securitycheck gives me an error it cant find securitycheck.bat
Moving on to farbar
Printable View
securitycheck gives me an error it cant find securitycheck.bat
Moving on to farbar
Farbar Service Scanner Version: 14-04-2013
Ran by Meo (administrator) on 15-05-2013 at 19:43:36
Running from "C:\Users\Meo\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-04-10 21:56] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9
C:\Windows\system32\dnsrslvr.dll
[2011-04-14 00:45] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 04:23] - [2008-01-21 04:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\wscsvc.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 04:25] - [2008-01-21 04:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
C:\Windows\system32\es.dll
[2009-01-15 15:44] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465
C:\Windows\system32\cryptsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-04-10 22:00] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
Ok just got done with worlds slowest virusscanner eset online scanner thing took hours.
It found something though where all the other scanners didnt find a thing.
see below.
C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean
C:\Windows\System32\drivers\netbt.sys.dump Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
Standing by.
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\System32\drivers\netbt.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
SHA256: f5e1e4528ca8545e5f7c74c958d7f64796fb729de5cae144e6c7f7cb4c0734a9
Bestandsnaam: netbt.sys
Detectieverhouding: 19 / 46
Datum van analyse: 2013-05-15 23:08:31 UTC (0 minuten geleden)
0
0
Meer gegevens
Analyse
Bestandsgegevens
Aanvullende informatie
Reacties
Stemmen
Virusscanner Resultaat Versie
Agnitum 20130515
AhnLab-V3 20130515
AntiVir TR/Patched.Gen 20130516
Antiy-AVL 20130515
Avast Win32:Sirefef-BEV [Rtk] 20130516
AVG 20130516
BitDefender Gen:Variant.Symmi.20259 20130516
ByteHero 20130513
CAT-QuickHeal 20130515
ClamAV 20130515
Commtouch 20130515
Comodo UnclassifiedMalware 20130515
DrWeb 20130516
Emsisoft Trojan.Win32.Sirefef.AMN (A) 20130516
eSafe 20130513
ESET-NOD32 Win32/Sirefef.DA 20130515
F-Prot 20130515
F-Secure Gen:Variant.Symmi.20259 20130515
Fortinet W32/Kryptik.AYHZ!tr 20130516
GData Gen:Variant.Symmi.20259 20130516
Ikarus Rootkit.Win32.ZAccess 20130515
Jiangmin 20130515
K7AntiVirus Virus 20130515
K7GW Virus 20130515
Kaspersky 20130516
Kingsoft 20130506
Malwarebytes 20130515
McAfee Artemis!CE8D311EAFB7 20130516
McAfee-GW-Edition Artemis!CE8D311EAFB7 20130515
Microsoft 20130516
MicroWorld-eScan Gen:Variant.Symmi.20259 20130516
NANO-Antivirus 20130515
Norman Kryptik.BDPT 20130515
nProtect 20130515
Panda Trj/CI.A 20130515
PCTools 20130515
Sophos 20130516
SUPERAntiSpyware 20130516
Symantec 20130516
TheHacker 20130514
TotalDefense 20130515
TrendMicro 20130516
TrendMicro-HouseCall TROJ_GEN.F47V0505 20130516
VBA32 20130515
VIPRE Lookslike.Win32.Sirefef.z (v) 20130516
ViRobot 20130515
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box and paste it into the main textfield:
Code::filefind
netbt.sys
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
done.
SystemLook 30.07.11 by jpshortstuff
Log created at 19:04 on 16/05/2013 by Meo
Administrator - Elevation successful
========== filefind ==========
Searching for "netbt.sys"
C:\Windows\snack\netbt.sys --a---- 184320 bytes [09:54 01/05/2013] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\drivers\netbt.sys ------- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] CE8D311EAFB7FBA83920351FAD56843E
-= EOF =-
Did you create some "snack" folder in Windows directory:
C:\Windows\snack
I uploaded netbt.sys file from my Vista installation here: http://www.sendspace.com/file/9d7wsk since you don't have any healthy replacement.
Download it and paste it to the root C:\ directory.
Re-run System Look so I can see the file is in a right location.
No i didnt create any folder in there. NO idea where the snack folder came from.
Its the vista that came preinstalled with the acer laptop - although that most likely should not make any difference in the makeup of the operating system- just tought id mention it.
i put the new downloaded file in the c:/ Root
SystemLook 30.07.11 by jpshortstuff
Log created at 23:25 on 16/05/2013 by Meo
Administrator - Elevation successful
========== filefind ==========
Searching for "netbt.sys"
C:\netbt.sys --a---- 185856 bytes [21:21 16/05/2013] [21:21 16/05/2013] ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\snack\netbt.sys --a---- 184320 bytes [09:54 01/05/2013] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\drivers\netbt.sys ------- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] CE8D311EAFB7FBA83920351FAD56843E
-= EOF =
1. Please open Notepad (Start>All Programs>Accessories>Notepad).
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:FCopy::
C:\netbt.sys | C:\Windows\System32\drivers\netbt.sys
Folder::
C:\Windows\snack
ClearJavaCache::
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
https://discussions.virtualdr.com/im.../2016/03/2.gif
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
got the combo fix on for 20 minutes now and its still doing the operation pretty sure somethings wrong gonna reboot and try to do it in safe mode.
OK...
Still with me?
hmmm.. it didnt work
I took off for the weekend. back again, report later today gonna retry
otherwise il comeback with the error message.
Did you try to run Combofix fix from safe mode?
Still with me?
Ive been real busy since my off time is over.
i'l try to come back to this somewhere during the week but i'l have to see.
I'd appreciate it if you can keep the thread open because i will get back to finish this.
regardless though thanks for all the help so far in cleaning up my laptop
il try to get back to this this week
Still with me?
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.