Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ultimate Defender


  • Please log in to reply
1 reply to this topic

#1 genesis379

genesis379

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 19 August 2007 - 10:46 PM

I have the Ultimate Defender virus and my Bitdefender doesnt seem to recognize it. I saved that combofix to the desktop and this is what i got.

ComboFix 07-08-17.2 - "HP_Owner" 2007-08-20 7:22:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.141 [GMT 4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free\Data\ProductCode
C:\DOCUME~1\HP_Owner\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\HP_Owner\APPLIC~1\SystemDoctor Free\Logs\update.log
C:\DOCUME~1\HP_Owner\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\HP_Owner\Desktop\Error Cleaner.url
C:\DOCUME~1\HP_Owner\Desktop\Privacy Protector.url
C:\DOCUME~1\HP_Owner\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\HP_Owner\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\HP_Owner\FAVORI~1.\Spyware&Malware Protection.url
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\err.log
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\duocore.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\wmpconf.dll
C:\WINDOWS\wmpenv.dll
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-20 07:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 06:12 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Bitdefender
2007-08-20 05:49 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-20 05:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-08-17 06:23 <DIR> d-------- C:\Program Files\InterActual
2007-08-07 23:36 <DIR> d-------- C:\Program Files\PCFriendly
2007-08-03 21:16 <DIR> d-------- C:\DOCUME~1\HP_Owner\Shared
2007-08-03 21:16 <DIR> d-------- C:\DOCUME~1\HP_Owner\Incomplete
2007-08-03 21:15 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\LimeWire
2007-08-03 21:14 <DIR> d-------- C:\Program Files\LimeWire
2007-07-22 05:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-22 05:57 <DIR> d-------- C:\Program Files\Yahoo!


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 06:14 --------- d-------- C:\Program Files\Symantec
2007-08-20 06:14 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-23 02:41 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-07-19 10:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 05:21 --------- d-------- C:\Program Files\iTunes
2007-07-19 05:15 --------- d-------- C:\Program Files\iPod
2007-07-19 05:11 --------- d-------- C:\Program Files\QuickTime
2007-07-19 05:08 --------- d-------- C:\Program Files\Apple Software Update
2007-07-19 05:07 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-13 03:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 18:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 18:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 18:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 18:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 18:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 18:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 18:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 18:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 18:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 18:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 18:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 18:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 18:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 18:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 18:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 18:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 18:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 18:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 18:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 18:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 12:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 12:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 12:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 11:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 10:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 10:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 17:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 17:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 14:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 14:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="c:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2006-11-21 16:15]
"BDAgent"="c:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-10-11 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00]
"SpySweeper"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 13:28:24]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-04-24 22:13:09]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-04-24 22:14:58]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R2 MotorolaDAP;Motorola Digital Audio Player Manager;C:\WINDOWS\system32\MotorolaDAP.exe
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe"


Contents of the 'Scheduled Tasks' folder
2007-08-03 18:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 07:31:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-20 7:35:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 07:35

--- E O F ---

What do i do next???

BC AdBot (Login to Remove)

 


m

#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:58 AM

Posted 21 August 2007 - 04:34 PM

Please download the HijackThis Installer
Save to the Desktop.
Double-click on HJTInstall.exe to install the program.
A prompt appears showing that, by default, it installs to C:\Program Files\Trend Micro\HijackThis
Click: Install

At the main screen of the program, click on: Do a system scan and save a log file
When done scanning, click Save log

Save to an easy to find location, and post the HijackThis log in your reply.

Edited by Aaflac, 21 August 2007 - 04:39 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users