Overview/Intro: Smit won't let Firefox run at all! Disgusting little thing. Refuses to die. All required logs have been put into the MGLogs.zip file - only one attach. I've run SpyBot which finds smitfraud and removes 'svchost.exe' from C:\Windows where it 'resides' (hides) after booting...
Overview/Intro:
Smit won't let Firefox run at all! Disgusting little thing. Refuses to die.
All required logs have been put into the MGLogs.zip file - only one attach.
I've run SpyBot which finds smitfraud and removes 'svchost.exe' from
C:\Windows where it 'resides' (hides) after booting into Windows XP. SAS
does the same. Logs echo the find and removal of svchost in scans.
The 'good' version of svchost.exe I have is dated 2001 and the file size is
smaller than the infected file that is found and deleted. Combofix finds and
deletes it too.
----------------------------------------------------------------------
"C:\WINDOWS\svchost.exe" 22528 10/13/2008 07:48 PM !!!
"C:\WINDOWS\system32\svchost.exe" 12800 08/23/2001 08:00 AM
"C:\WINDOWS\system32\dllcache\svchost.exe" 12800 08/23/2001 08:00 AM
----------------------------------------------------------------------
I have tried rebooting into Safe Mode with a command prompt so I can check
if svchost.exe is there.
svchost.exe is gone from c:\Windows in Safe Mode with cmd-prompt.
Once Windows XP is loaded and 'settles' down:
(1) The infected svchost.exe file is back,
(2) Firefox will not run or comes up and exits after a few seconds.
I also tried the online scanner that was suggested.
Thanks,
Bill
wpaladin@pipeline.com
Smit won't let Firefox run at all! Disgusting little thing. Refuses to die.
All required logs have been put into the MGLogs.zip file - only one attach.
I've run SpyBot which finds smitfraud and removes 'svchost.exe' from
C:\Windows where it 'resides' (hides) after booting into Windows XP. SAS
does the same. Logs echo the find and removal of svchost in scans.
The 'good' version of svchost.exe I have is dated 2001 and the file size is
smaller than the infected file that is found and deleted. Combofix finds and
deletes it too.
----------------------------------------------------------------------
"C:\WINDOWS\svchost.exe" 22528 10/13/2008 07:48 PM !!!
"C:\WINDOWS\system32\svchost.exe" 12800 08/23/2001 08:00 AM
"C:\WINDOWS\system32\dllcache\svchost.exe" 12800 08/23/2001 08:00 AM
----------------------------------------------------------------------
I have tried rebooting into Safe Mode with a command prompt so I can check
if svchost.exe is there.
svchost.exe is gone from c:\Windows in Safe Mode with cmd-prompt.
Once Windows XP is loaded and 'settles' down:
(1) The infected svchost.exe file is back,
(2) Firefox will not run or comes up and exits after a few seconds.
I also tried the online scanner that was suggested.
Thanks,
Bill
wpaladin@pipeline.com
0 comments:
Post a Comment