Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help... Infected With Multiple Things!


  • This topic is locked This topic is locked
4 replies to this topic

#1 blackchaos93

blackchaos93

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:01:54 AM

Posted 03 January 2008 - 01:16 PM

I think I picked up a few viruses and malware on my computer recently. It first started with a rogue anti-virus scanner popping up on my computer. I got rid of it and I thought it was alright. When I logged on today, the computer was very very slow. Running AVG Anti-Spyware, multiple things came up infected with Dropper.Agent.dpo. I can't supply you with a report, sorry. It spread to other applications and also onto the Anti-Spyware itself. Now, my internet browsers, IE and Firefox don't work and my anti-virus/anti-spyware/firewall won't update. I've tried to fix it with Winsockxpfix, but that didn't work.

Also, Spyware Doctor detected Trojan.Virtumonde, Adware.Windows_ControlAd, Adware.Powersearch_Toolbar, Adware.Advertising, Spyware.Known_Bad_Sites, Trojan-PurityScan, Trojan.Downloader.Small.DCU, Adware.WhenU_SaveNow, and Trojan-Downloader.Small.CML.

I tried to remove them, but it looks like they're back.

I posted before, but I really need help. I don't know what it is and I need to get my internet back soon, before school starts again! Sorry for the demands... but I'll really be in trouble with my parents if they find out!

Thank you!
I hate my life :(

BC AdBot (Login to Remove)

 


#2 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:01:54 AM

Posted 03 January 2008 - 01:27 PM

I ran Vundofix and I got this:


VundoFix V6.7.7

Checking Java version...

Scan started at 9:52:16 PM 1/2/2008

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Scan started at 9:28:00 AM 1/3/2008

Listing files found while scanning....

C:\windows\system32\drvpihr.dll
C:\WINDOWS\system32\fccdcby.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\wintuh32.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvpihr.dll
C:\windows\system32\drvpihr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdcby.dll
C:\WINDOWS\system32\fccdcby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\wintuh32.dll Has been deleted!

Performing Repairs to the registry.
Done!
I hate my life :(

#3 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:01:54 AM

Posted 03 January 2008 - 01:48 PM

I also went through the taskbar manager and searched through the startup list here, I came up with a few suspicious files:
lsass.exe
csvss.exe
ehRecvr.exe - I'm not sure what this is, but I've never seen it before
msiexec.exe
dllhost.exe - I'm not sure if I have the Skyblaster Modem or not, I'm pretty sure I don't
spoolsv.exe
rundll32.exe - There are 2 of them running, I don't know which one isn't the real one
NAVAPSVC.EXE - I'm also not sure what this is, but I haven't seen this one before
alg.exe - Not sure about this one
MDM.EXE - Haven't seen this one before, but not too sure
ehsched.exe
HPZimp12.exe
smss.exe - Not sure either
I hate my life :(

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:54 AM

Posted 03 January 2008 - 03:25 PM

Anytime you come across a suspicious file, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center
ThreatExpert Malware Search
If no search results are found, you are given the option to "Submit a New Sample".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

Rundll32.exe is a legit Windows file that loads .dll files which too can be legit or malware related. When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. This includes those .dll files (good or bad) related to Rundll32.exe.

ehRecvr.exe & ehsched.exe are related to Microsoft Media Center software.
DLLhost.exe is the Microsoft DCOM DLL Host Process that manages DLL based applications.
alg.exe is a core process (Application Layer Gateway Service) for Microsoft Windows Internet Connection sharing and Internet connection firewall
navapsvc.exe is a part of the Norton AntiVirus application.
smss.exe is the session manager subsystem process which is responsible for starting the user session.
mdm.exe is running. Mdm.exe is Microsoft's Machine Debug Manager program which is included in Microsoft Visual Studio .NET, Microsoft Office 2007, Microsoft Office 2003, and a Microsoft Office XP post-Service Pack 3 release to provide support for program debugging. This is a non-essential process and if you do not use your computer for debugging purposes, you can safely turn off the Machine Debug Manager.

If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. In your list submit csvss.exe and post back with the results of the file analysis.

...but I'll really be in trouble with my parents if they find out!

Getting infected with malware can happen to anyone. It does not always mean your doing something your not supposed to be doing or surfing to bad websites. You should tell your parents so they can learn and help you prevent things like this.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:54 AM

Posted 03 January 2008 - 05:04 PM

You Have a log posted here.. http://www.bleepingcomputer.com/forums/t/123906/infected-with-multiple-things-help/
This is the second mention . You should NOT make further changes to your computer

Now that your log is properly posted, [b]you should NOT make further changes to your computer
(install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.


To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users