Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.
DO NOT RUN ComboFix unless requested to.
Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.
When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.
Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
All instructions have been followed and i have a few queries:
Appears the files are no longer locked using the Inherit program, but why do they still show as "hidden files" (the color of the ICON is lighter than the other icons i see)? I also see a folder in my C drive called "ProgramData". Was this folder created by the malware/virus? i don't ever recall seeing this in the past.
i'm also getting an error message stating that my recycle bin in my C drive is corrupt. is this another effect from the malware/virus?
Thanks!
This post has been edited by martian421: 16 February 2012 - 08:11 PM
Appears the files are no longer locked using the Inherit program, but why do they still show as "hidden files" (the color of the ICON is lighter than the other icons i see)? I also see a folder in my C drive called "ProgramData". Was this folder created by the malware/virus? i don't ever recall seeing this in the past.
Run this for the hidden files and that folder is a legit folder
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Scanning for 3470339 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DUDU-PC
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: Thursday, February 16, 2012 20:08
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '35' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '37' Module(s) have been scanned
Scan process 'firefox.exe' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'vssvc.exe' - '55' Module(s) have been scanned
Scan process 'avscan.exe' - '90' Module(s) have been scanned
Scan process 'avcenter.exe' - '85' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '39' Module(s) have been scanned
Scan process 'swxcacls.exe' - '26' Module(s) have been scanned
Scan process 'conhost.exe' - '28' Module(s) have been scanned
Scan process 'cmd.exe' - '25' Module(s) have been scanned
Scan process 'Inherit.exe' - '44' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '96' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'ForceField.exe' - '84' Module(s) have been scanned
Scan process 'wfcrun32.exe' - '62' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '32' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'vpnui.exe' - '80' Module(s) have been scanned
Scan process 'concentr.exe' - '42' Module(s) have been scanned
Scan process 'igfxpers.exe' - '33' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'sched.exe' - '41' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'IswSvc.exe' - '74' Module(s) have been scanned
Scan process 'Explorer.EXE' - '178' Module(s) have been scanned
Scan process 'Dwm.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'vpnagent.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '159' Module(s) have been scanned
Scan process 'svchost.exe' - '124' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'conhost.exe' - '24' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '73' Module(s) have been scanned
Scan process 'services.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '491' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
Beginning disinfection:
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4a4d1dc5.qua'.
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '52da3262.qua'.
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0085688a.qua'.
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '66b22748.qua'.
C:\TDSSKiller_Quarantine\05.02.2012_09.39.46\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
[NOTE] The file was moved to the quarantine directory under the name '23360a76.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5c2d3817.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1095145d.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6c8d540d.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '41d77b40.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.44.35\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
[NOTE] The file was moved to the quarantine directory under the name '58bf40da.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0009.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '34e36cea.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0008.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '455a557f.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0005.dta
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b4065b8.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0004.dta
[DETECTION] Is the TR/Rootkit.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e691cfa.qua'.
C:\TDSSKiller_Quarantine\02.02.2012_16.35.25\mbr0000\tdlfs0000\tsk0001.dta
[DETECTION] Is the TR/Alureon.FK.99 Trojan
[NOTE] The file was moved to the quarantine directory under the name '07621851.qua'.
End of the scan: Thursday, February 16, 2012 21:33
Used time: 1:23:22 Hour(s)
The scan has been done completely.
16237 Scanned directories
298702 Files were scanned
15 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
15 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
298687 Files not concerned
1368 Archives were scanned
0 Warnings
15 Notes
347249 Objects were scanned with rootkit scan
0 Hidden objects were found
al the files were in this folder - C:\TDSSKiller_Quarantine so they are not a problem and you can even remove the folder so it does not happen again
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Back to top
