Home > General > Win32/SillyAutoRun.AWH


Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Terms of Service] [Sitemap] #totalhash Malware Analysis Database Menu Skip to content Home Search Network Search Upload API Access Browse About BLEEPINGCOMPUTER NEEDS YOUR HELP! These tools bring our unique insight to bear at no cost to users. Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x0B 0x66 0xCA 0xF4 ... have a peek at this web-site

WindowsBBS Forums > Security > Malware and Virus Removal > Malware and Virus Removal Archive > This site uses cookies. Please, do not select the "Show all" checkbox during the scan. Select 1. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. https://www.bleepingcomputer.com/forums/t/224081/win32sillyautorunawh/

A text file will open in your default text editor. - Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. If not please perform the following steps below so we can have a look at the current condition of your machine. Cookies Registration Notice Solved Redirects, unable to open Regedit/cmd - almost all fixed Discussion in 'Malware and Virus Removal Archive' started by Jedi5, 2009/05/10. We listen keenly to the community feedback and we have determined that there are a number of new services that are needed.

If I turn off ETrust, I still can't download it. More... My web page My help doesn't cost a penny, but if you'd like to consider a donation to WindowsBBS, click HERE broni, #7 2009/05/16 Jedi5 Inactive Thread Starter Joined: 2009/05/09 Messages: Thanks Back to top #6 Billy O'Neal Billy O'Neal Visual C++ STL Maintainer Malware Response Team 12,301 posts OFFLINE Gender:Male Location:Redmond, Washington Local time:03:56 PM Posted 20 May 2009 -

Combofix logo will not even appear. Click here to Register a free account now! C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7442A32] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7442B6E] sptd.sys IAT http://www.spywareremove.com/sillysharecopyg/alias/ Do NOT attempt to "fix" anything!

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xFA 0xC2 0xF6 0x33 ... PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. Initially some spyware was found and removed after runnign malwarebytes, etc. .

After downloading the tool, disconnect from the internet and disable all antivirus protection. https://malwr.com/analysis/MDdlZTM3YTE5NDgwNDY1ZmE4ZjYwZjYxYjI2ZmVmMTQ/ Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes ". Double-click Goored.exe to run it. RESTART COMPUTER STEP 4.

Please re-enable javascript to access full functionality. Check This Out Please read Combofix's Disclaimer. Digital Media Edition Installer Microsoft Plus! Please Help.

Quick Links HelpWithWindows.com RoseCitySoftware.com Recommended Links Menu Log in or Sign up Search Search titles only Posted by Member: Separate names with a comma. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Copyright (C) 2010 (&F) (&H) jjjj safe SAFE safe Version 1.0 System (&X) |%########################## [[[[[[ [[[[[[[ [[[[[[[[ {{{{{{{{ {{{{{{{{{{ {{{{{{{{{{{{{ {{{{{{{{{{{{{{{{{{{ #'#'#'#'#'", ######################## {{{{{{{{{{{{0 {{{{{{{{{{{{{0 1111111(o ''''''''''''''''@2^ 2(((((((((((((((((((((((((( 33333333333330 3333333333333333333 33$?m[ Source Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop.

Several functions may not work. DOWNLOAD NOW Most Popular MalwareCerber [email protected] Ransomware'[email protected]' RansomwareRansomware.FBI MoneypakRevetonNginx VirusKovter RansomwareDNS ChangerRandom Audio Ads VirusGoogle Redirect Virus Top TrojansHackTool:Win32/KeygenJS/Downloader.Agent New Malware XCrypt Ransomware‘This is Hitler' Ransomware‘.7zipper File Extension' Ransomware‘.zXz File Extension' Photo Story 2 LE Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Virtual PC 2004 Microsoft® Flash Mini Nutcracker 2.0 Modem Helper Move Networks

C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. ?

File not foundO3 - HKU\S-1-5-21-117609710-606747145-1801674531-1002\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)O4 - HKLM..\Run: [SBAMTray] C:\Program [email protected] ttttttttj tZSJNW^^^ <<<<<<<<<<<<<<<<<<<<<<<<<

ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\temp.dmf c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap13.tmp c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap16.tmp c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap18.tmp c:\documents and settings\ZZZZ\Local Settings\Temporary Internet Files\zap1A.tmp c:\documents http://quodsoftware.com/general/win32-ctx.html These were the issues I was having: Google redirects occasionaly Couldn't open Regedit (I really didn't like that) Couldn't open CMD window or MSConfig Sometimes I couldn't see any of my

NOTE. If we have ever helped you in the past, please consider helping us. I'm going to PM you about downloading, and running Combofix. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...

Using the site is easy and fun. We look forward to continuing to offer similarly useful tools to you in the future. Keys: av dnsrr email filename hash ip mutex pdb registry url useragent version Search Analysis Date2014-06-13 22:34:18MD512645ea49ebda8c0636a8d0c89090a63SHA174d46c05dd0f4823c40275ad8df4894739d1e982Static Details:File typePE32 executable for MS Windows (GUI) Intel 80386 32-bitSectionPAGE md5: 41637d93e78d187102b2909c33d7073d sha1: 7791f77c86ca77904f3c2988139c6e6188096c54 DDS (Ver_09-03-16.01) - NTFSx86 Run by i font know at 23:44:40.09 on Sat 05/02/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1335 [GMT -4:00] AV: CA Anti-Virus *On-access scanning

WebTrojan.DownLoader1.17108AVDr. Information on A/V control HERER,K The only easy day was yesterday. ...some do, some don't; some will, some won't (WR) Back to top #3 kstevege kstevege Topic Starter Members 8 posts File Status: Cure failed, file restored. Run the scan, enable your A/V and reconnect to the internet.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Our community service tools require time and money to develop and maintain on an ongoing basis. Initially it also knew when I tried to download Combofix from sites such as bleeping computer. WindowsBBS.com is completely free, paid for by advertisers and donations.