Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection


  • Please log in to reply
3 replies to this topic

#1 zhaul-san

zhaul-san

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 17 October 2008 - 02:41 PM

Hi, everyone, i am zhaul and in need of help, please forgive my english, not my native language. (but close) hehehe.

I am posting this out of one question what is happening to my laptop is normal?

I am going crazy over this. I recently had a terrible problem with my computer, that ended in the lose of all my info. In the end the technician had to reformat and install everything, due to many viruses and malware. since then I haven't used Limewire or Ares, however, I have downloaded files from Rapidshare, Megaupload and others. Who claim to have clean files.
AW,

MY lap is a 1.2 ghz pent III 758 mb of ram 40Gb HD with two partitions C: and D:

I have run all I got:

Kapersky. nothing detected
Highjack this ?? dunno computer language
Nod 32 nothing detected
AVG antivirus which detected 2 adwares: Generic and Titanshieldspyware
those where remove from 30 detections but they were not reported as threats. (I am afraid I have cancelled one of my programs)
CCleaner, small log file.

Non of the above detected those invisible files that the defrag read:

Disk Space Reporter reads on disk space used

C: 4.352.624.250
D: 628.588.833

Windows properties reads on disk space used:

C: 5.019.873.280
D: 959.467.520

Is this difference normal?

And I did a defrag on dsk D:

and it read:

Moving file A0017994.exe
moving file A0017995.exe

Both are invisible to explorer, or other programs, except to defrag.

I have formatted dsk D: and after doing it the explorer gives about 69.000.000 bytes used disk space
I have to add that I have done the formatting twice, and those invisible files come back.
The disk space reads are what I have just now.

Please advice, dunno if I have an invisible problem that can't be detected.

There is another little problem I detected which dunno if it is related
a few days ago my svchost has been jumping from 0 to 45 and sometimes to 99 for few seconds making the connection to a link sometimes a long wait. After I killed it in the task manager firefox runs smoothly. I checked with process explorer
and found out that this svchost manages dnsrslvr.dll only. I went to check the properties of it, and checked internet for possible threats and seems like has very low risk, the ver. is 5.1.2600.2180 And everything points out that it is ok. I thought about changing it for the most recent ver 6.0.0000.0001 I think don't remember or for a later, but I am afraid to make a terrible mistake.

There is no reason to believe I have maleware, but I do not know. I hope I didn't break the rules. I considered that this post should go to maleware removal.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:48 PM

Posted 17 October 2008 - 03:15 PM

Hi do you have Kaspersky,AVG and Nod32 Antivirus installed??

Please run this scan for me..

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Edited by garmanma, 20 October 2008 - 10:56 AM.
copied text

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 zhaul-san

zhaul-san
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 18 October 2008 - 04:23 PM

Thanks for helping. I have to say that this is the most weird thing ever seen by me.

My antivirus is nod32, when I need to make another check I disable it and install avg.

Well didn't found something.

Malwarebytes' Anti-Malware 1.29
Database version: 1286
Windows 5.1.2600 Service Pack 2

10/17/2008 4:11:17 PM
mbam-log-2008-10-17 (16-11-17).txt

Scan type: Quick Scan
Objects scanned: 40281
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I started suspecting that MSOcache is the one that produces this thing, but I am not sure.
We have another pc in the office that has doble partition and the same thing happens in DSK d: when defrag there are readings of some A????????.exe file being moved but no program can read them except the defrag.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:48 PM

Posted 18 October 2008 - 07:36 PM

Hello, it appears that it is not a malware issue. You will be better served now to ask about the Defrag issue in the XP forum at top. Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users