Jump to content

juice370

Members
  • Content Count

    11
  • Joined

  • Last visited

About juice370

  • Rank
    Member
  1. Thanks for all your help Seth. All looks to be sorted now. I'm grabbing the Pro License on Monday when back in the office, using the trial it looks really good. Thanks Ian
  2. Apologies for the delay, been catching up on order processing post changing lots and lots of passwords. Sorted Seth. Tried the VT and it didn't really tell me much, but deleted the file 9747.exe anyways. Did you recommend I do something with the Windows Restore feature? Also how long is the trial period on SAS Pro and also how many updates do you get with the pro paid license? Thanks Ian
  3. Everything seems OK Seth apart from 2 items that won't delete in normal mode, found in User < AppData > Roaming > 9747.exe and dat.dat in same folder. Also do you know what these are below, found in the same folder, could these be worth deleting? windef.exe local.exe Thanks Ian
  4. Hi Seth, All Trojans, etc gone. All that remains are the Chrome / Firefox cookies. I use Lastpass to automate all password entries. Do you know if I delete the Cookies above, will Lastpass lose all my usernames and passwords? Thanks for your help so far. Cheers Ian
  5. Hi Seth / Anyone else interested in this thread... SecurityShield exe was located in User > AppData > Local folder. To delete I had to boot in Safe Mode, go to the folder and delete it. This immediately deleted 17 other malware/virus' call them what you will. One that is persistent and keeps returning having been removed in SAS and MB is in User > AppData > Roaming > 9747.exe I'm now scanning SAS again for any remaining items. I'll keep you posted.
  6. Literally within the last 15 minutes I've had a pop up keep hassling me called "Security Shield" it has placed a logo in my system tray after initially just started to scan my C drive, 2 shades of blue. Is this itself a virus, do you know it? I'll get on with the removal now ASAP. Thanks for your continued advice.
  7. Here you go Seth, any advice would be great. I had to cut out all of the Cookies as the post was too long. If you need those let me know. A few Q's RE the below data. BTW I'm currently using the free edition, happy to upgrade if its worth it, not sure of the difference at this point. - I've now got the report box in front of me with all of the checkboxes. How do i go through and delete each independently? - Do i leave the checks in the boxes I want to delete or the one i want to keep? - Should I delete all cookies in the report. I use LastPass to automate all passwords, if I delete all cookies will Lastpass lose all my passwords? - These (directly below) are the main concern i'd say and are the ones running on start-up, found in the Data > Roaming folder: Trojan.Agent/Gen-Falleg[T-Cont] C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\35320.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\35320.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\54401.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\54401.EXE C:\Windows\Prefetch\35320.EXE-CFF7E38D.pf Here is the full Scanner log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 01/24/2011 at 05:06 PM Application Version : 4.48.1000 Core Rules Database Version : 6260 Trace Rules Database Version: 4072 Scan type : Quick Scan Total Scan Time : 01:20:03 Memory items scanned : 1067 Memory threats detected : 2 Registry items scanned : 3266 Registry threats detected : 0 File items scanned : 41671 File threats detected : 731 Trojan.Agent/Gen-Falleg[T-Cont] C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\35320.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\35320.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\54401.EXE C:\USERS\IAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\54401.EXE C:\Windows\Prefetch\35320.EXE-CFF7E38D.pf cdn4.specificclick.net [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] cdn5.specificclick.net [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] cloud.video.unrulymedia.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] ec.atdmt.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] gw.callingbanners.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] ia.media-imdb.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] imelite.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.azfamily.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.buto.tv [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.heavy.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.kyte.tv [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.monster.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.mtvnservices.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] media.scanscout.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] s0.2mdn.net [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] secure-uk.imrworldwide.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] secure-us.imrworldwide.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] sftrack.searchforce.net [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] spe.atdmt.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] track.webgains.com [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] tracking.onefeed.co.uk [ C:\Users\Ian\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BBRKK5E ] C:\Windows\Temp\Cookies\ian@statse.webtrendslive[2].txt Trojan.Unclassified/CmdUtil C:\USERS\IAN\APPDATA\LOCAL\AD\ADSYSTEM.DLL Trojan.Agent/Gen-FakeAlert[Cush] C:\USERS\IAN\APPDATA\ROAMING\WINDEFENDER.EXE
  8. Question for you Seth. Should I run SAS in Safe Mode or Normal? I'm already 30 mins in Normal mode but happy to start again in Safe if required. Thanks Ian
  9. I meant the sign up process, must just be the same software seth. OK i'll generate the report when it finishes and start to sort this out ASAP. Cheers Ian
  10. Hi Seth, Thanks for the fast response. I've got more info. Naively I'm new to all this, I run McAfee AntiVirus bundled with my laptop (no other security) and today reading the forums have DL'd MBAM and SAS. Am I correct in saying that MBAM and SAS are the same company as your forums are identical? Anyways here's the full story as posted on the MBAM forum earlier. I'll run the SAS scan now and report back. Hi, Any help appreciated on the following. It looks like I had my PC hacked last night, not sure how but walked back into my office and Paypal had opened up on my PC and my account had sent someone money to themselves calling themselves ronocftw@live.com. I had the Paypal Order Success page open as if i'd just sent money. Done some searching its apparently a guy called Conor W Terry using that email addy. I've Informed P.Pal and my bank so that is covered. They intially tried to take £104 but I only had £50 in this account and then they took £35 and this is currently going through... I can only cancel it and claim it back once its completed apparently. So... It seems I have various trojans and rogue.agents on my PC picked up by MBAM. So taking advice I've installed both MBAM and SAS. Running SAS as you read this. Q: In addition to the below I now have 2 small white squares top left of my desktop, appeared yesterday any ideas what these are and how to get rid? But here are my concerns/report from MBAM if you can help until the SAS report is run: c:\Users\Ian\AppData\Roaming\windefender.exe (Spyware.Spyeyes) -> No action taken. c:\Users\Ian\AppData\Local\Temp\vxgjnpjdzjfivlg9.exe (Spyware.Spyeyes) -> No action taken. c:\Users\Ian\local settings\temporary internet files\Content.IE5\BGPJKHPB\nb1[2].exe (Spyware.Spyeyes) -> No action taken. c:\Users\Ian\AppData\Roaming\local.exe (Trojan.Agent) -> No action taken. c:\Users\Ian\AppData\Roaming\microsoft\System\Services\csrss.exe (Trojan.Agent) -> No action taken. c:\Users\Ian\AppData\Roaming\data.dat (Stolen.Data) -> No action taken. c:\Users\Ian\AppData\Roaming\35320.exe (Rogue.Agent.Gen) -> No action taken. c:\Users\Ian\AppData\Roaming\54401.exe (Rogue.Agent.Gen) -> No action taken. c:\Users\Ian\AppData\Roaming\Program.exe (Trojan.Agent.Gen) -> No action taken. Thanks for your input Ian
  11. Hi, Any help greatly appreciated. - Is Troject.Agent.CK a problem and needs to be removed. What exactly is it and what does it do? Thanks Ian
×
×
  • Create New...