Home > Am I > Am I Infected? Cognac & B.exe In Mcconfig

Am I Infected? Cognac & B.exe In Mcconfig

Keep in touch with Experts ExchangeTech news and trends delivered to your inbox every month Membership How it Works Gigs Live Careers Plans and Pricing For Business Become an Expert Resource If I have helped you then please consider donating to continue the fight against malware Back to top #38 Simon T Simon T Topic Starter Members 23 posts OFFLINE Local HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. If asked to restart the computer, please do so immediatly. Check This Out

Windows 10 Operating Systems Advertise Here 862 members asked questions and received personalized solutions in the past 7 days. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is This applies to the original topic starter only. c:\vmlj.exe (Trojan.Downloader) -> No action taken. http://www.bleepingcomputer.com/forums/t/313721/am-i-infected-cognac-bexe-in-mcconfig/

If asked to restart the computer, please do so immediately. if it's spyware/rootkits Back to top #6 Richard Longfellow Mr. It sometimes does not work within normal mode. 0 LVL 2 Overall: Level 2 Windows XP 1 Anti-Spyware 1 Anti-Virus Apps 1 Message Expert Comment by:adminpps ID: 245858972009-06-09 Well, combofix

As a downloader, this threat was designed to contact distant computer to download other malware. http://www.bleepingcomputer.com/combofix/how-to-use-combofix -EZS 0 Message Active 3 days ago Author Comment by:thinktechsolutions ID: 245857672009-06-09 I did check msconfig and its not there any other suggestions thank you 0 Message Active HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Local Settings\Temp\b.exe (Trojan.Downloader) -> No action taken.

c:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> No action taken. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. To learn more and to read the lawsuit, click here. Thank you BasedGod CAGiversary! 4340 Posts Joined 8.6 Years Ago lolwut? 100% 149 0 - - - Posted 16 July 2009 - 07:11 AM I figured it couldn't

Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running Back to top Back to PC Reply to quoted postsClear Cheap Ass Gamer → Video Game Discussions → PC Rules, Terms of Use, & Privacy Change Theme CAG 3.0 - If you guys could help me that would be amazing. Characteristics: Trojan Cognac was made to deploy threats.

C:\WINDOWS\SYSTEM32\logon.exe (Trojan.Agent) -> Delete on reboot. https://forums.techguy.org/threads/b-exe-msa-exe-msantivirus-help.842593/ If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Memory Modules Infected: \\?\globalroot\systemroot\system32\geyekrlabbkxku.dll (Trojan.TDSS) -> No action taken. At the very least, please do not use it until you have been cleaned up.

Under Main choose: Select All Close all of your programs including browser windows Click the Empty Selected button. http://100linux.com/am-i/am-i-infected-or-not.html The only reason I'm able to use this now is because explorer.exe is not running, and I'm using Firefox by directly launching it through the Task Manager. C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\it_reg.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. What the Tech → Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal Javascript Disabled Detected You currently have javascript disabled.

Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? Click on Save Report As....Save this report to a convenient place. c:\documents and settings\user\local settings\Temp\setup.exe (Trojan.Dropper) -> No action taken. this contact form Join over 733,556 other people just like you!

Back to top #12 lolwut? It is. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

CAGiversary! 461 Posts Joined 10.6 Years Ago KhaosX 100% 1 0 - - - Posted 16 July 2009 - 06:19 PM there is a nice little program called

I understand this probably isn't the best place to get help, so I'm going to post a thread on Bleeping Computer, and will just use my workaround for the time being. The scan may take some time to finish,so please be patient. c:\documents and settings\user\local settings\Temp\3693812006.exe (Trojan.Dropper) -> No action taken. Are you still connecting to the internet when you log on?

CPU running at 100% most of the time, even after closing programsHoping you can help.Thanks,Si Attached Files Attach.txt 8.59KB 6 downloads DDS.txt 21.64KB 3 downloads gmer.log 22.08KB 9 downloads Back to This site is completely free -- paid for by advertisers and donations. That is still not working. navigate here C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.

When scanning is finished click on the Show Results button. 8. C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. BLEEPINGCOMPUTER NEEDS YOUR HELP! c:\documents and settings\user\local settings\Temp\system.exe (Trojan.Dropper) -> No action taken.

Please re-enable javascript to access full functionality. c:\documents and settings\user\local settings\temporary internet files\Content.IE5\44VD5K0I\install.48349[1].exe (Trojan.Downloader) -> No action taken. The exe itself expires every week so in order to keep using it you have to keep downloading it. If you're not already familiar with forums, watch our Welcome Guide to get started.

If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Recently discovered line in startup items in mcconfig for Cognac pointing to file b.exe. mode: Politics & Controversy Lifestyle & Off Topic Quick Links What's New My Profile My Content Content l Follow Community Areas User Blogs User Galleries Games Reviews Contests Code Giveaways Prices

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. Please be patient and I will respond as soon as I can. scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-395857930-107859941-2218795296-1000\Software\Microsoft\Windows\CurrentVersion\Settings\{76152C9D-0360-4843-85AD-1BDCE62EB374}\{26CE9193-6640-418a-B7DD-DC07D7F3BBBF}*]"t"=hex:f6,d4,97,63,8b,18,f9,9b,47,1c,af,98,b1,60,0c,aa,01,6a,eb,c5,48,78,f5, 68,e3,b1,a3,5b,41,49,5a,74[HKEY_USERS\S-1-5-21-395857930-107859941-2218795296-1000\Software\SecuROM\!CAUTION! c:\documents and settings\user\local settings\Temp\3615687006.exe (Trojan.Dropper) -> No action taken.

Doing so could cause changes to the directions I have to give you and prolong the time required. Now what do I do. Right now the computer seems to be stable, but not too long ago my computer was overrun by some of those fake virus scanners, as well as numerous random programs (Iolasdnfd.exe, Be warned, combofix is a BEAST of a program, and WILL delete anything infected that it finds, including system files.