Results 1 to 10 of 353

Thread: Help - trying to remove BraveSentry etc

Hybrid View

  1. 05-15-2007, 12:22 AM #1
    StckFigure
    StckFigure is offline Senior Member
    Join Date
    May 2007
    Posts
    194
    - No instances of ASPI113210 found
    - No instances of CMDService found
    - 2086 instances of Core found (see next post)
    - 6930 instances of Driver found (see next post)
    - No instances of NETWORK_MONITOR found
    - No instances of NEW_DRV found
    - No instances of WINCOM32 found
    - No instances of Network Monitor found
    - No instances of new_drv found
    - No instances of RpcApi found
    - 18 instances of windbg48 found

    I'm assuming this is a good sign, since Core and Driver are so common, unless you expected it to find one of these and it's hidden. As before, if we can later do something to hide the posts with the results if there's any identifying info in them, since I'm not sure what's available from registry keys, that'd be fantastic.
    Reply With Quote Reply With Quote
  2. 05-15-2007, 03:59 PM #2
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Quote Originally Posted by StckFigure View Post
    I'm assuming this is a good sign, since Core and Driver are so common, unless you expected it to find one of these and it's hidden. As before, if we can later do something to hide the posts with the results if there's any identifying info in them, since I'm not sure what's available from registry keys, that'd be fantastic.
    I'm leaning with you in this instance - Not finding all those others is good. I have seen instances where they have been a rea b!tch to remove. ('course this was a few months ago - looks like Combofix has been updated to nail a lot of those... )
    sUBs and OldTimer and all the rest in the anti-malware community who put their time and effort into the creation of these free tools are to be commended!
    I wrote a similar on to remove a few of the threats you had on your compy, but combofix puts my efforts to shame!

    But I digress....

    I figured Core and Driver would produce a lot of entries to be sifted through, but based on the results for the others, I'd wager that combofix removed them all. So probably no worries there.

    -- As you may have surmised, I am not up to date on the latest baddies. With the weather improving plus other responsibilities, I have had to put fighting malware on the back burner for a bit
    -- WINDBG48 looks like some sort of rootkit driver.... Definitely reeks of malware to me.

    If you know how to backup those keys with regedit, I suggest you do that and then Delete them (or try to).
    Otherwise, I can put together a "one click" registry merge to do it for you when I get home later tonight.

    Judy can probably help as well.

    After this batch, I suggest running Combofix again and post a new log and then we'll attack whatever remains.

    Cheers
    PP
    Last edited by PhilliePhan; 05-15-2007 at 04:03 PM.
    Philadelphia Phillies
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules