Help
This topic is locked
- Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir - Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Infected with 'Internet Security' and unable to boot on any safe mode Unable to regain Internet access. tdsskiller.exe can't load driver
#46
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 12 February 2012 - 06:38 AM
Please go to http://virscan.org/
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
Back to top
#47
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 12 February 2012 - 07:25 AM
when trying to upload C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir to http://virscan.org/ I got the following error message:
Error: returned status code 403 Forbidden
The elapsed time keep ticking, but the current position is stuck on 0/(0%)
Error: returned status code 403 Forbidden
The elapsed time keep ticking, but the current position is stuck on 0/(0%)
#48
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 12 February 2012 - 07:37 AM
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#49
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 12 February 2012 - 04:45 PM
http://virusscan.jotti.org/ loaded the file and checked it with different antivirus programs. Their logs are found below.
2012-02-12 Found nothing 2012-02-11 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-09 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-10 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-11 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-09 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
2012-02-12 Found nothing 2012-02-10 Found nothing
2012-02-12 Found nothing 2012-02-12 Found nothing
#50
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 13 February 2012 - 03:29 AM
C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir
SHA256: 1f4ea90c74eaeaba632f3528884d670aaa1d58f0b14f5a30c7d5bdce4e76422c
SHA1: d057a13127fa2f2a1fcfd734ba6081acfb1b66b0
MD5: 526874efe8d1f0ec1b7bbb87d5c433e6
File size: 84.0 KB ( 86016 bytes )
File name: C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-02-13 08:27:33 UTC ( 0 minutes ago )
00
Antivirus Result Update
AhnLab-V3 - 20120213
AntiVir - 20120213
Antiy-AVL - 20120212
Avast - 20120212
AVG - 20120213
BitDefender - 20120213
ByteHero - 20120211
CAT-QuickHeal - 20120213
ClamAV - 20120213
Commtouch - 20120213
Comodo - 20120213
DrWeb - 20120213
Emsisoft - 20120213
eSafe - 20120213
eTrust-Vet - 20120211
F-Prot - 20120213
F-Secure - 20120213
Fortinet - 20120213
GData - 20120213
Ikarus - 20120213
Jiangmin - 20120212
K7AntiVirus - 20120211
Kaspersky - 20120213
McAfee - 20120213
McAfee-GW-Edition - 20120212
Microsoft - 20120213
NOD32 - 20120213
Norman - 20120212
nProtect - 20120213
Panda - 20120212
PCTools - 20120207
Prevx - 20120213
Rising - 20120210
Sophos - 20120213
SUPERAntiSpyware - 20120206
Symantec - 20120213
TheHacker - 20120212
TrendMicro - 20120213
TrendMicro-HouseCall - 20120213
VBA32 - 20120210
VIPRE - 20120213
ViRobot - 20120213
VirusBuster - 20120212
SHA256: 1f4ea90c74eaeaba632f3528884d670aaa1d58f0b14f5a30c7d5bdce4e76422c
SHA1: d057a13127fa2f2a1fcfd734ba6081acfb1b66b0
MD5: 526874efe8d1f0ec1b7bbb87d5c433e6
File size: 84.0 KB ( 86016 bytes )
File name: C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-02-13 08:27:33 UTC ( 0 minutes ago )
00
Antivirus Result Update
AhnLab-V3 - 20120213
AntiVir - 20120213
Antiy-AVL - 20120212
Avast - 20120212
AVG - 20120213
BitDefender - 20120213
ByteHero - 20120211
CAT-QuickHeal - 20120213
ClamAV - 20120213
Commtouch - 20120213
Comodo - 20120213
DrWeb - 20120213
Emsisoft - 20120213
eSafe - 20120213
eTrust-Vet - 20120211
F-Prot - 20120213
F-Secure - 20120213
Fortinet - 20120213
GData - 20120213
Ikarus - 20120213
Jiangmin - 20120212
K7AntiVirus - 20120211
Kaspersky - 20120213
McAfee - 20120213
McAfee-GW-Edition - 20120212
Microsoft - 20120213
NOD32 - 20120213
Norman - 20120212
nProtect - 20120213
Panda - 20120212
PCTools - 20120207
Prevx - 20120213
Rising - 20120210
Sophos - 20120213
SUPERAntiSpyware - 20120206
Symantec - 20120213
TheHacker - 20120212
TrendMicro - 20120213
TrendMicro-HouseCall - 20120213
VBA32 - 20120210
VIPRE - 20120213
ViRobot - 20120213
VirusBuster - 20120212
#51
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 13 February 2012 - 06:35 AM
We need to execute a ComboFix script.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy-paste the text in the code box below into it:
4. Save this as CFScript.txt, in the same location as ComboFix.exe
5. Refering to the picture above, drag CFScript into ComboFix.exe
6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy-paste the text in the code box below into it:
DeQuarantine:: C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir Quit::
4. Save this as CFScript.txt, in the same location as ComboFix.exe
5. Refering to the picture above, drag CFScript into ComboFix.exe
6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#52
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 13 February 2012 - 07:24 AM
C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\DMXLauncher.exe.vir -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe ( 86016 bytes )
#53
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 13 February 2012 - 07:33 AM
Please go to C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DMXLauncher.reg.dat and rename MSConfigStartUp-DMXLauncher.reg.dat to MSConfigStartUp-DMXLauncher.reg and double click on it to merge it to the registry, restart the computer afterward and check if the CD is being detected.
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#54
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 13 February 2012 - 07:56 AM
I just ran MSConfigStartUp-DMXLauncher.reg and restarted the computer. Unfortunately, the CD rom still does not read CD. I tried data and music cds and they don't work.
#55
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 13 February 2012 - 08:37 AM
Can you see the CD Rom drive inside My Computer?
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#56
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 13 February 2012 - 08:42 AM
Yes, I can see the CD rom drive inside My computer. It displays as DVD-RW drive (D:)
#57
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 13 February 2012 - 11:25 AM
Let's check for a possible missing driver.
- Go to Control Panel > Performance and Maintenance > Administrative tools.
- Double click on Computer management > select Device Manager.
- It will display everything connected to your computer.
- Look for any entry with red or yellow exclamation points.
- Let me know in your next reply if you see any.
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#58
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 13 February 2012 - 06:27 PM
There are two unrelated but expected red entries:
1. Cisco VPN network adapter
2. Nokia E71 portable device
there is nothing in yellow.
I even showed hidden devices and did not find anything additional to the list above.
FYI. The DVD/CD-rom drive is
_NEC DVD+-RW ND6650A and windows identifies it as a device that is working properly.
1. Cisco VPN network adapter
2. Nokia E71 portable device
there is nothing in yellow.
I even showed hidden devices and did not find anything additional to the list above.
FYI. The DVD/CD-rom drive is
_NEC DVD+-RW ND6650A and windows identifies it as a device that is working properly.
#59
- noypi
-
- Group: Malware Response Team
- Posts: 5,161
- Joined: 30-June 06
- Gender:Male
- Location:3 stars and a sun
Posted 13 February 2012 - 08:28 PM
Have you tested different CD's? When a Cd or DVD is inserted, does it still show "DVD-RW drive (D:)"?
~Semp
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
You can help me continue the fight against malware by making a donation, Thank you.
If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)
#60
- Member
-
- Group: Members
- Posts: 48
- Joined: 01-February 12
Posted 14 February 2012 - 07:32 AM
sempai, on 13 February 2012 - 08:28 PM, said:
Have you tested different CD's?
Yes, I have tested different CDs that work fine in other computers.
sempai, on 13 February 2012 - 08:28 PM, said:
When a Cd or DVD is inserted, does it still show "DVD-RW drive (D:)"?
I just tested a DVD and it displays the same 'DVD-RW drive (D:)' that it displays when a CD is inserted.
I paid close attention to the CD rom behaviour. This is what it does:
1. On the event of getting a CD (or DVD) it attempts to read it. I can hear it working.
2. The cursor displays a white solid arrow with a CD.
3. Windows explorer freezes for a moment and then resumes but cannot load the contents of the CD.
4. My computer displays the drive as 'DVD-RW drive (D:)'.
