Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Monder.gen And Virtumonde.yeb


  • This topic is locked This topic is locked
11 replies to this topic

#1 cmdubie

cmdubie

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 13 June 2008 - 01:55 AM

I am running McAfee Personal Firewall and Virus protection (seriously thinking about changing now). McAfee Virus Scan and Ad Aware 2008 do not detect anything.

Kaspersky online log, DSS main.txt, and DSS extra.txt attached.. I have tried to delete some of the .dll files listed as threats on Kaspersky but most of them reappear. I decided I better not try anymore without consulting people who know more than me.

Please help me rid my computer of these nasties.


Attached File  Kaspersky_log.html   5.97KB   34 downloads

Attached File  DSS_main.txt   19.05KB   30 downloads

Attached File  DSS_extra.txt   11.38KB   33 downloads

Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 14 June 2008 - 02:54 PM

Hi

First of all, Please copy & paste all logs to your thread unless asked to attach them. It makes them easier to refer to ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 cmdubie

cmdubie
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 14 June 2008 - 10:06 PM

Sorry about the attaching. . .

I'm not sure if I ran ComboFix correctly. The instructions aren't clear for the Vista Recovery Environment. I booted with the CD to the System Recovery Options screen > Choose a recovery Tool but was unsure where to go from there. I chose restart, with the Vista DVD still in the drive, let Windows boot, and ran ComboFix with all Virus detection and Firewalls disabled.

I should also note that McAfee did update since my last post. I ran another full scan and McAfee did remove some files it labelled as Vundo trojan also. So if there is any discrepancy between previous logs and these logs, that may be why.

Here are the logs from MBAM and ComboFix. Everything seems better now but I'm sure you'd like to verify that yourself.

Malwarebytes' Anti-Malware 1.17
Database version: 856

10:16:50 PM 6/14/2008
mbam-log-6-14-2008 (22-16-50).txt

Scan type: Quick Scan
Objects scanned: 36720
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Chad y Sol\AppData\Local\Temp\vtUlKBSj.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\389e7f8d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3bad4c11 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Chad y Sol\AppData\Local\Temp\vtUlKBSj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Chad y Sol\AppData\Local\Temp\wwilweme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chad y Sol\Local Settings\Temporary Internet Files\Content.IE5\JYNCK7H8\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chad y Sol\Local Settings\Temporary Internet Files\Content.IE5\PLM9AE73\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Chad y Sol\AppData\Local\Temp\sbquyqgq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Chad y Sol\AppData\Local\Temp\xeoqxsmq.dll (Trojan.Agent) -> Delete on reboot.


ComboFix 08-06-12.2 - Chad y Sol 2008-06-14 22:41:51.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1737 [GMT -4:00]
Running from: C:\Users\Chad y Sol\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 21:26 . 2008-06-14 21:26 <DIR> d-------- C:\Users\Chad y Sol\AppData\Roaming\Malwarebytes
2008-06-14 21:26 . 2008-06-14 21:26 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-14 21:26 . 2008-06-14 21:26 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-14 21:26 . 2008-06-14 21:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 21:26 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-14 21:26 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-12 04:13 . 2008-06-12 04:13 <DIR> d-------- C:\Deckard
2008-06-12 02:59 . 2008-06-12 02:59 <DIR> d-------- C:\Windows\Sun
2008-06-12 02:57 . 2008-06-12 02:58 <DIR> d-------- C:\Program Files\Java
2008-06-12 02:57 . 2008-06-12 02:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 02:27 . 2008-06-12 02:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 10:49 . 2008-06-11 10:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-11 03:06 . 2008-04-24 22:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 03:06 . 2008-04-25 00:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 03:06 . 2008-05-09 21:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 23:55 . 2008-06-10 23:57 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-10 23:55 . 2008-06-10 23:57 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-10 12:32 . 2008-06-10 12:32 <DIR> d-------- C:\Program Files\Flagship Studios
2008-06-10 00:15 . 2008-06-10 00:15 <DIR> d-------- C:\Program Files\Firaxis Games
2008-06-09 12:10 . 2008-06-09 12:19 <DIR> d-------- C:\Program Files\Thief - Deadly Shadows
2008-06-09 00:07 . 2008-06-09 00:07 <DIR> d-------- C:\Program Files\Reality Pump
2008-06-09 00:03 . 2008-06-09 00:03 <DIR> d-------- C:\Windows\System32\AGEIA
2008-06-09 00:03 . 2008-06-10 23:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 00:03 . 2008-06-09 00:04 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-08 23:24 . 2008-06-08 23:24 331 --a------ C:\Windows\doom3.ini
2008-06-08 23:06 . 2008-06-08 23:26 <DIR> d-------- C:\Program Files\DOOM 3
2008-06-08 21:29 . 2008-06-08 21:29 1 --a------ C:\Windows\System32\SI.bin
2008-06-08 18:45 . 2008-06-08 21:34 <DIR> d-------- C:\Program Files\Ubisoft
2008-06-08 17:55 . 2008-06-08 17:55 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-06-08 17:42 . 2008-06-08 17:42 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games
2008-06-08 17:41 . 2008-06-08 17:41 <DIR> d-------- C:\Users\Chad y Sol\AppData\Roaming\InstallShield
2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Users\Chad y Sol\AppData\Roaming\Apple Computer
2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Program Files\iTunes
2008-06-03 23:46 . 2008-06-03 23:46 <DIR> d-------- C:\Program Files\iPod
2008-06-03 23:44 . 2008-06-03 23:46 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-03 23:44 . 2008-06-03 23:46 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-03 23:44 . 2008-06-03 23:45 <DIR> d-------- C:\Program Files\QuickTime
2008-06-03 23:43 . 2008-06-03 23:43 <DIR> d-------- C:\Users\All Users\Apple
2008-06-03 23:43 . 2008-06-03 23:43 <DIR> d-------- C:\ProgramData\Apple
2008-06-03 23:43 . 2008-06-03 23:43 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 01:10 . 2008-05-31 02:29 <DIR> d-------- C:\Users\Chad y Sol\CD and DVD Images
2008-05-28 06:45 . 2008-05-28 06:45 99,264 --a------ C:\Windows\System32\drivers\AnyDVD.sys
2008-05-28 04:59 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 04:59 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-28 01:12 . 2008-05-29 03:08 <DIR> d-------- C:\Windows\nvtmpinst
2008-05-28 01:11 . 2008-03-12 16:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-05-28 00:58 . 2008-05-28 00:58 <DIR> d-------- C:\PerfLogs
2008-05-28 00:36 . 2008-05-28 00:27 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-28 00:36 . 2008-05-28 00:27 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-28 00:32 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-28 00:32 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-28 00:32 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-28 00:29 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-28 00:28 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-28 00:27 . 2008-05-28 00:37 327,680 --a------ C:\Windows\SPInstall.etl
2008-05-27 23:34 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-05-27 23:33 . 2008-06-10 12:40 <DIR> d-------- C:\Users\All Users\media center programs
2008-05-27 23:33 . 2008-06-10 12:40 <DIR> d-------- C:\ProgramData\media center programs
2008-05-27 22:51 . 2008-05-27 22:51 <DIR> d-------- C:\Program Files\Funcom
2008-05-27 22:49 . 2008-05-27 22:49 <DIR> d-------- C:\Users\All Users\Funcom
2008-05-27 22:49 . 2008-05-27 22:49 <DIR> d-------- C:\ProgramData\Funcom
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 19:02 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\uTorrent
2008-06-11 16:41 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 03:59 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\Lavasoft
2008-06-11 03:59 --------- d-----w C:\Program Files\Lavasoft
2008-06-10 04:37 --------- d-----w C:\Program Files\Microsoft Games
2008-06-10 04:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 04:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 00:48 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\HP
2008-05-31 06:11 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\ImgBurn
2008-05-31 05:10 --------- d-----w C:\ProgramData\DVD Shrink
2008-05-29 07:09 --------- d-----w C:\ProgramData\NVIDIA
2008-05-28 05:07 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 05:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-28 05:01 --------- d-----w C:\Program Files\Windows Calendar
2008-05-28 05:00 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-28 05:00 --------- d-----w C:\Program Files\Windows Journal
2008-05-28 05:00 --------- d-----w C:\Program Files\Windows Defender
2008-05-28 05:00 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-28 04:41 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-28 04:40 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-29 15:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-29 03:46 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\Printer Info Cache
2008-04-29 03:46 --------- d-----w C:\Users\Chad y Sol\AppData\Roaming\Image Zone Express
2008-04-16 07:47 --------- d-----w C:\ProgramData\Adobe Systems
2008-04-16 07:42 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 03:04 --------- d-----w C:\Program Files\ElcomSoft
2008-04-11 21:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 07:10 2120640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 20:05 200704]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 09:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 09:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 09:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Users\Chad y Sol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B90827B2-DACE-4A86-A6F1-CF3F2C034083}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{A59D1CF1-20E0-43CD-A582-0A5B0796B67F}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{795F0A89-8E73-4E3D-BF6A-46569DB5DBF1}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{DBB32584-809C-4FD9-9EBC-A87291396994}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D0DCB2D5-CD2C-4CDC-9AD2-62BF0B094A11}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F983FA40-FB3A-4697-97F4-8E2C341FA6CF}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{37944FB5-82DC-476E-B4BC-FEE11D801CC5}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\FlashGet Network\\Flashget\\FlashGet.exe"= C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\\FlashGet Network\\Flashget\\LiveUpdate.exe"= C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"= C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\\Program Files\\PPTV\\PPTV.exe"= C:\Program Files\PPTV\PPTV.exe:*:Enabled:PPTV


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:20:00 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:20:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 22:43:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-14 22:45:16
ComboFix-quarantined-files.txt 2008-06-15 02:44:14

Pre-Run: 148,239,609,856 bytes free
Post-Run: 148,250,836,992 bytes free

182 --- E O F --- 2008-06-11 16:23:43

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 15 June 2008 - 03:08 PM

HI

Looking better :thumbsup:

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

THEN ...

Please run & post a new KASPERSKY ONLINE SCANNER 7 REPORT

This time please be sure to select my computer in the select a target to scan: ..

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 cmdubie

cmdubie
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 June 2008 - 09:58 PM

Already had CCleaner. . .set it up with everything you asked and ran it.

I ran Kaspersky again. One funny thing is happening when I hit the button to save the report. It asks me for the location to save to and when I choose the location and hit save it appears to work but I can't see the file when navigating to where I KNOW it saved. But when I go back to save again, and navigate to the folder through the Save window, I can see the previous file that I just saved. Finally I just navigated to My Documents on another computer and saved it there. Might this be related somehow?

Here is the log. . .I don't like what it says.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 23:02:18
Records in database: 869588
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 161956
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:43:32


File name / Threat name / Threats count
C:\Deckard\System Scanner\20080613002107\backup\Users\CHADYS~1\AppData\Local\Temp\gos2C5B.tmp Infected: Trojan-Downloader.Win32.Injecter.uo 1
C:\Deckard\System Scanner\20080613002107\backup\Users\CHADYS~1\AppData\Local\Temp\gosE740.tmp Infected: Trojan-Downloader.Win32.Injecter.uo 1
C:\Deckard\System Scanner\20080613002107\backup\Users\CHADYS~1\AppData\Local\Temp\iifecdCU.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080613002107\backup\Users\CHADYS~1\AppData\Local\Temp\phlbywdl.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\20080613002107\backup\Users\CHADYS~1\AppData\Local\Temp\syhenrpd.dll Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 16 June 2008 - 02:51 PM

Hi

The KASPERSKY ONLINE SCANNER 7 REPORT is good :thumbsup: those files are already deleted & in the Deckard System Scanner quarantine ... we can easily delete them permanently from there ...

I understand what you are saying about the file not showing, but have no idea why ... sometimes when you extract files from a zip file to a new folder in the same location as the zip file, the folder will not show unless you refresh the page, maybe all you needed to do to see the file was refresh the page ? but I don't know why you should have to do this.

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

THEN run a new scan with KASPERSKY (same as the last one) & post the new log please.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 cmdubie

cmdubie
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 17 June 2008 - 12:19 AM

It did the same thing with saving the file again. And I still can't see the logs from yesterday, but they still show up in the Save window launched by Kaspersky. I just wanted to include what was happening in case it might somehow be related to all of this. Since you didn't draw that conclusion and since the OS of the computer I did save the file to is XP, I'll assume it's a Java / Vista issue.

Anywho, here's a nice clean report for you to look at :thumbup2:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 02:43:35
Records in database: 875514
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 161769
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:53:33

No malware has been detected. The scan area is clean.

The selected area was scanned.

Assuming we are done . . .thank you for your help. I probably could have managed on my own but would wonder everytime the computer did something funny. Now, at least I have you to blame. :) Take care and keep up the good fight. :thumbsup:

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 17 June 2008 - 02:45 PM

Hi

You're welcome :thumbsup:

About the files not showing in the actual folder, I take it you have tried refreshing the folder when in it ?

While in the folder go to > Tools > Folder Options > click the "View" tab. make sure "show hidden files and folders" is selected.... it may be slightly different in Vista ... no idea why they should be hidden, just a thought ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 17 June 2008 - 03:36 PM

Hi

Something else I just thought of, Right click in the troublesome folder > properties > in the attributes: is the "hidden" box checked ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#10 cmdubie

cmdubie
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 18 June 2008 - 12:09 AM

I've refreshed the folder, I've reopened the folder, I've rebooted the machine. Those files just aren't there.

I've run a search of all Local Hard Drives including non-indexed (which is everything since indexing is off), hidden, and system files. Nothing found.

I changed the Folder Options (in Control Panel for Vista) to Show Hidden Files. Still nothing.

I was saving the files to the Documents folder inside my User folder. Neither of them is a hidden folder. I did notice while checking for Hidden that they both have a "blued" box next to Read Only. Not a checked box, but filled in with blue. I can remove the blue to place a check or leave the box empty. Whenever I try either one and click apply and exit though, it's blued in again when I go back.

I made a simple little .txt document in Notepad which saved just fine. I watched it spawn in the window as I hit the save button.

I also downloaded a small zip file and saved it to that very folder. It also worked just fine.

I'm convinced those saved logs are just not there and that the Java platform was reporting them there through the save window incorrectly. I also noticed when trying to navigate to the folder through the save window that it incorrectly reported two versions of my User folder on my desktop. One was a shortcut (with the ugly arrow on it) and the other wasn't. I only have the shortcut with the arrow on my desktop. I think I read somewhere else on these boards that Java and Vista weren't getting along at first but that things were better now. My guess is they got it working, but it's probably still a bit buggy.

I can live with it. Now if I could just figure out my Problems with Games I'd be happy as a clam. I'm gonna try isolating the cards this weekend.

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 18 June 2008 - 08:11 AM

HI

Well ... that is a puzzle ... I'll just comment on one thing you mention :-

I'm convinced those saved logs are just not there and that the Java platform was reporting them there through the save window incorrectly. I also noticed when trying to navigate to the folder through the save window that it incorrectly reported two versions of my User folder on my desktop. One was a shortcut (with the ugly arrow on it) and the other wasn't. I only have the shortcut with the arrow on my desktop.


I've looked at your other thread, am I right is deducing that you had Vista home basic installed & then upgraded to vista ultimate ? ... I wonder if in the process some folders have become duplicated ?

You say the "save window" shows "two versions of my User folder on my desktop." maybe there are 2, but one is somehow hidden, & the files are saved in the hidden one ?

Can you go to "my computer" > C:\ ... then navigate to the folder showing the files on your user desktop, see if the 2 files in the "save window" are there, or just the one as shown on your desktop ... try opening the folder from that location instead of the desktop.

-
About your other problem ...

When I first installed Vista Home Premium I did not have any issues ...

I believe it started with a driver update from Microsoft although I'm not 100% sure ...

I decided to take matters into my own hands and used DBAN (Derrick's (I think) Boot and Nuke) to wipe the hard drive.

The reinstall after that still yeilded the above glitches with only the first wave of updates completing.

I then upgraded to Vista Ultimate with a new motherboard and processor and am still receiving the same glitches.


So .. after you reinstalled Vista Home Premium ... All was OK again before any updates ?

You've installed a new motherboard & processor ... so you can eliminate them ... so what is still there, PSU, naw, can't be that ... everything points to a driver update ...

I agree with usasma in your other thread when he says :- FWIW - I never let Windows Update install device drivers (I've had too many problems) - rather I visit the website of the manufacturer of the hardware component and download the latest version from there.

I once let windows update a network adaptor driver, which it "highly recommended" & it it promptly kicked me off the net, I had to go to device manager to roll back to the previous driver to get back on.

I think you may have to reinstall again & only install the critical updates, don't let windows update have a free hand at installing anything & everything ... I always update manually (I like to see what is being updated)

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 24 July 2008 - 04:22 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users