Jump to content

chewy

Beta Team Members
  • Posts

    1,400
  • Joined

  • Last visited

Posts posted by chewy

  1. Stick a single layer blank in and copy the right window(top part) while you are in write mode

     

    That way we can see your burner id and the firmware

     

    What speed of dl verbatim disks are those?

     

    BENQ DVD DD DW1620 B7W9 (ATA)

    Current Profile: DVD+R

  2. Having DT lite installed and not having any problems would seem irrelevant to someone trying to remove a dangerous back door trojan rootkit.

     

    We often see disabling or uninstalling certain legitimate programs as a requirement for cleaning an infection, a simlar analogy would be disabling all filter drivers in an attempt to cleaning the system bus and enabling Imgburn to function.

  3. Disabling or unloading the service may allow another program to kill the sob that loads it at bootup and all the associated files it's been hiding that take over your computer.

     

    There are no quick cures or simple fixes with battling a serious infection except format C

     

    If rootrepeal crashes I would suspect a witches brew of drive emulation like daemon tools light and/or alcohol and/or a hosed system bus.

     

    Of course in your case it may just have been Eset

  4. Until you told us about the infector(uniccodec) all I had to search for was Maximum number of secrets. Searching for uniccodec

    led me to threads where a nasty rootkit was being removed.

     

    The last clue(the infector) solved the puzzle

     

    uniccodec

     

    http://www.bleepingcomputer.com/forums/ind...mp;hl=uniccodec

     

    c:\program files\INSTALL.LOG

    c:\recycler\S-3-7-83-100021929-100011541-100016078-3385.com

    c:\windows\emMON.exe

    c:\windows\setup.exe

    c:\windows\system32\AutoRun.inf

    c:\windows\system32\drivers\gxvxcowqowfilruwevyqfhsrblugdstnncnel.sys

    c:\windows\system32\gxvxccounter

    c:\windows\system32\gxvxcwdynvqlpuoxusqaafouuakouafncrsum.dll

    c:\windows\system32\Memman.vxd

    c:\windows\system32\skinboxer43.dll

     

    2009-04-19 04:11 . 2009-04-19 04:11 -------- d-----w c:\program files\UNICCodec

  5. Maximum number of secrets error, if infected with malware should be easily confirmed by other symptoms, popups, browser redirects and warning from resident security programs.

     

    Such an infection is extremely dangerous as it involves rootkit(s) and backdoor trojans

     

    A complete repartition and format of your hard drive with proper precaution to prevent reinfection is the best option.

     

    Here's the standard response given for such infections

     

    One or more of the identified infections is a rootkit/backdoor trojan.

     

    This allows hackers to remotely control your computer, steal critical system information and download and execute files.

     

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

     

    Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

     

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

     

    Someone may still be able to clean this machine but we can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

     

    Removing such infections and possible repair of damage, usually requires advanced tools and the help of trained experts.

     

    At the bottom of this link is a list of "approved" HJT forums where helpers have received this training.

     

    Expect to wait for help as the training is so intensive there is always a shortage of helpers.

     

    http://www.bleepingcomputer.com/combofix/h...combofix#forums

  6. http://www.bleepingcomputer.com/forums/forum103.html

     

    Post at the Am I Infected forum

     

    or

     

    at the MBAM forum

     

    http://www.malwarebytes.org/forums/index.php?showforum=7

     

    AdvancedSetup and others would be interested in this Imgburn error

     

    Please download GMER from one of the following locations and save it to your desktop:

    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
       
      gmer_zip.gif
       
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.