Aliexe Hijack Log
Hey guys can you look at this please 
/applications/core/interface/file/attachment.php?id=2196" data-fileid="2196" rel="">hijackthis.log
Comments
-
Upload this files on http://www.virustotal.com/ and leave here the test link !
F:\Documents and Settings\Mark Gower\Desktop\postcard.exe0 -
Upload this files on http://www.virustotal.com/ and leave here the test link !
Thanking you will do now
Upload this files on http://www.virustotal.com/ and leave here the test link !
Sorry I don't know how to find it
F:Documents and SettingsMark GowerDesktoppostcard.exe0 -
Didi you check on your Desktop ?!
0 -
Didi you check on your Desktop ?!
Yes I did and also used windows search to check all the drive and it found nothing
F:\Documents and Settings\Mark Gower\Desktop\postcard.exe this is what I used in my search...0 -
Yes I did and also used windows search to check all the drive and it found nothing
F:\Documents and Settings\Mark Gower\Desktop\postcard.exe this is what I used in my search...
Update Spyware Doctor reports 5 infections of Trojan-downloader.Exemas.B and 1 infection of Win32 Backdoor.Bandok
It can remove them and if you scan again their back
0 -
Type postcard.exe in your Search !!!
0 -
Type postcard.exe in your Search !!!
Thanks will do now0 -
Thanks will do now
No still can't find it and searched in hidden file and folders too, also all of drive F ..
0 -
Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !0 -
Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !
Thanks champ
ok will post back as soon as it's finished ...0 -
Your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here + another HijackThis log !
Right had some trouble when Combofix rebooted windows as some programs restarted and the one causing the problem was Norton System Works stopping some scripts from Combofix from running (only doing it's job ) so I had to use task manager to shut that down../applications/core/interface/file/attachment.php?id=2224" data-fileid="2224" rel="">ComboFix.txt
/applications/core/interface/file/attachment.php?id=2225" data-fileid="2225" rel="">hijackthis.log
0 -
The thinks look good now !
For your safety, run a system scan with Bitdefender Online && SUPERAntiSpyware (free edition) !0 -
The thinks look good now !
For your safety, run a system scan with Bitdefender Online && SUPERAntiSpyware (free edition) !
Hi again http://www.bitdefender.com/scan8/ie.html is running as we speak but it's not in a hurry, has been running over 1hr and says est 7.50hrs left
0 -
If you have a big HDD, please wait !
Do somethin' else, put leave BD to finish the scan !0 -
If you have a big HDD, please wait !
Do somethin' else, put leave BD to finish the scan !
Hi I did let run
It estimated the time but took 4hrs to run so half the time was ok...
The most important thing it's all clean after the scan but after reboot it's back
" /> it's in the start up reg and it was also clean after running superantispyware until the reboot too!!
superantispyware finds it and removes it and if you scan again it's back." />0 -
Hmmm....
Let's try this : download Malwarebytes' Anti-Malware and run a complete scan !
Clean all the mallware after the scan !0 -
Hmmm....
Let's try this : download Malwarebytes' Anti-Malware and run a complete scan !
Clean all the mallware after the scan !
Well we're winning nothing was found using Malwarebytes and now when rebooting at startup I get the windows error noise and a box appears saying windows can't find the file called ali.exe and so on.
Some of the bug is left behind here, I've added a couple of screen shots to show you
0 -
Deactivate ali.exe from statup !
Ali.exe is a trojan !
It was deleted !
Uncheck that from startup0 -
Deactivate ali.exe from statup !
Ali.exe is a trojan !
It was deleted !
Uncheck that from startup
Hey again crysty2k5, If I uncheck it from start up it replaces it self straight away..
0 -
Please read this : http://forum.bitdefender.com/index.php?showtopic=3307
0 -
Hello mag,
Can you please download sdfix from here. Double click on it allow it to install in C:\SDFIX
Now reboot your pc into safe by pressing several times on the F8 button before the windows splash screen select safe mode press enter. Log in with your account. Now go to C:\SDFIX and double click on RunThis.bat Type y to start the cleaning process. When it finishes you will be prompted to press any key on your keyboard do that. Once you are in normal mode wait till you see finished and press again any key now you will get back on your desktop. Please post the content of Report into your next reply.
Best regards,
Niels0 -
Hello mag,
Can you please download sdfix from here. Double click on it allow it to install in C:SDFIX
Now reboot your pc into safe by pressing several times on the F8 button before the windows splash screen select safe mode press enter. Log in with your account. Now go to C:SDFIX and double click on RunThis.bat Type y to start the cleaning process. When it finishes you will be prompted to press any key on your keyboard do that. Once you are in normal mode wait till you see finished and press again any key now you will get back on your desktop. Please post the content of Report into your next reply.
Best regards,
Niels
Hey thanks Niels' Will do now as you stated above, I'll reply when finishedHello mag,
Can you please download sdfix from here. Double click on it allow it to install in C:SDFIX
Now reboot your pc into safe by pressing several times on the F8 button before the windows splash screen select safe mode press enter. Log in with your account. Now go to C:SDFIX and double click on RunThis.bat Type y to start the cleaning process. When it finishes you will be prompted to press any key on your keyboard do that. Once you are in normal mode wait till you see finished and press again any key now you will get back on your desktop. Please post the content of Report into your next reply.
Best regards,
Niels
OK 1 report ready for viewingOK 1 report ready for viewing
But it's back again" />/applications/core/interface/file/attachment.php?id=2246" data-fileid="2246" rel="">report.txt
0 -
Turn off System Restore !
Pack this file F:\Windows\system32\ali.exe in a zip or rar archive protected by the password infected and attach it here !
Reboot in Safe Mode and delete F:\Windows\system32\ali.exe
Then, disable it from statup !0 -
Hello mag,
I can see a trace of an infection in the sdfix log. What I let you do was just making a logfile so I can see if I see suspecious entry.
Please download killbox from here.Double click on it to run. In the Full path section please type this or copy this:
F:\WINDOWS\SoftwareDistribution\Download\e80b3f6bcac336a99ba82da063d253e5\BITA.tmp Select the option delete on reboot now press on the button that looks like a red circle with a white cross inside. You will be asked to reboot choose yes.
Can you find a file called bupl.dll inside the windows folder?
Best regards
Niels0 -
Hello mag,
I can see a trace of an infection in the sdfix log. What I let you do was just making a logfile so I can see if I see suspecious entry.
Please download killbox from here.Double click on it to run. In the Full path section please type this or copy this:
F:WINDOWSSoftwareDistributionDownloade80b3f6bcac336a99ba82da063d253e5BITA.t
mp Select the option delete on reboot now press on the button that looks like a red circle with a white cross inside. You will be asked to reboot choose yes.
Can you find a file called bupl.dll inside the windows folder?
Best regards
Niels
Thanks again.
F:WINDOWSSoftwareDistributionDownloade80b3f6bcac336a99ba82da063d253e5BITA.t
mp is what I put in for killbox and it said it has been removed by an outside program..
Also I couldn't find bupl.dll inside the windows folder...Turn off System Restore !
Pack this file F:Windowssystem32ali.exe in a zip or rar archive protected by the password infected and attach it here !
Reboot in Safe Mode and delete F:Windowssystem32ali.exe
Then, disable it from statup !
system restore is now off!!
And I will check out the rest..system restore is now off!!
And I will check out the rest..
So far Spybot SD is stopping it in the black and white list for Registry changes
No windows error noises anymore but haven't rebooted it yet..
Will report back with my findingTurn off System Restore !
Pack this file F:Windowssystem32ali.exe in a zip or rar archive protected by the password infected and attach it here !
Reboot in Safe Mode and delete F:Windowssystem32ali.exe
Then, disable it from statup !
There is no file to pack now only a reference to it if that makes sence0 -
Hello mag,
Can you please make a new combofix and hijack this log. Please also navigate to F:\WINDOWS\SoftwareDistribution\Download\e80b3f6bcac336a99ba82da063d253e5 see if BITA.tmp is still there. Do you mean by reference that there is still a trace in msconfig? To be able to remove that you can follow the instructions that were given in the topic that crysty2k5 referred to in this topic.
That is good sign that you couldn't find bupl.dll.
Best regards,
Niels0 -
Hello mag,
Can you please make a new combofix and hijack this log. Please also navigate to F:WINDOWSSoftwareDistributionDownloade80b3f6bcac336a99ba82da063d253e5 see if BITA.tmp is still there. Do you mean by reference that there is still a trace in msconfig? To be able to remove that you can follow the instructions that were given in the topic that crysty2k5 referred to in this topic.
That is good sign that you couldn't find bupl.dll.
Best regards,
Niels
Hello Niels,
A new Combofix + Hijack this log will be done soon..Hello Niels,
A new Combofix + Hijack this log will be done soon..
Right here goes../applications/core/interface/file/attachment.php?id=2253" data-fileid="2253" rel="">log.txt
/applications/core/interface/file/attachment.php?id=2254" data-fileid="2254" rel="">hijackthis.log
0 -
Hello mag,
I can't see anything suspecious anymore both into your hijackthis log and combofix log.
Best regards,
Niels0 -
First of all, Happy Birthday mag !
The logs are clean...
Do you still have problems ?!0 -
Hello mag,
I can't see anything suspecious anymore both into your hijackthis log and combofix log.
Best regards,
Niels
Hello Niels,
All seems good but still have the Windows Error noise going off here and there
Apart from that working very well..
Thanks..First of all, Happy Birthday mag !
The logs are clean...
Do you still have problems ?!
Thanks for the b/day wishes crysty2k5
The only problem is as I said in the reply to Niels but that aside all is good.
Thanks..
Hey guys just had this "The system has recovered from a serious error." it shut down while using the PC and that was on the screen after it re-started itself..
Also this 20-30sec after
0 -
Hello mag,
Sorry a bit late but still a Happy Birthday.
For concerning the windows error can you please do this. Press the windows button together with r now type eventvwr press enter. Now open the application and system logbooks and post the error entries here that occured when you had that error message.
Best regards,
Niels0 -
Hello mag,
Sorry a bit late but still a Happy Birthday.
For concerning the windows error can you please do this. Press the windows button together with r now type eventvwr press enter. Now open the application and system logbooks and post the error entries here that occured when you had that error message.
Best regards,
Niels
A bit late for B/day is not a problem.. Thanks Niels
Ok will post the error entries..A bit late for B/day is not a problem.. Thanks Niels
Ok will post the error entries..
Todays errors.../applications/core/interface/file/attachment.php?id=2259" data-fileid="2259" rel="">report1.txt
0 -
Hello mag,
Can you please do the following once you are in the evenviewer doubleclick on the error entries. Please press on the icon that looks like 2 piece of paper now press on paste once you are in notepad. I know that it's my fault but I needed a description of the errormessage. Sorry for that. Can you please do that and attach it also in a new txt file. When does it normally happens that windows error noise? What are you doing at that particular moment?
Best regards,
Niels0 -
Hello mag,
Can you please do the following once you are in the evenviewer doubleclick on the error entries. Please press on the icon that looks like 2 piece of paper now press on paste once you are in notepad. I know that it's my fault but I needed a description of the errormessage. Sorry for that. Can you please do that and attach it also in a new txt file. When does it normally happens that windows error noise? What are you doing at that particular moment?
Best regards,
Niels
Hi Niels, sorry but I'm still not sure what you mean "looks like 2 piece of paper" so is this correct
/applications/core/interface/file/attachment.php?id=2264" data-fileid="2264" rel="">report.txt
0 -
Hello mag,
My problem is that I don't know how it's called in English. No, you first need to double click on an entry. First you need to left click on an entry that has an error sign a red circle with a white cross inside. So it will high light in blue. After that double click on it. If you have done that then you should see an icon that looks like 2 papers.
Best regards,
Niels0 -
Hello mag,
My problem is that I don't know how it's called in English. No, you first need to double click on an entry. First you need to left click on an entry that has an error sign a red circle with a white cross inside. So it will high light in blue. After that double click on it. If you have done that then you should see an icon that looks like 2 papers.
Best regards,
Niels
Hello Niels,
2 pages ?? But I don't speak English I speak "Australian"
" /> 
Now I think I've got it and went back as far as the error that shut down the P.C../applications/core/interface/file/attachment.php?id=2274" data-fileid="2274" rel="">new.txt
0 -
Hello mag,
Thanks for the information. From what I looked the problem might be caused by Zonealarm and Norton update service. So if understand it correctly your pc automatically reboot or shutdown itself? If that is the case can you please do the following : click on start,right click on my computer choose properties,advanced,press on the settings button that is located under the startup and repair (recover) settings (it could have a different name because I don't know how it's called in Australian (English). Under Write Debugging Information select minidump. Once it again appears can you please do this click on start,my computer,windows,Minidump,attach the dmp file (that are all the files that are stored in that folder). Be sure to not send any error reports to Microsoft before copying the dmp file otherwise the minidump folder will be empty.
Best regards,
Niels0 -
Hello mag,
Thanks for the information. From what I looked the problem might be caused by Zonealarm and Norton update service. So if understand it correctly your pc automatically reboot or shutdown itself? If that is the case can you please do the following : click on start,right click on my computer choose properties,advanced,press on the settings button that is located under the startup and repair (recover) settings (it could have a different name because I don't know how it's called in Australian (English). Under Write Debugging Information select minidump. Once it again appears can you please do this click on start,my computer,windows,Minidump,attach the dmp file (that are all the files that are stored in that folder). Be sure to not send any error reports to Microsoft before copying the dmp file otherwise the minidump folder will be empty.
Best regards,
Niels
Thanks very much for your information Niels + your English is fine
0
