Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
jimmyf
regular


Reg'd: Thu
Posts: 58
Re: help with father-in-laws hijack this log please
      Fri Feb 15 2008 09:38 AM
Reply to this post Reply   Reply to this post Quote  

hi joe,
thats all that was saved under combofix.txt,however this has been saved as cflog


C:\>prompt $

title .

color 17

set "cfldr=327882R2FWJFW"

set param_="C:\Documents and Settings\david douglas\Desktop\CFScript.txt"

if defined param_ set param_="C:\Documents and Settings\david douglas\Desktop\CFScript.txt"

if defined param_ set param_="C:\Documents and Settings\david douglas\Desktop\CFScript.txt"

cd /d "C:\"

if not exist "327882R2FWJFW" goto Abort

if exist "C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" 2>nul

"327882R2FWJFW\Nircmd.com" win close ititle "ComboFix"

copy /y/b/v C:\WINDOWS\system32\cmd.exe "327882R2FWJFW\kmd.exe" 1>nul 2>&1

For /F "tokens=*" %g in ("C:\Downloads\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)

If /I "C:\Downloads\" NEQ "C:\" If exist "C:\Downloads\kmd.exe" del "C:\Downloads\kmd.exe" 2>nul

If not defined FileName goto END

DIR /AD/B | C:\WINDOWS\System32\FindStr.exe -IVX ComboFix 1>dirname00

C:\WINDOWS\System32\FindStr.exe -LIXC:"ComboFix" dirname00 1>nul 2>&1 && call :NameChk

del /Q dirname0? 2>nul

If exist "ComboFix" DIR /AD "ComboFix" 1>nul 2>&1 && (
rd /s/q "ComboFix" 2>nul
If exist "ComboFix" (
pushd "327882R2FWJFW"
call pid.bat
popd
rd /s/q "ComboFix" 2>nul
)
If exist "ComboFix" (
"327882R2FWJFW\handle.cfexe" "C:\ComboFix" | "327882R2FWJFW\SED.cfexe" -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | "327882R2FWJFW\Handle.cfexe" -p %g -c %h 1>nul
del /q temp00 2>nul
rd /s/q "ComboFix" 2>nul
)
)

If exist "ComboFix" rd /s/q "ComboFix" 2>nul

If not exist "ComboFix" Ren "327882R2FWJFW" "ComboFix" 1>nul 2>&1

If exist "327882R2FWJFW" goto AbortB

set cfldr=

Start "." /d"C:\ComboFix" "C:\ComboFix\kmd.exe" /c " "C:\ComboFix\c.bat" "C:\Documents and Settings\david douglas\Desktop\CFScript.txt" "

"ComboFix\nircmd.com" execmd del Start_.cmd

del Start_.cmd

hope thats what you require.
cheers
jim

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* help with father-in-laws hijack this log please jimmyf Tue Feb 12 2008 11:06 AM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Tue Feb 12 2008 02:28 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Tue Feb 12 2008 06:08 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Wed Feb 13 2008 05:23 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Thu Feb 14 2008 10:17 AM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Thu Feb 14 2008 10:40 AM
. * * Re: help with father-in-laws hijack this log please jimmyf   Fri Feb 15 2008 09:38 AM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Fri Feb 15 2008 01:23 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Fri Feb 15 2008 02:31 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Fri Feb 15 2008 04:06 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Sat Feb 16 2008 11:19 AM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Sat Feb 16 2008 06:23 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Sun Feb 17 2008 10:01 AM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Sun Feb 17 2008 07:09 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Mon Feb 18 2008 01:05 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Mon Feb 18 2008 02:38 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Tue Feb 19 2008 04:41 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Tue Feb 19 2008 04:44 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Tue Feb 19 2008 08:56 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Tue Feb 19 2008 10:08 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Thu Feb 21 2008 07:42 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Fri Feb 22 2008 09:26 AM
. * * Re: help with father-in-laws hijack this log please jimmyf   Fri Feb 22 2008 08:35 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Fri Feb 22 2008 09:04 PM
. * * Re: help with father-in-laws hijack this log please jimmyf   Fri Feb 22 2008 09:24 PM
. * * Re: help with father-in-laws hijack this log please Joe_LondonModerator   Wed Feb 13 2008 09:11 AM

Extra information
0 registered and 11 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved