Infected by an adware

topgear

Super Moderator
Staff member
Ran a scan from bootable PD today
It found three tojan.win32(which i think were false positive)
deleted them
Will again have to wait and watch

BTW kaspersky has not updated their rescue disk from a long time
its database is outdated. Is there a way to install updates from within windows?(as i would not be able to MBLAZE in its "OS")

Or should i download some other AV's rescue disk?

EDIT: didn't work(again) :(
Think will have to reinstall OS

try AVG or Avira rescue disc - they are updated almost daily ;-)
 
OP
Niilesh

Niilesh

Padawan
Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk
 

topgear

Super Moderator
Staff member
^^ nice.. let us know the result

BTW, my recommendation goes with Avira Rescue disc ;-)
 

skeletor

Chosen of the Omnissiah
He already post HJT Log on post 12:
*www.thinkdigit.com/forum/1608173-post12.html
ok I missed that. :oops:

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.

C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe

These as well

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 

Rockstar11

Technomancer
Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk

:(......okk
 
OP
Niilesh

Niilesh

Padawan
ok I missed that. :oops:

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.
C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
I think these are useful files. I will probably won't be able to connect without them

These as well
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
These are registry entries right?I do i have to search for these entries in a registry editor and delete them?
 

coderunknown

Retired Forum Mod
^^ you don't have to be 100% latest. these mayn't be 0day worms.

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.
 
OP
Niilesh

Niilesh

Padawan
^^ you don't have to be 100% latest. these mayn't be 0day worms.
I know that but just wanted to inform topgear about it

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.
Ok will try emsisoft antimalware
BTW registry keys can make ads pop up?
 

topgear

Super Moderator
Staff member
Ran scan with AVG rescue disk
It didn't detect any infections :|
BTW they dont update every day, latest one was dated 12th march



Ok, thanx will delete them

that's why I recommended Avira Rescue Disc ... ;-)

Download Avira AntiVir Rescue System
 

skeletor

Chosen of the Omnissiah
These are registry entries right?I do i have to search for these entries in a registry editor and delete them?
No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu
 

Sujeet

Undead!!!
No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu

:+1:

Arguably Most Productive and Work-Oriented OS We have..No need worry about virus atleast.
 
OP
Niilesh

Niilesh

Padawan
Update:Ads seem to magically disappeared
No. Delete them using HijackThis. It gives you an option to fix.

If nothing works, get out of your Windows misery and start using Homepage | Ubuntu
Deleted them.
BTW i have an old pc(will buy a lappy in a month)
I think will have to use xubuntu

that's why I recommended Avira Rescue Disc ... ;-)

Download Avira AntiVir Rescue System
will try if ads again appear
 
Top Bottom