9 ответов в этой теме

[stingo]

Hi - I downloaded the launch.exe file but can't get it to run on either of my pc's. One's infected, one's not. Comes up with a 16 Bit DOS Subsystem error. "A temporary file needed for initialization could not be created or could not be written to. Make sure that the directory path exists, and disk space is available. Choose 'Close' to terminate the application".

So, then I tried the Live CD approach - downloaded the iso file and burned it to a CD-R. Boots up from the CD just fine but when I get to the scanner, it looks like it only shows the directories from the CD, not the local hard drives (C:, D:, etc). Any help would be appreciated. Thanks.

[userr]

Hi - I downloaded the launch.exe file but can't get it to run on either of my pc's. One's infected, one's not. Comes up with a 16 Bit DOS Subsystem error. "A temporary file needed for initialization could not be created or could not be written to. Make sure that the directory path exists, and disk space is available. Choose 'Close' to terminate the application".

Hi!
What Windows version do you have?
Pls try to download cureit from here ftp://ftp.drweb.com/pub/drweb/cureit/2009...2754/cureit.exe . The size must be 12868560 bytes.
After downloading pls create the folder c:\test, copy cureit.exe there and rename it to xyz.pif
-download the attached file cureit-scan.zip and unzip cureit-scan.bat from it.
-run cureit-scan.bat. Cureit should start. When it finishes, close the scanner window and the Cureit starts again - three times.
-after all that you will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

If Cureit won't start in Normal Mode, try to start cureit-scan.bat in safe mode.
 cureit_scan.zip   860байт   141 Скачано раз

[stingo]

Hi - I downloaded the launch.exe file but can't get it to run on either of my pc's. One's infected, one's not. Comes up with a 16 Bit DOS Subsystem error. "A temporary file needed for initialization could not be created or could not be written to. Make sure that the directory path exists, and disk space is available. Choose 'Close' to terminate the application".

Hi!
What Windows version do you have?
Pls try to download cureit from here ftp://ftp.drweb.com/pub/drweb/cureit/2009...2754/cureit.exe . The size must be 12868560 bytes.
After downloading pls create the folder c:\test, copy cureit.exe there and rename it to xyz.pif
-download the attached file cureit-scan.zip and unzip cureit-scan.bat from it.
-run cureit-scan.bat. Cureit should start. When it finishes, close the scanner window and the Cureit starts again - three times.
-after all that you will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

If Cureit won't start in Normal Mode, try to start cureit-scan.bat in safe mode.
 cureit_scan.zip   860байт   141 Скачано раз

I tried doing just that but I got blue screened. It did move AOL's inst.exe into quarantine as a suspicious object though. So I booted up into safe mode and did a full scan. This was what was found...

in_tunes.dll;C:\Program Files\Winamp\Plugins;Trojan.PWS.Snap.origin;Incurable.Moved.;
in_tunes.dll;C:\Program Files\Winamp\Plugins\Plugins;Trojan.PWS.Snap.origin;Incurable.Moved.;
A0160472.dll;C:\System Volume Information\_restore{88063ABB-127B-44E2-9EF6-83D5D5355FC2}\RP647;Trojan.PWS.Snap.origin;Incurable.Moved.;
A0160473.dll;C:\System Volume Information\_restore{88063ABB-127B-44E2-9EF6-83D5D5355FC2}\RP647;Trojan.PWS.Snap.origin;Incurable.Moved.;

[userr]

Hi!

I tried doing just that but I got blue screened.

It's sad. Probably you have either some software conflict or powerful rootkit in your system.
What Windows version do you have?
Try to start cureit-scan.bat in safe mode.
You will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

[stingo]

Hi!

I tried doing just that but I got blue screened.

It's sad. Probably you have either some software conflict or powerful rootkit in your system.
What Windows version do you have?
Try to start cureit-scan.bat in safe mode.
You will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

The one that blue screened is Windows XP Media Center SP3. I'll try the scan in safe mode and see what I come up with.

[stingo]

Hi!

I tried doing just that but I got blue screened.

It's sad. Probably you have either some software conflict or powerful rootkit in your system.
What Windows version do you have?
Try to start cureit-scan.bat in safe mode.
You will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

The one that blue screened is Windows XP Media Center SP3. I'll try the scan in safe mode and see what I come up with.

It ran and finished in safe mode. I moved the only result (inst.exe) to quarantine.

Прикрепленные файлы:

•  cureit_results.cab   93,73К   148 Скачано раз

[stingo]

Hi!

I tried doing just that but I got blue screened.

It's sad. Probably you have either some software conflict or powerful rootkit in your system.
What Windows version do you have?
Try to start cureit-scan.bat in safe mode.
You will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

The one that blue screened is Windows XP Media Center SP3. I'll try the scan in safe mode and see what I come up with.

It ran and finished in safe mode. I moved the only result (inst.exe) to quarantine.

And as a side note, I tried rerunning the scan in normal mode and got blue screened again, but I got the file name that killed it - khips.sys, which I understand is related to the Kerio/Sunbelt Firewall I'm using on this PC. I had the firewall disabled at the time I ran the scan though, so I'm wondering if I have to remove it completely for the scan to work.

[stingo]

Hi!

I tried doing just that but I got blue screened.

It's sad. Probably you have either some software conflict or powerful rootkit in your system.
What Windows version do you have?
Try to start cureit-scan.bat in safe mode.
You will see the folder c:\test opened in Explorer. find the file cureit-results.cab there. The file contains Cureit logs, pls attach it here.

The one that blue screened is Windows XP Media Center SP3. I'll try the scan in safe mode and see what I come up with.

It ran and finished in safe mode. I moved the only result (inst.exe) to quarantine.

And as a side note, I tried rerunning the scan in normal mode and got blue screened again, but I got the file name that killed it - khips.sys, which I understand is related to the Kerio/Sunbelt Firewall I'm using on this PC. I had the firewall disabled at the time I ran the scan though, so I'm wondering if I have to remove it completely for the scan to work.

And Malwarebytes found the following:




Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 3

3/6/2009 9:29:04 PM
mbam-log-2009-03-06 (21-29-04).txt

Scan type: Quick Scan
Objects scanned: 72693
Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[userr]

And as a side note, I tried rerunning the scan in normal mode and got blue screened again, but I got the file name that killed it - khips.sys, which I understand is related to the Kerio/Sunbelt Firewall I'm using on this PC. I had the firewall disabled at the time I ran the scan though, so I'm wondering if I have to remove it completely for the scan to work.

This is strange, important and should be thoroughly analysed, thank you. What product from Sunbelt do you have and what version exactly ? If there are *.dmp files in c:\WINDOWS\Minidump\ pls zip the latest file and attach it here.

And Malwarebytes found the following:

Nothing really dangerous. http://forum.drweb.com/public/style_emoticons/default/smile.png What are your problems with this comp?

[stingo]

And as a side note, I tried rerunning the scan in normal mode and got blue screened again, but I got the file name that killed it - khips.sys, which I understand is related to the Kerio/Sunbelt Firewall I'm using on this PC. I had the firewall disabled at the time I ran the scan though, so I'm wondering if I have to remove it completely for the scan to work.

This is strange, important and should be thoroughly analysed, thank you. What product from Sunbelt do you have and what version exactly ? If there are *.dmp files in c:\WINDOWS\Minidump\ pls zip the latest file and attach it here.

And Malwarebytes found the following:

Nothing really dangerous. http://forum.drweb.com/public/style_emoticons/default/smile.png What are your problems with this comp?

Actually the problem is with another computer that I have that IS infected (and for which I'm getting help on another board) with something nasty - something that scans by four or five different applications couldn't pick up. The reason I posted here was because DrWeb was one of the suggested scanners to run, but I couldn't do so, which is why I posted here. The reason I'm asking about the one I'm posting logs for is that's the computer I used to change critical passwords, and I'm hoping it was safe to do so.