Infected by an adware

topgear

Super Moderator
Staff member
Ran a scan from bootable PD today
It found three tojan.win32(which i think were false positive)
deleted them
Will again have to wait and watch

BTW kaspersky has not updated their rescue disk from a long time
its database is outdated. Is there a way to install updates from within windows?(as i would not be able to MBLAZE in its "OS")

Or should i download some other AV's rescue disk?

EDIT: didn't work(again) :(
Think will have to reinstall OS

try AVG or Avira rescue disc - they are updated almost daily ;-)
 
OP
Niilesh

Niilesh

Padawan
Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk
 

topgear

Super Moderator
Staff member
^^ nice.. let us know the result

BTW, my recommendation goes with Avira Rescue disc ;-)
 

ico

Super Moderator
Staff member
ok I missed that. :oops:

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.

C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe

These as well

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 

Rockstar11

Technomancer
Combofix didn't work
It was running the scan for 15 min. but didn't show any sign of progress
my system was lagging like hell. even the clock(near the tray) was not being updated.
I couldn't open even taskmanger. Had to force shutdown

@topgear will download AVG rescue disk

:(......okk
 
OP
Niilesh

Niilesh

Padawan
ok I missed that. :oops:

@OP

Might want to get rid of the following entries? I know they are related to Datacard, but still weird.
C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\DatacardService\HWDeviceService.exe
I think these are useful files. I will probably won't be able to connect without them

These as well
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
These are registry entries right?I do i have to search for these entries in a registry editor and delete them?
 

coderunknown

Retired Forum Mod
^^ you don't have to be 100% latest. these mayn't be 0day worms.

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.
 
OP
Niilesh

Niilesh

Padawan
^^ you don't have to be 100% latest. these mayn't be 0day worms.
I know that but just wanted to inform topgear about it

have you tried emsisoft antimalware. also i have a feeling, this is caused by the damage by worms to system files. the infected files are gone but some registry values are changed.
Ok will try emsisoft antimalware
BTW registry keys can make ads pop up?
 
OP
Niilesh

Niilesh

Padawan
Top Bottom