefully) it, this will clean any leftovers up and give us a report that identifies any stragglers.

Yes, shut down the programs, you should see their icons in the system tray (bottom right hand corner of your desktop next to the clock), right click on them and choose Exit, or Quit etc.

Then disconnect your computer from the internet and run Combofix. When it has completed, if it did not reboot your machine, reboot manually and reconnect to the internet. Post me the log that will be found at C:\Combofix.txt in your next reply.
  • 0

Advertisements


#17
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello again!

I have attached the logs for the three scans. When I attached the fix and ran fix in otscan, it made me reboot right away so I did and then opened it again and ran it. That is the log I have attached.

Combofix seemed to have run fine and it did get rid of the message on my desktop. I have also attached a hijack this log.

Thank you again so much!

Attached File  hijackthis.log_3_25.txt   9.31KB   63 downloads

Attached File  OTScanIt.Txt_3_25.txt   79.75KB   70 downloads

Attached File  combofixlog3_25.txt   10.59KB   73 downloads
  • 0

#18
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
There are a couple of files I would like to check:

Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINNT\java\PARTYPokerDir\PARTYPokerDA.dll
  • Click on the submit button
  • When the scan is complete, highlight all the results and copy them into Notepad
  • Save the Notepad file to your desktop as Poker.txt
  • Please post the contents in your next reply.

Now do the same with this file:C:\WINNT\system32\diperto3b97-6fe8.sys

[*]Click on the submit button
[*]When the scan is complete, highlight all the results and copy them into Notepad
[*]Save the Notepad file to your desktop as diperto.txt
[*]Please post the contents in your next reply.
[/list]
Regards,
RatHat
  • 0

#19
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hello,

Here are the results of the scan for partypoker,

Service load: 0% 100%

File: PARTYPokerDA.dll
Status: OK
MD5: d2c57a6ed4627dbb0783565f7b7bef90
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 25 Mar 2008 14:57:11 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



When I tried to scan the second one, it said that the file is 0 bytes and cannot be uploaded due to probably being protected by a firewall or malware.

thanks again,
  • 0

#20
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Good stuff!

One last scan and I think we'll be done :)

TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


If you have problems running the Java Scan, try the Active X scan:


TrendMicro™ HouseCall ActiveX Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
  • You may receive a prompt to install the ActiveX, click install.
  • If you are taken back to the main page, click Launching HouseCall>> button again.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

Let me know if how it goes, and how your computer is behaving now.

Regards,
Rathat
  • 0

#21
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran the scan,

It found cookies, and then there about 80 or so files named ms07-01 etc, and it says there was an error trying to find information and currently no more information etc.

I clicked of clean now and it says there are unselected files and do you really want to take no action?

What should I do next?
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Click OK, to come out of the Trend Micro scan, then lets do a different scan to make sure there were no errors with Trend Micro:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient


This may be a pain, but I would like to make 100% sure you are clean, OK.

Regards,
RatHat
  • 0

#23
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I went to the link and when I tried to download to do the scan, it was trying to download and a message would read in the box Status: Network error : Resuming connection. It would do this 3 times as it tried to do it and then would pop up a message: unable to download neccessary online scanner components - please try again.

Thanks for continuing to try to fix this!
  • 0

#24
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you run OTScanIt and post a new log for me, then I will clear out the files that Trend and F-Secure install, and we can give it another go. If not I will give you an downloadable scan.

Other than this, how is the computer behaving?

Regards,
RatHat
  • 0

#25
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have attached the scan.

My computer seems just fine. The link is off the desktop and I have access to my control panel. I have not noticed any issues with it.

Thanks,

Attached File  OTScanIt.Txt_3_25__2.txt   86.2KB   56 downloads
  • 0

Advertisements


#26
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Start OTScanIt.exe Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class]
YN -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3]
[Files/Folders - Modified Within 30 days]
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> 5 C:\Documents and Settings\administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\administrator\Local Settings\Temp\*.tmp
[Extra Files]
C:\WINNT\system32\diperto3b97-6fe8.sys
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Save the Notepad file to your Desktop and post the log in your next reply.

Now, could you try the F-Secure scan again and let me know if it runs this time.

Regards,
RatHat
  • 0

#27
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
sorry, same error message.

Is it possibly due to administrator privilages? I am on a networked computer. I do log in under administrator but is this possibly why?
  • 0

#28
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
sorry, I have attached the otscan after the fix.

Attached File  OTScanIt.Txt_3_25__3.txt   88.86KB   55 downloads
  • 0

#29
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, I think the best thing to do here seeing as this could be a network issue, is to run DrWeb again, as outlined in post 6.

Post me the results, and a fresh DSS log.

Regards,
RatHat
  • 0

#30
GoodDoctor

GoodDoctor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran the DrWeb scan, it did not find anything under both scans. I wasn't sure again but I did not have the option for clicking on "select drives." Was I to do an express scan the second time or is it supposed to be a complete or custom scan? There was no report list created from the scan.


I have attached the dss scan.

Thank you for your continuing efforts!

Attached File  dss_scan_3_25.txt   17.41KB   50 downloads
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP