cjohn

Member
  • Content count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About cjohn

Profile Information

  • OS
    XP Pro x86
  1. Too time consuming. Out of the question.
  2. No, I haven't use any keygen/crack for a long time. Here is the online scan report: C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\00000001.@ a variant of Win32/Sirefef.CR trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\000000c0.@ Win32/Conedex.A trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\000000cf.@ Win32/Conedex.A trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\80000000.@ probably a variant of Win32/Sirefef.FA trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000c0.@ Win32/Sirefef.EN trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000cb.@ a variant of Win32/Sirefef.FL trojan C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000cf.@ Win32/Sirefef.DV trojan C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Win32/Patched.HN trojan C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe Win32/Patched.HN trojan But none of them can be cleaned. Any further measure to be taken?
  3. Here it is: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.12, October 2010 Started On Wed Oct 27 13:11:05 2010 WARNING: Security policy doesn't allow for all actions MSRT may require. Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 27 13:11:44 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.12, October 2010 Started On Wed Oct 27 13:17:44 2010 WARNING: Security policy doesn't allow for all actions MSRT may require. Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 27 13:18:20 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.13, November 2010 Started On Wed Nov 10 12:35:43 2010 ->Scan ERROR: resource process://pid:2180 (code 0x00000005 (5)) Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 10 12:37:19 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.14, December 2010 Started On Thu Dec 16 09:55:32 2010 Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 16 09:57:09 2010 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.15, January 2011 Started On Wed Jan 12 09:30:21 2011 Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 12 09:36:04 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.16, February 2011 Started On Wed Feb 09 11:46:49 2011 Engine internal result code = 80508015 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 09 11:51:27 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.17, March 2011 Started On Thu Mar 10 12:12:35 2011 ->Scan ERROR: resource process://pid:1832 (code 0x00000490 (1168)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 12:15:21 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.17, March 2011 Started On Fri Apr 01 13:17:04 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 01 13:22:04 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.18, April 2011 Started On Thu Apr 14 18:03:07 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 14 18:05:43 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.18, April 2011 Started On Wed Apr 27 11:45:34 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 27 11:53:04 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.19, May 2011 Started On Wed May 11 09:09:10 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 09:11:40 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.20, June 2011 Started On Wed Jun 15 09:34:49 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 15 09:37:07 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.21, July 2011 Started On Wed Jul 13 10:29:54 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 10:32:55 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v3.22, August 2011 Started On Wed Aug 10 09:28:15 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 09:31:14 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.0, September 2011 Started On Wed Sep 14 07:27:49 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 07:30:28 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.0, September 2011 Started On Wed Sep 28 21:57:00 2011 ->Scan ERROR: resource process://pid:1816 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2372 (code 0x00000490 (1168)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 28 21:59:42 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.1, October 2011 Started On Wed Oct 12 10:24:45 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 12 10:27:09 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.2, November 2011 Started On Wed Nov 09 21:56:31 2011 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 21:58:46 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.3, December 2011 Started On Wed Dec 14 19:42:49 2011 ->Scan ERROR: resource rootkit:// (code 0x0000054F (1359)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 14 19:45:17 2011 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.4, January 2012 Started On Wed Jan 11 21:46:55 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 11 21:49:08 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.5, February 2012 Started On Wed Feb 15 20:54:30 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 15 20:57:27 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.6, March 2012 Started On Tue Mar 13 18:29:50 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 13 18:32:42 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.7, April 2012 Started On Wed Apr 11 11:22:20 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 11 11:32:57 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.8, May 2012 Started On Thu May 10 23:54:34 2012 ->Scan ERROR: resource rootkit:// (code 0x0000054F (1359)) Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu May 10 23:57:16 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.9, June 2012 Started On Wed Jun 13 00:47:30 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 00:50:02 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.10, July 2012 Started On Tue Jul 10 19:49:08 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 10 19:51:51 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.11, August 2012 Started On Thu Aug 16 20:58:56 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 21:01:55 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.12, September 2012 Started On Wed Sep 12 02:06:13 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 02:08:52 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.13, October 2012 Started On Wed Oct 10 16:13:39 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 16:16:32 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.14, November 2012 Started On Sat Nov 17 17:32:51 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 17 17:35:56 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.15, December 2012 Started On Thu Dec 13 01:14:21 2012 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 01:17:08 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013 Started On Wed Jan 09 22:18:07 2013 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 22:21:04 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013 Started On Tue Feb 12 20:16:26 2013 Quick Scan Results for 56F05F79-C63B-4FBC-8C81-A34537370F19: ---------------- ->Scan ERROR: resource rootkit:// (code 0x0000054F (1359)) Threat detected: TrojanDropper:Win32/Sirefef.B file://C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X SigSeq: 0x0000B378189736F0 SHA1: 72745000207FF4261713407035983239611AE6C2 winlogonshell://HKCU@S-1-5-21-1482476501-1532298954-839522115-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X Threat detected: Trojan:Win32/Sirefef.H driver://Serial file://C:\WINDOWS\system32\DRIVERS\serial.sys SigSeq: 0x00009C7852D46378 SHA1: 073D45D442D82FDB8B08C063DAE0A5ECF39CE997 Threat detected: Trojan:Win32/Sirefef.O file://C:\WINDOWS\3326800765:2181870905.exe SigSeq: 0x00001020ABA6821F SHA1: F5F7AF21AD46782C562291A280482216DAFA6204 regkey://HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\7df34ac6 Threat detected: Trojan:Win32/Sirefef.BB file://C:\WINDOWS\assembly\GAC_MSIL\desktop.ini SigSeq: 0x00000555145B4DD0 SHA1: 4721B18F4F974FC9D889CC160EA08ED0F93CFB04 Quick Scan Removal Results ---------------- Start 'remove' for regkey://HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\7df34ac6 Operation succeeded ! Start 'remove' for winlogonshell://HKCU@S-1-5-21-1482476501-1532298954-839522115-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X Operation succeeded ! Start 'remove' for driver://Serial Operation was scheduled to be completed after next reboot. Start 'remove' for file://\\?\C:\WINDOWS\system32\DRIVERS\serial.sys Operation succeeded ! Start 'remove' for file://\\?\C:\WINDOWS\assembly\GAC_MSIL\desktop.ini Operation succeeded ! Start 'remove' for file://\\?\C:\WINDOWS\3326800765:2181870905.exe Operation succeeded ! Start 'remove' for file://\\?\C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X Operation succeeded ! Results Summary: ---------------- For cleaning Trojan:Win32/Sirefef.H, the system needs to be restarted. Found Trojan:Win32/Sirefef.BB and Removed! Found Trojan:Win32/Sirefef.O and Removed! Found TrojanDropper:Win32/Sirefef.B and Removed! Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 20:22:50 2013 Return code: 10 (0xa) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013 Started On Tue Feb 12 20:24:41 2013 Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 20:25:47 2013 Return code: 6 (0x6)
  4. Hi all, Yesterday, I installed the latest Windows Update, which includes some Windows Malicious Software Remover (maybe not exactly this name, but almost it). After installed, it starts up and reports that some virus or malware are found, asking me whether to remove it. Of course I clicked yes. So far so good, and then I turned off my notebook and went to bed. But today, when I started up my XP system (SP3), in the bottom-right tray, it always saying that it is "acquiring network address". It is forever in this state, though I can connect to the internet and "ipconfig" in the console shows that my notebook already got assigned a DHCP address. Later, I googled this symptom, and found that it is because NLA (Network Location Awareness) service didn't get started. OK, I tried to start the service, but come across the following error: Error 127: The specified procedure could not be found. I tried "sfc /scannow" while inserting my Dell Windows XP Reinstallation CD. After the process is finished, the problem remains the same. Looks like something is wrong with the svchost process, but I don't know what the problem is. I have a vague impression that the Windows Malicious Software Remover removed some virus/malware in svchost. Is it the cause? But the removing process is irreversible, so I don't have a way to test it. I tried Windows Update, and it says my system is up to date. At my wit's end now. Hopefully, I can get some suggestions here.
  5. Thanks for your head-up, ilko! Also found the hint from the description of 1.0 beta8 in the beginning of this thread: Thanks a lot!
  6. By the way, I am still curious why 0.2.3 version can't recognize the harddisk for the install destination, while 1.0 beta8 can. Any hint here?
  7. For the sake of convenience, I changed the SATA mode from AHCI to Compatible. Now it doesn't prompt me for the file 'iaStor.sys" any more. Hopefully, this would complete the installation without any other glitch. By the way, would there be any performance issue if the SATA mode is changed to Compatible? And, how to integrate the SATA/AHCI driver files (iastor.cat, iastor.sys, iastor.inf, iastor.x86 - if downloaded from Intel site) into the USB drive? I understand that I should integrate these driver files into the XPSP3 ISO file first, using nLite. Then I create the bootable USB XP setup system with WinSetupFromUSP 1.0 beta8 again, with the integrated ISO file. Am I right? Many thanks, ilko! Update1: Just when I am writing this reply, the installation is finished without any further glitch, without bothering me about this 'iaStore.sys' stuff any more, :-) Update2: Searching for the answer to the 'iaStor.sys' problem redirected me to this thread, #1741 in page 88: This finding makes me blushed.
  8. Definitely, this is a better tool than WinToFlash. The latest version of WinToFlash was unable to find the harddisk of my Lenovo R60, so I didn't have a destination to install XP into. The same problem happened with WinSetupFromUSP 0.2.3 (the stable version). But today when I tried the version 1.0 beta8, the harddrive could be found, so that the installation could continue. Yet in the second pass of installation, another problem popped up: The file 'iaStor.sys' on Intel Rapid Storage Technology Driver is needed. It looks to be the harddisk driver, isn't it? I didn't know where to get it, so clicked the 'Cancel' button to skip it and continue the installation. But after the second pass is finished, when the third pass begins, the installed XP can't be started, citing some fatal error on a blue screen. Any help here?