« previous next »
Pages: 1 2 [3]

Author Topic: ass biscuits...  (Read 4902 times)

ass biscuits...
Reply #30 on: November 30, 2007, 23:50:16 PM
Quote from: Tongy
Hey fella,

This is a big download so do it if you like...

Bitdefender have a rescue boot CD you can cut onto a disk (if you can access another machine).

http://download.bitdefender.com/rescue_cd/bitdefender_2008_RescueCD_v2.iso

Cheers,
Tongy


This looks like it could do the job. Fired up its malware scanner automatically, and is already scanning away here. :) hopefully itll clear up any issues left on here :)
Logged

  • Offline bear

  • Rutabaga
  • Posts: 6,324
  • Global Moderator
  • Hero Member
ass biscuits...
Reply #31 on: December 02, 2007, 14:19:53 PM
How is it comming along ?

Well depending of space in your centos partition, a virtual machine in linux to install XP to build a bootable XP CD maybe could be a way to go.
Logged
ass biscuits...
Reply #32 on: December 02, 2007, 15:21:18 PM
Not good.

Somehow my computer is now spankingly clean according to the following.

F-Prot
NOD32
AVG Spyware
HijackThis (cant see a thing thats odd there...)
Bit Defender.
Stinger

All with the latest defs.

Yet if I start up in normal mode, NOD32s firewall takes up 100% cpu as its blocking all the SMTP requests from the "system" process.

Seriously... my system is totally clean according to all that.

Only thing left to try is housecall online.
Logged

  • Offline bear

  • Rutabaga
  • Posts: 6,324
  • Global Moderator
  • Hero Member
ass biscuits...
Reply #33 on: December 02, 2007, 15:51:31 PM
Well AVG rootkit revealer have u tried that ?

also install something else than NOD32 , check your PM
Logged
ass biscuits...
Reply #34 on: December 02, 2007, 15:58:47 PM
Install something else other than nod32?

I have AVG, Spybot, F-Prot, think I already scanned it with Alwil, and ANTIVIR, Stinger.

Whatever I have, I think nothing can find it.

Nod32s firewall is the only thing stopping my computer sending out several million emails a minute.
Logged

  • Offline bear

  • Rutabaga
  • Posts: 6,324
  • Global Moderator
  • Hero Member
ass biscuits...
Reply #35 on: December 02, 2007, 16:24:22 PM
What is sending out all those emails ? Is it through Outlook ?

Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.

and u got a new PM :D
Logged
ass biscuits...
Reply #36 on: December 03, 2007, 08:47:55 AM
Quote from: bear
What is sending out all those emails ? Is it through Outlook ?

Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.

and u got a new PM :D


Nope :) Its going as the system process according to netstat -b.
Logged

  • Offline Serious

  • Posts: 14,467
  • Global Moderator
  • Hero Member
Re:ass biscuits...
Reply #37 on: December 03, 2007, 21:46:49 PM
I dont suppose it would be quicker to reinstall?

Check the number of active users, some set up their own account and hide that way.
Logged

  • Offline bear

  • Rutabaga
  • Posts: 6,324
  • Global Moderator
  • Hero Member
ass biscuits...
Reply #38 on: December 03, 2007, 21:54:28 PM
Quote from: M3ta7h3ad
Quote from: bear
What is sending out all those emails ? Is it through Outlook ?

Remove outlook and get a another mailprogram like
Foxmail, Thunderbird or the like.

and u got a new PM :D


Nope :) Its going as the system process according to netstat -b.


Is it through an instance of svchost ? check if it is located somewhere else
than in \system32 xp uses svchost but there can be false ones, one can try
turning them of one at the time to see if the emailing stops.
Logged
Re:ass biscuits...
Reply #39 on: December 04, 2007, 10:28:42 AM
Not SVChost, but actually the system process.

Its the hardest core thing ive ever had to deal with, the little bastard appears to have added its own code to a system dll or something, hooked into the system process and blammo... despite all other trails of it being removed, this one last thing is screwing it all up.

A reinstall would be faster yes, but ugh... I just didnt want to hose this installation. Guess only path left is the hosage way really.
Logged

  • Offline bear

  • Rutabaga
  • Posts: 6,324
  • Global Moderator
  • Hero Member
ass biscuits...
Reply #40 on: December 04, 2007, 11:30:35 AM
Hard work but u could replace all *.dll with fresh ones.

Have you downloaded all security uppdates ?

Try windizupdate.com
Logged
ass biscuits...
Reply #41 on: December 04, 2007, 13:42:25 PM
If I remember rightly I thinks theres an SFV check I can do that will do the same from a cd. May try that first before a wipe :)
Logged

  • Offline Beaker

  • Posts: 3,803
  • Hero Member
Re:ass biscuits...
Reply #42 on: December 04, 2007, 16:38:21 PM
run webroot system analyser to see what its got in there.  Itll uaully give you a pretty good report.  Then run spysweeper.  user the "Masters" files from System analyser rather than the ones in spysweeper and itll normally pick things up better.  After that if it still wont shift then you may need to try Counterspy.  This is provided you have managed to get it booting.  
Logged
Re:ass biscuits...
Reply #43 on: December 05, 2007, 08:49:33 AM
Quote from: Beaker
run webroot system analyser to see what its got in there.  Itll uaully give you a pretty good report.  Then run spysweeper.  user the "Masters" files from System analyser rather than the ones in spysweeper and itll normally pick things up better.  After that if it still wont shift then you may need to try Counterspy.  This is provided you have managed to get it booting.  


Decided to wipe it after all. Now just to get pxeboot working.

Got it as far as mounting a network share, just need to get the installer working.
Logged
Pages: 1 2 [3]
« previous next »

0 Members and 1 Guest are viewing this topic.