Jump to content


Photo

Aliexe Hijack Log


  • Please log in to reply
38 replies to this topic

#1 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 10 June 2008 - 02:49 PM

Hey guys can you look at this please wink.gif

Attached Files



#2 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 10 June 2008 - 04:23 PM

Upload this files on http://www.virustotal.com/ and leave here the test link !
QUOTE

F:\Documents and Settings\Mark Gower\Desktop\postcard.exe


#3 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 10 June 2008 - 04:27 PM

QUOTE (crysty2k5 @ Jun 11 2008, 12:53 AM) <{POST_SNAPBACK}>
Upload this files on http://www.virustotal.com/ and leave here the test link !


Thanking you will do now biggrin.gif


QUOTE (crysty2k5 @ Jun 11 2008, 12:53 AM) <{POST_SNAPBACK}>
Upload this files on http://www.virustotal.com/ and leave here the test link !


Sorry I don't know how to find it rolleyes.gif F:Documents and SettingsMark GowerDesktoppostcard.exe

Edited by crysty2k5, 10 June 2008 - 06:10 PM.
posts merged by crysty2k5


#4 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 10 June 2008 - 08:04 PM

Didi you check on your Desktop ?!

#5 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 11 June 2008 - 02:51 AM

QUOTE (crysty2k5 @ Jun 11 2008, 04:34 AM) <{POST_SNAPBACK}>
Didi you check on your Desktop ?!


Yes I did and also used windows search to check all the drive and it found nothing unsure.gif

F:\Documents and Settings\Mark Gower\Desktop\postcard.exe this is what I used in my search...

#6 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 11 June 2008 - 03:27 AM

QUOTE (mag @ Jun 11 2008, 11:21 AM) <{POST_SNAPBACK}>
Yes I did and also used windows search to check all the drive and it found nothing unsure.gif

F:\Documents and Settings\Mark Gower\Desktop\postcard.exe this is what I used in my search...


Update Spyware Doctor reports 5 infections of Trojan-downloader.Exemas.B and 1 infection of Win32 Backdoor.Bandok
It can remove them and if you scan again their back ohmy.gif


#7 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 11 June 2008 - 11:03 AM

Type postcard.exe in your Search !!!

#8 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 11 June 2008 - 11:09 AM

QUOTE (crysty2k5 @ Jun 11 2008, 07:33 PM) <{POST_SNAPBACK}>
Type postcard.exe in your Search !!!


Thanks will do now wink.gif

#9 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 11 June 2008 - 12:54 PM

QUOTE (mag @ Jun 11 2008, 07:39 PM) <{POST_SNAPBACK}>
Thanks will do now wink.gif


No still can't find it and searched in hidden file and folders too, also all of drive F .. blink.gif

#10 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 11 June 2008 - 03:33 PM

Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.

At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !

#11 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 12 June 2008 - 04:13 AM

QUOTE (crysty2k5 @ Jun 12 2008, 12:03 AM) <{POST_SNAPBACK}>
Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.

At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !


Thanks champ biggrin.gif

ok will post back as soon as it's finished ...

#12 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 12 June 2008 - 06:11 AM

QUOTE (crysty2k5 @ Jun 12 2008, 12:03 AM) <{POST_SNAPBACK}>
Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.

At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !


Right had some trouble when Combofix rebooted windows as some programs restarted and the one causing the problem was Norton System Works stopping some scripts from Combofix from running (only doing it's job wink.gif ) so I had to use task manager to shut that down..

Attached Files


Edited by mag, 12 June 2008 - 06:12 AM.


#13 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 12 June 2008 - 10:55 AM

The thinks look good now !


For your safety, run a system scan with Bitdefender Online && SUPERAntiSpyware (free edition) !

http://www.bitdefend...m/scan8/ie.html

http://superantispyware.com/

#14 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 12 June 2008 - 01:10 PM

QUOTE (crysty2k5 @ Jun 12 2008, 07:25 PM) <{POST_SNAPBACK}>
The thinks look good now !


For your safety, run a system scan with Bitdefender Online && SUPERAntiSpyware (free edition) !

http://www.bitdefend...m/scan8/ie.html

http://superantispyware.com/


Hi again http://www.bitdefend...m/scan8/ie.html is running as we speak but it's not in a hurry, has been running over 1hr and says est 7.50hrs left happy.gif

#15 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 12 June 2008 - 04:30 PM

If you have a big HDD, please wait !

Do somethin' else, put leave BD to finish the scan !

#16 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 13 June 2008 - 05:36 AM

QUOTE (crysty2k5 @ Jun 13 2008, 01:00 AM) <{POST_SNAPBACK}>
If you have a big HDD, please wait !

Do somethin' else, put leave BD to finish the scan !


Hi I did let run wink.gif

It estimated the time but took 4hrs to run so half the time was ok...

The most important thing it's all clean after the scan but after reboot it's back angry.gif it's in the start up reg and it was also clean after running superantispyware until the reboot too!!

superantispyware finds it and removes it and if you scan again it's back. angry.gif

#17 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 13 June 2008 - 09:38 AM

Hmmm....

Let's try this : download Malwarebytes' Anti-Malware and run a complete scan !

http://www.malwarebytes.org/

Clean all the mallware after the scan !

#18 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 13 June 2008 - 01:35 PM

QUOTE (crysty2k5 @ Jun 13 2008, 06:08 PM) <{POST_SNAPBACK}>
Hmmm....

Let's try this : download Malwarebytes' Anti-Malware and run a complete scan !

http://www.malwarebytes.org/

Clean all the mallware after the scan !


Well we're winning nothing was found using Malwarebytes and now when rebooting at startup I get the windows error noise and a box appears saying windows can't find the file called ali.exe and so on.

Some of the bug is left behind here, I've added a couple of screen shots to show you wink.gif

Attached Files


Edited by mag, 13 June 2008 - 01:43 PM.


#19 Christian

Christian

    Bitdefender Support

  • Root Admin
  • PipPipPipPipPipPip
  • 14,021 posts
  • Gender:Male
  • Location:BitDefender HQ
  • Interests:Private

Posted 13 June 2008 - 09:13 PM

Deactivate ali.exe from statup !

Ali.exe is a trojan !

It was deleted !

Uncheck that from startup wink.gif

#20 mag

mag

    Newbie

  • Members
  • 24 posts
  • Location:Australia

Posted 14 June 2008 - 04:29 AM

QUOTE (crysty2k5 @ Jun 14 2008, 05:43 AM) <{POST_SNAPBACK}>
Deactivate ali.exe from statup !

Ali.exe is a trojan !

It was deleted !

Uncheck that from startup wink.gif


Hey again crysty2k5, If I uncheck it from start up it replaces it self straight away..

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users