TommyBoy

Member
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About TommyBoy

  • Rank
    Member
  1. I've been prompted to restart 3 times today, what's going on? It's interrupting work edit, i've rebooted 4 times now it says it's up to date
  2. That DLL i mentioned being 'riding' on a lot of differnet processes was a "LSP" (layered service provider) that put itself in the IP stack via Winsock 2. Running: netsh winsock reset seemed to fix it in my VM. Now I'm trying to determine if it did anything else. Windows, gotta love ol' Microsoft.
  3. Further I don't think EEK found it. I believe what came up in my relative's scan was something else. What I did was root it out in C:\Users\dombo\AppData\Local\DesktopTemperature, deleting EXEs as i killed the processes. The DLL in that folder seems to ride on a lot of different processes and could not be deleted without a reboot (of course i lost my teamviewer connection) I killed any references to it in startup items, now my relative's pc is in the state mentioned in the first post
  4. I recreated the infection on a VM, I don't want to post where I found the malware on a public forum. I'll PM the mod who responded with an hxxp:\\url.tld version of the URL
  5. One of my relatives got this "Desktop Temperature Monitor" which seems to block Firefox, and in Internet Explorer constantly redirect to ads. I was able to remove it during a teamviewer session by running EEK, but now any browsers or new teamviewer sessions cannot connect to the internet. I did check the connections tab in IE and it hasn't got a proxy defined. Their Intel Proset Wireless icon indicates LAN connection and Internet connection. I suspect the system is still set to their proxy (or similar) and I need some ammo before I pick up the laptop on Tuesday. Anyone have any experience with this one? Thank you in advance.
  6. reboot of file server did allowed me to successfully use /service switch with commandline scanner again.
  7. FYI, our file server nightly commandline scan failed last night and it looks like the /service switch is the culprit. EAM auto updated to v9, and I don't know if the server needs a reboot to reload the service or what. I'll try a reboot this evening and test it again. Else, I'll just remove /service from the call.
  8. I bought the license and I have a key but I don't know what to do with it. Please help.
  9. Console server, and desired target computers are on domain, netbios enabled, with firewalls off. How does host discovery work?