Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Ultradefragger and trojan.Gen.2 removal [Closed]


  • This topic is locked This topic is locked

#121
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I've never had that script thing pop up whilst using non infected computer....thought while i was connected to do another aswMBR scan with latest definitions - possibly no different to the last but I attached logs anyway!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 19:34:42
-----------------------------
19:34:42.562 OS Version: Windows 5.1.2600 Service Pack 3
19:34:42.562 Number of processors: 2 586 0x209
19:34:42.562 ComputerName: ROANNA-36A94C04 UserName: Roanna
19:34:43.390 Initialize success
19:36:00.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:36:00.703 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
19:36:00.734 Disk 0 MBR read successfully
19:36:00.734 Disk 0 MBR scan
19:36:00.734 Disk 0 Windows XP default MBR code
19:36:00.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
19:36:00.734 Disk 0 scanning sectors +156280320
19:36:00.828 Disk 0 scanning C:\WINDOWS\system32\drivers
19:36:17.031 Service scanning
19:36:44.343 Modules scanning
19:37:04.156 Disk 0 trace - called modules:
19:37:04.171 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:37:04.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823839c0]
19:37:04.171 3 CLASSPNP.SYS[f8582fd7] -> nt!IofCallDriver -> \Device\00000066[0x8235cf18]
19:37:04.171 5 ACPI.sys[f84f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8235e300]
19:37:04.187 Scan finished successfully
19:38:04.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roanna\Desktop\MBR.dat"
19:38:04.890 The log file has been saved successfully to "C:\Documents and Settings\Roanna\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 07:45:28
-----------------------------
07:45:28.515 OS Version: Windows 5.1.2600 Service Pack 3
07:45:28.515 Number of processors: 2 586 0x209
07:45:28.515 ComputerName: ROANNA-36A94C04 UserName: Roanna
07:45:30.218 Initialize success
07:51:19.781 AVAST engine defs: 12060602
07:52:13.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:52:13.781 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
07:52:13.796 Disk 0 MBR read successfully
07:52:13.812 Disk 0 MBR scan
07:52:13.937 Disk 0 Windows XP default MBR code
07:52:13.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
07:52:13.984 Disk 0 scanning sectors +156280320
07:52:14.125 Disk 0 scanning C:\WINDOWS\system32\drivers
07:52:46.890 Service scanning
07:53:29.453 Modules scanning
07:53:49.937 Disk 0 trace - called modules:
07:53:49.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
07:53:49.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d4030]
07:53:49.968 3 CLASSPNP.SYS[f8582fd7] -> nt!IofCallDriver -> \Device\00000066[0x823d7a40]
07:53:49.984 5 ACPI.sys[f84f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823d7b58]
07:53:50.812 AVAST engine scan C:\WINDOWS
07:54:30.171 AVAST engine scan C:\WINDOWS\system32
08:08:28.765 AVAST engine scan C:\WINDOWS\system32\drivers
08:10:40.312 AVAST engine scan C:\Documents and Settings\Roanna
08:14:44.578 Disk 0 MBR has been saved successfully to "E:\MISS D\MBR.dat"
08:14:44.750 The log file has been saved successfully to "E:\MISS D\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   499bytes   22 downloads

  • 0

Advertisements


#122
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Can you provide me with screen shot of that payment pop-up?

For script issue you need to follow these below methods to troubleshoot this issue.

Method 1: Disable script debugging.

Method 2: Test a Web page from another user account, another browser, and another computer

Method 3: Verify that Active Scripting, ActiveX, and Java are not being blocked by Internet Explorer

Method 4: Remove all the temporary Internet-related files

To perform the above troubleshooting you need to follow this below provided Microsoft article.

How to troubleshoot script errors in Internet Explorer on Windows-based computers

http://support.micro....aspx/kb/308260
  • 0

#123
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
yep - that is the second one of the three that I posted - the one in the middle - it says something like "if you were making a purchase you should click cancel. Otherwise click retry"
  • 0

#124
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ok so just tried running eset on this non-infected computer - had similiar experience - no option to just "run add on", only option is to "install" and again there are two warning messages as I put in that first screen shot on the left!
  • 0

#125
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. And what happens if you click on those two pop ups Retry and on second one Cancel?
  • 0

#126
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I hadn't tried retry just in case it was not legit!! I just cancelled as you can appreciate I am now a little warey of anything that looks suspicious!
  • 0

#127
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
attempted again, pressesd retry on the first, took me to a blank screen!
  • 0

#128
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Then click Cancel and on second one also Cancel.
  • 0

#129
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
6th time lucky! went to the website for a few alternative instructions in how to get it to run - now its running according to the pic
  • 0

#130
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
when I turned symantec back on to auto protect, this is what it registered

Attached Thumbnails

  • trojan symantec.jpg

  • 0

Advertisements


#131
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Let me know the results when finished.
  • 0

#132
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
will do! it's at 30%
  • 0

#133
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ESET online scanner
THREATS FOUND AND CLEANED
scanned files 109598
infected files 4
CLEANED FILES 4
tOTAL SCAN TIME 2:32
SCAN STATUS finished
  • 0

#134
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
does the eset have logs? couldn't find them? what's the next step for these?
  • 0

#135
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Found where the log results were!

C:\Documents and Settings\Roanna\Local Settings\Temp\jar_cache6246749947616830150.tmp a variant of Java/Exploit.CVE-2012-0507.AN trojan deleted - quarantined
C:\Documents and Settings\Roanna\Local Settings\Temp\NERO14182\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Roanna\My Documents\windows ME stuff 2\windows ME computer\school related\Setup_FreeIpodConverter.exe Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\Roanna\My Documents\windows ME stuff 2\windows ME computer\school related\Setup_FreeVideoConverter.exe Win32/Toolbar.Widgi application deleted - quarantined
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP