Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where Should I Start?


  • Please log in to reply
4 replies to this topic

#1 somegirl

somegirl

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 29 June 2008 - 11:28 PM

Hello, this is my first post and I hope I have put this in the right place.

Recently, my daughter had a character in an online game hacked. This happened to her after she visited a questionable website. Since this was alarming to me, I went to her computer and did some checking. She had no virus protection, no spyware programs, and no firewall on her computer.

I installed AVG and ran a full scan. It, of course found several virii. I then installed spybot and adaware and performed those scans as well.

There are several things wrong with her computer and I'm not sure where to start. Something I didn't know was that over a year ago someone or something disabled her firewall. And, I can't enable it. If I try to enable it, I get an error window that says
box name: rundll
message: error in setupapi.dll missing error:s
Actually, I can't open anything in the control panel because i get this message. I tried replacing setupapi.dll and that changed nothing.
Also, I tried to do a system restore and got a message that windows was unable to restore to that date. This happened when I tried to restore to 3 different dates. After that... I went into safe mode and did a restore there. This time it worked but, it didn't help anything. While I was in safe mode, I noticed something interesting. There was a process in the task manager called iexplore.exe. I was in safe mode so, I tried to just end that process. I was unable to end that process in safe mode.

Something is definately wrong. And I need to know what my first priority should be. I am almost positive she has 1 or more virii currently on her computer but, AVG is not finding them. I also think she may have a keylogger. I really want to enable the windows firewall but, I'm unable to do that. Here is what I have done in addition to the things I've already mentioned.

I downloaded HiJackThis and ran a scan.
I ran the online virus scan at that kaspersky website. I have that log.
I ran that Deckards System Scanner. I have this log, also.
I then ran Keylogger dector and I also have a log of that.

Should I worry first about these virii or should i worry about the windows firewall? Either way, I can't fix any of the problems. Please tell me how I should proceed.

Thank you.

Edited by garmanma, 30 June 2008 - 02:08 PM.
moved to appropiate forum-mark


BC AdBot (Login to Remove)

 


#2 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:10 PM

Posted 29 June 2008 - 11:46 PM

What did Kaspersky Online Scanner find? Post the log here if you can.

If AVG does not find anything and Kaspersky does, uninstall AVG and install Kaspersky 30 Day Free Trial. Run it, update and then scan. Remove what it finds.

#3 somegirl

somegirl
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 29 June 2008 - 11:54 PM

yes Kaspersky definately found some things that don't show up in AVG.

None of these were found by AVG.

Sunday, June 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 30, 2008 02:39:03
Records in database: 897927


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 141768
Threat name 3
Infected objects 27
Suspicious objects 0
Duration of the scan 01:13:50

File name Threat name Threats count
winlogon.exe\abc32.dll/winlogon.exe\abc32.dll Infected: Trojan.Win32.Inject.cck 1

winlogon.exe\11.tmp/winlogon.exe\11.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\TEMP\11.tmp/C:\WINDOWS\TEMP\11.tmp Infected: SpamTool.Win32.Small.x 1

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1

C:\WINDOWS\Temp\1.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\10.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\11.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\2.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\3.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\49.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4A.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4B.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4C.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4D.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\4E.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\5.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\6.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\7.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\8.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\9.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\A.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\B.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\C.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\D.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\E.tmp Infected: SpamTool.Win32.Small.x 1

C:\WINDOWS\Temp\F.tmp Infected: SpamTool.Win32.Small.x 1

The selected area was scanned.

I was only able to scan Critical areas But, I can do a complete scan tomorrow. I will uninstall AVG and download the 30 day trial of Kaspersky like you suggested. I will post again tomorrow.

Thank you

#4 somegirl

somegirl
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 30 June 2008 - 03:05 PM

Okay, I uninstalled AVG and installed the 30 day trial of Kaspersky.

Apparently there is a trojan that can't be removed.

Trojan Program:
Trojan.wininject.cck
Running Module:
winlogon.exe\abc32.dll

the only option I have is to "skip"

I have done a google search on it and there's really no information on this.

Thank you

#5 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:10 PM

Posted 30 June 2008 - 05:22 PM

Here's an information on abc32.dll: http://www.bleepingcomputer.com/startups/a....dll-20558.html

Check this link: http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/.
See the How to remove these infections section.

Edited by Juha, 30 June 2008 - 05:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users