Results 1 to 10 of 18

Thread: What has infected my .exe files..???

Threaded View

  1. 01-27-2008, 12:36 AM #12
    PhilliePhan's Avatar
    PhilliePhan
    PhilliePhan is offline High-Voltage Messiah
    Join Date
    Aug 2006
    Posts
    578

    Lightbulb

    Hi Vince,

    Quote Originally Posted by ALL THUMBS View Post
    I have done the actions to show all hidden files, and I could not find this file other than the one i have mentioned previously which only shows vchost with no extensions
    I have looked in C:\WINDOWS\system32\ for the winpdc.dll and had it wasn't to be found to delete
    That vchost.exe bugs me - It shows in the log, but I wonder if there is more going on such as a rootkit... Also, given the Hosts file situation, I wonder....
    I have written a batch tool that might help find and kill it. We may give that a go. I'd like to see a fresh combofix log first, though. In fact, let me try a CFScript for that and the winpdc32.dll. Instructions at bottom of post

    Quote Originally Posted by ALL THUMBS View Post
    Are you able to provide better option other than AdwareAlert
    The other anti-spy apps you already have onboard are better. I like Spyware Doctor and AVG anti-spy.
    Adware Alert has a poor reputation - false positives and such. It used to be on Spyware Warrior's Rogue List.

    Quote Originally Posted by ALL THUMBS View Post
    Should there be a file in C:\WINDOWS\system32\drivers\etc that has these files within it:

    hosts (no extension)
    hosts.20080121-224941
    lmhosts.sam
    networks (no extension)
    protocol (no extension)
    services(no extension)
    tmvsthfss.bin
    tmvsthfud.bin
    tmvsthfss.bin & tmvsthfud.bin are malware-related and can be deleted. Not sure if they are part of Vundo, or something else... You can also delete hosts.20080121-224941.

    -- Can you open your Hosts File (hosts (no extension)) with notepad and upload that as an attachment for me to check out?

    Quote Originally Posted by ALL THUMBS View Post
    I would also like to mention that AVG Antivirus is showing no infections to date.
    Happy to hear that! The Kaspersky log looks OK too.


    ** Here is the ComboFix step :


    -- Please delete your copy of ComboFix and download a fresh one to your Desktop
    -- Download the attached file CFScript.txt to your Desktop as well
    -- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe



    -- Let Combofix run as before and post me that log along with the contents of your Hosts File.

    I'll try to check back Sunday, but may not be back until Monday evening.


    Best
    PP
    Last edited by PhilliePhan; 02-27-2008 at 08:42 PM.
    Philadelphia Phillies
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules