What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

╔► ★ Mobilarian Lab ★ ◄╗

superreggaemaniaks

superreggaemaniaks

 
 
Symbianize Angel
Star Member
Rare Diamond Member
Messages
2,876
Reaction score
836
Points
818
Na infect ka ba sa pamamagitan ng isang program na natagpuan mo sa internet? Naka pag download o install ka ba ng programs na sa tingin mo ay posibleng infected ngunit hindi ka sigurado, i-post mo dito at makakuha ng solusyon mula sa ating mga dedikadong miyembro ng ating komunidad.

Pwede mo rin ipa analyze dito sa Mobilarian Lab yung URL ng isang website kung sa tingin mo ay phishing site sya o may bahid ng drive-by download.​


Para kanino itong Thread na ito?​

Sagot: Para po sa lahat ng mga ka Mobiz natin.

Paano ba?:
Sagot: Simple lang ka mobiz, i post lang po natin ang log file na magi generate at i aanalyze namin kung clean ba o infected ang system mo at para na rin mabigyan ka ng idea kung pano maalis sa pinakamadaling pamamaraan.

Paalala:​

Itong thread na ito ay solely for analyzing your system. Huwag po tayong mag post ng mga ganito:

1. "Hihingi po ako ng Anti-Virus" Sagot: ( meron na pong mga free AV's na pwede ma download sa forums, just use our search engine.)

2."Bat ganun ang AV ko di ko ma update.. Atbp." Sagot: ( Hindi po ito thread para ma troubleshoot ang problema ng mga anti-virus na naka installed sa system natin)

3."Pahingi ng serial o crack sa AV ko" Sagot: (Use search engine)

4."Nice thread salamat dito, bookmark at subscribe muna dito" Sagot: (Kung maari lang po sana ay gawin natin malinis ang thread na ito kasi ito ay mahalaga at makaktulong sa mga ka Mobiz)

5."Nako mas maganda ang AV ko malufet waste of time ito!" Sagot: ( kung sa tingin nyo ay di makakatulong eh huwag na kayo mag post dito)


Ano ba ang gagawin?​

Sagot: I download nyo lang hijackthis sa link at i run sa system nyo. .After nyan i post nyo dito ang Log na magi generate nya at wait nyo po sagot ( depende sa availabilty ng mga ka Mobiz natin)



HiJackThis Direct Link​





Heto naman sa baba ay sa para ay mga aggressive tools na link NOTE: ( Huwag nyo muna i run hanggat di pa kami nag sasabi na gamitin ito kasi malakas na aggresive tools ito.)

ComboFix Direct Link
Note:
Working only on Windows 8 and older platforms


Paunawa:

Ang approach na gagawin natin dito ay passive at aggresive approach. Una i scan lang natin ang system natin using HJT which is only generate log report , ito po yung passive approach. Pangalawa, kung sakaling infected ang system nyo, gagamit na tayo ng aggresive approach gaya ng CBF at MWB o ibang tools.

Lahat ng mag ki query dito ay need na mag post ng kanilang mga logs mula sa umpisa hanggang sa matapos ang proseso.


========================================

At don sa Analysis sa mga URL paki post nalang dito yung URL para ma analyze.
Salamat!
 
Last edited:
Re: Symbianize Lab


Hello superreggaemaniaks! Nakita ko ang thread mo sa mga unanswered threads, looks interesting and helpful. Nakita ko sa ibang forums may ganito din silang thread, sticky pa. :D

Hindi ako masyadong satisfied sa AV na gamit ko, naexperienced ko kasi last 2 weeks ago na mabagal ang pagrespond ng aking keyboard kapag nagta-type, am afraid victim ako ng keylogger, wag naman sana. Naka-attached yung log ng PC ko.

Thanks!
 

Attachments

  • hijackthis-chizcarl.log.txt
    8.9 KB · Views: 248
Re: Symbianize Lab

@Sir Chiz

You can delete this sir:

C:\Users\PC3\Documents\vbag keygen\vBagX1.25Keygen.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

Kindly run Combo Fix in safe mode at post your log again. .
 
Re: Symbianize Lab


Thanks! That was fast ... Konting objection ... Yung "C:\Users\PC3\Documents\vbag keygen\vBagX1.25Keygen.exe" iyan kasi ang keygen na gamit ko kapag may nagrerequest ng activation codes, pwedeng hindi burahin? :giggle:

Also tomorrow morning ko na lang i-run yung combofix, kasi baka magtaka si IT Manager, mas maaga kasi ako sa kanya napasok kaya free time ko twing 8AM. :thanks:

 
Re: Symbianize Lab

chizcarl said:

Thanks! That was fast ... Konting objection ... Yung "C:\Users\PC3\Documents\vbag keygen\vBagX1.25Keygen.exe" iyan kasi ang keygen na gamit ko kapag may nagrerequest ng activation codes, pwedeng hindi burahin? :giggle:

Also tomorrow morning ko na lang i-run yung combofix, kasi baka magtaka si IT Manager, mas maaga kasi ako sa kanya napasok kaya free time ko twing 8AM. :thanks:

Click to expand...

Kung kayang i save mo po sa flash drive yung keygen na di ma aapektuhan yung .exe nya . . may nakita ako na infected ka nga at na alis naman ng Av mo kaso need pa rin ma sure na 100% clean ang system mo sir. . Basta run combofix in safe mode at post ulit yung logs nya dito. at ask ko sir ano po ito "Skillbrains" running sya sa AppData mo at process.
 
Re: Symbianize Lab

Opo itay, masusunod po. :weep:
Yung Skillbrains? Iyon po ang pangalan ng Manufacturer ng LighShot, screenshot application po, nagra-run po sya in background. Sure will do that, but tomorrow morning pa po ah? :pray:
 
Re: Symbianize Lab

Pa Check :yipee:
 

Attachments

  • HijackThis.txt
    10.6 KB · Views: 90
Re: Symbianize Lab

eto po sa akin sir..
 

Attachments

  • hijackthis.txt
    7.9 KB · Views: 47
Re: Symbianize Lab

ok po sir.. will post later.. :)
 
Re: Symbianize Lab

eto po sa combofix sir..

naguninstall pa ako ng eset.. hehe
 

Attachments

  • ComboFix.txt
    27.8 KB · Views: 34
Re: Symbianize Lab

quark said:
eto po sa combofix sir..

naguninstall pa ako ng eset.. hehe
Click to expand...

Done. . sa sunod sir ingat ingat sa pag open ng mga tools na nada download mo.
Kindly scan HiJackThis and post the log again.
 
Last edited:
Re: Symbianize Lab

superreggaemaniaks said:

Done. . sa sunod sir ingat ingat sa pag open ng mga tools na nada download mo.
Kindly scan HiJackThis and post the log again.
Click to expand...

ok sir.. thanks.. alin po ung tools na harmful sir?

will post later sir..
 
Follow up consultation ni chiz


Good morning! Done running ComboFix in Safemode. Here is the log of Hijack: View attachment 72302

* Hindi ko po nakita yung "C:\Users\PC3\Documents\vbag keygen\vBagX1.25Keygen.exe" sa unang log ng Hijack. :noidea:
 

Attachments

  • chizcarl-hijackthis-after-combofix-scan.log.txt
    8.4 KB · Views: 24
Re: Symbianize Lab

eto na po sir ang bagong scan ng hijack...
 

Attachments

  • hijackthis.txt
    7 KB · Views: 7
Re: Follow up consultation ni chiz

chizcarl said:

Good morning! Done running ComboFix in Safemode. Here is the log of Hijack: View attachment 517793

* Hindi ko po nakita yung "C:\Users\PC3\Documents\vbag keygen\vBagX1.25Keygen.exe" sa unang log ng Hijack. :noidea:
Click to expand...

Done sir.. Ur clean now, kindly update the virus definition of your malwarebytes. Yung mga file is missing paki delete na lang po.
 
Re: Symbianize Lab

ako po din sir... salamat
 

Attachments

  • hijackthis.log.txt
    9.3 KB · Views: 5
You must log in or register to reply here.

Similar threads

drexsho
Mabilisang kita habang nag enjoy ka!! Pasok!
Replies
0
Views
198
drexsho
drexsho
drexsho
Sabay Sabay na tayo kumita!!! wag na palampasin!!!
Replies
0
Views
247
drexsho
drexsho
pandot
Mga Koleksyo ng Teoryang Konspirata
Replies
0
Views
200
pandot
pandot
Chakman
Kailan Tuluyang Matatapos ang mga Labanan?—Ano ang Sinasabi ng Bibliya?
Replies
0
Views
83
Chakman
Chakman
I
RANSOMWARE
Replies
2
Views
513
EasyCure
E
Back
Top Bottom