Home > Need Help > Need Help RootKit.TnCore/Trace

Need Help RootKit.TnCore/Trace

Thank you for your help.Main.txt:Deckard's System Scanner v20071014.68Run by Jacquie on 2008-02-21 18:45:52Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) any post-cleaning thoughts? WD external hard Drive interfering... First, Just open a new email message.

Thanks for any help you can give me. Yes there is also sometimes another service that goes along with it. It's not new Nick! will update you when its finished. http://www.techsupportforum.com/forums/f284/need-help-rootkit-tncore-trace-213769-post1278200.html

Click the "Yes" button to begin scanning your system. If this is an issue or makes it difficult for you -- please tell me.Let me know how machine is running.There will be more work to do.Thanks I'll have an order Share this post Link to post Share on other sites smrpeople Newbie Members 8 posts Posted February 2, 2008 · Report post You are welcome and thanks to "Ade" also.

Is this possible? It always appears in a pair of files. Since ComboFix was obviously blocked by something, I have another method we often use. iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast!

Go through all the steps until posting the log part. I'll let you know the results of the scan when it finishes. I just want to give these people their computer back.It seems to be running fine.New HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:03:18 AM, on 2/29/2008Platform: Windows XP SP1 With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Combofix should deal with it though. This is normal. Take care & surf safe! oh and again, many many thanks to everyone who helped, Nick, chaslang you guys rock.

Then attach the below logs: C:\ComboFix.txt C:\MGlogs.zip Make sure you tell me how things are working now! useful source Learn More Question has a verified solution. Everyone else please begin a New Topic. 0 Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics 0 user(s) are reading this topic 0 members, 0 guests, Connect with top rated Experts 12 Experts available now in Live!

NoYes × Are you sure to choose it as the best answer? Learn More Message Author Comment by:JamesAdmin ID: 212065552008-03-25 i did it all in this order, hope i did it in the right order 1. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Would you like to try our 4.1 pre-release version?

attached is the log how can I tell if the kernel drivers are active? maybe something is interfering?Click to expand... Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO24 - Desktop Component 0: (no name) - http://netmail.verizon.net/webmail/servlet...position=inlineO24 - Sign In Use Facebook Use Twitter Use Windows Live Register now!

You can see these file I pasted in above in the newfiles.txt log inside the MGlogs.zip file.Click to expand... Click here to Register a free account now! No 2.4GHz band connections on...

You can even send a secure international fax — just include t… eFax How to Monitor Bandwidth using PRTG (very basic intro, 3:04) Video by: Kimberley Here's a very brief overview

will do that right now. Just saying really. Share this post Link to post Share on other sites fatdcuk Malware Hunter Members 627 posts LocationEngland,UK Posted February 1, 2008 · Report post I upgraded to the full version somehow gets re-created.

My Passport Wireless Pro Wi-Fi Mobile Storage Promoted by Western Digital Portable wireless storage to offload, edit, and stream anywhere. Edited by Wrathchild, 27 February 2008 - 02:39 PM. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Choose to accept or decline the disclaimer.

Nick Skrepetos SUPERAntiSpyware.com SUPERAntiSpy, Apr 15, 2008 #8 guyinblacktshirt Private E-2 I just started my Complete Scan with the latest definitions, 1000x thanks to the team of superAntispyware will keep They all found that the infected file is core.cache.dsk in the windows/system32/drivers folder. Now use your mouse to drag CFscript.txt on top of ComboFix.exe Follow the prompts. I removed it and am just thrilled that that G.D.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe Disable your Anti-virus and any real-time Anti-spyware monitors that are running. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Log in This will start ComboFix again. 5. I performed scans with spyware doctor,super antispyware, spybot S&D.

Acronis Encryption Ransomware Disaster Recovery Security *Backup Software How to Send a Secure eFax Video by: j2 Global Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). Here is the results from the log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/25/2008 at 01:54 PM Application Version : 4.0.1154 Core Rules Database Version : 3424 Trace Rules Database Version: 1416 Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe At this point, you MUST EXIT ALL BROWSERS NOW Share this post Link to post Share on other sites Pandato Advanced Member Members 388 posts Posted February 1, 2008 · Report post You are welcome and thanks to "Ade"

Join the community of 500,000 technology professionals and ask your questions. Sign In Sign Up Browse Back Browse Forums Online Users Activity Back Activity All Activity Search Jump to content Sign In Create Account Search Advanced Search section: This topic Forums