Re: It's Snark hunting time again:)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Update on progress.

Still can't access the MBAM site so there's still a redirect in action
somewhere although the Hosts file is ok. Managed to download the latest
version from a mirror site but that wouldn't update either of course as it
couldn't access the MBAM site. Managed to find the latest MBAM rules.ref
file from a link which uses the IP address rather than the domain name. Here
it is if it helps anyone else.

http://74.208.12.180/malwarebytes/mbam-rules.exe

Run the executable and it loads the Rules.ref file into the relevant place
in Documents and Settings.

Cool, so finally able to run MBAM with the latest update and it
found.....absolutely nothing. Drat.

Back to basics. Had a look through the Windows and System32 directories by
my lonesome just to see if anything stuck out as being odd. First thing I
found was eSellerateEngine.dll in the Windows directory. Googled it and
definitely nasty so that got deleted but didn't solve the uploader problem.

I've worked my way through my HijackThis logs and deleted a few Registry
redirects and other minor oddities and the only thing I'm left with that
looks wrong is a running process C:\Windows\Explorer.EXE spelled exactly
like that with capitalised first letter and capitalised EXE. I think it
should just be explorer.exe.

So that's what I've got my hopes pinned on. Just got to find out what's
causing it now.

Time to ask the chaps in Bleepingcomputer I think.
--
Dave Baker



Re: It's Snark hunting time again:)


Quoted text here. Click to load it

Hmmm, maybe not. Looking at other people's logs it seems to be spelled like
that normally. Bugger.
--
Dave Baker



Re: It's Snark hunting time again:)

Dave Baker wrote:
Quoted text here. Click to load it

Hello Dave:

FYI - explorer /is/ C:\WINDOWS\explorer.exe on several of my systems
and is 1,010 KB in length.  HTH

Almost always, we suggest you run SAS in *Safe Mode* in conjunction
with MBAM.  The freeware version my be had at:

               <http://www.superantispyware.com/

Good luck,

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: It's Snark hunting time again:)

1PW wrote:
Quoted text here. Click to load it

If there's some name specific issue you might try:
209.62.68.168

Re: It's Snark hunting time again:)


| Update on progress.

| Still can't access the MBAM site so there's still a redirect in action
| somewhere although the Hosts file is ok. Managed to download the latest
| version from a mirror site but that wouldn't update either of course as it
| couldn't access the MBAM site. Managed to find the latest MBAM rules.ref
| file from a link which uses the IP address rather than the domain name. Here
| it is if it helps anyone else.

| http://74.208.12.180/malwarebytes/mbam-rules.exe

| Run the executable and it loads the Rules.ref file into the relevant place
| in Documents and Settings.

| Cool, so finally able to run MBAM with the latest update and it
| found.....absolutely nothing. Drat.

| Back to basics. Had a look through the Windows and System32 directories by
| my lonesome just to see if anything stuck out as being odd. First thing I
| found was eSellerateEngine.dll in the Windows directory. Googled it and
| definitely nasty so that got deleted but didn't solve the uploader problem.

| I've worked my way through my HijackThis logs and deleted a few Registry
| redirects and other minor oddities and the only thing I'm left with that
| looks wrong is a running process C:\Windows\Explorer.EXE spelled exactly
| like that with capitalised first letter and capitalised EXE. I think it
| should just be explorer.exe.

| So that's what I've got my hopes pinned on. Just got to find out what's
| causing it now.

| Time to ask the chaps in Bleepingcomputer I think.
| --
| Dave Baker


Please run a full scan using Gmer.

http://www.gmer.net /

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline