Seeing the many problems listed here I wanted to point out a tool that I used recently tried and was amazed by the results.  I had a system with problems that I could usually handle but this problem would reproduce even with system restore off and in safe mode.  I found this program, ComboFix, so with nothing to lose, next step format and reinstall, I followed the instructions & within 10 mins. or less my problems were gone, I found it hard to beleive, but true, here is a link  http://www.bleepingcomputer.com/combofix/how-to-use-combofix
follow instructions carefully

If this has already been posted, sorry I could'nt find it

xit

Xit, thanks, though I've known, and probably many others, about this program. I did not post it due to the fact that it is just another tool in my box to fight nasties...  

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.

Hmmm, thanks for that, I've never seen this tool before. Does it simply analyze your system, much like HijackThis, or does it also remove malware/spyware? Thanks.

I fixes stuff it finds.
Be careful though, Combofix is a very 'low level' tool, and can in some circumstances either fail to operate or even mess up your system, It will warn you of this when you run it.

A similar highly effective deep scanner with the same sort of warnings is SDFix.

I would only use these if you are pretty sure you have an infection, don't use them as a scheduled scan on clean machines.


  

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

It actually scans and removes but it also acts like HJT as it saves a log to be analyzed, but what suprized me is the speed of the scan.

xit

Its fast becaause its scanning outside of the OS.
And this why its difficult for the infections to fight back.

But it also accounts for the dangers of use.
 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

As I stated in my initial post it is a last resort tool, be sure to back up any valuable data before use, but it is indeed a fine tool when all else fails

xit

Thanks all for the additional info: thank goodness then - at last, a tool that scans quick. I must check it out.

I know I've seen combofix before, and maybe even used it on at least one occasion, but I keep forgetting about it.  Thanks to xit for the link to the "how to" - I know I've seen it before, but it helps to remember.

Also, thanks to sggaunt for the mention of SDfix - I think I've seen that one mentioned, but I'm pretty sure never used it.

--

"If to err is human, then I must be some kind of human!" -Me

Thought I'd mention this for others who were unaware, regarding SDFix.  Apparently that program only works on Windows 2000 and XP, so if you are working on a Vista machine, that app will be no help.  I got the info from various forum boards after searching for the app.


 

--

"If to err is human, then I must be some kind of human!" -Me

combo is not a tool of last resort. However, it should only be used by qualified persons, as in the wrong hands it can cause serious damage, as the log it makes needs to be anaylsed properly.

I have been using combo and sdfix for a few years now! As mentioned combo can run on Vista, sometimes it doesn't, I'm not sure if sdfix is yet compatible with Vista!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Hi pechenegs!! You have been away for some time.
I hope the rest of us have been able to keep up standrds while the 'Pro' has been away?



 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

hi Sggaunt, thx for the warm welcome, how are you?

I'm sure your all doing just fine! :)

My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous, you will get banned from other web-sites which
specalise in hijack this and malware cleaning for doing this!


Anyway, good to be back, took a bit of a time out as I got fed up
fighting the usual suspects which are still with us, nothing changes!


See this thread below on posters suggesting hijack this automated
analysis web-sites!


http://www.tek-tips.com/viewthread.cfm?qid=1551201&page=1

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Quote (pechenegs):

My main gripe from reading some of the most recent posts is that posters
should all refrain from using online hijack this anaylysis tools as
these can be dangerous,

Can you elaborate?  How are they dangerous?

--

"If to err is human, then I must be some kind of human!" -Me

Thank you I am fine.
Yes I can see where you are commming from on the HJT analisers.
and I agree It is a bad idea to simply take the results at face value.

 

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

@ kjv1611 , because if they make a mistake then someone's computer is getting hosed.

remember svchost.exe, well many hijackers use a similar file name such as Scvhost.exe which can easily be confused with the legitimate Windows file!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

There is also a hijacker called AWF which replicates and copies legit files and puts them in other folders and places itself where the original files are!

see this link below for an example!


http://forums.techguy.org/malware-removal-hijackthis-logs/676077-malware-pop-ups.html

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Good points.  I'll definitely keep that in mind in case I use any hijack logs myself in the future.

Thanks, pechenegs.

--

"If to err is human, then I must be some kind of human!" -Me

Just found this as another example of a virus using something similar to svchost.exe.

in the example below only one letter is different and it uses the  title  @intel@ which many might think is to do with the legit Intel processors!


http://forums.techguy.org/malware-removal-hijackthis-logs/556025-trojans-viruses-pls-help.html


O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\opolmm.dll",setvm
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe



 

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Greets Pechenegs... your presence was surely missed...

about the online HJT analyzers, I agree they can cause more trouble than they help in the wrong hands...

that is why I only use them as a reference, KJV had asked about them and that is the reason I had posted the link to the German one, which I had found to be more reliable than the others...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"