Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many symptoms possibly related to prunnet.exe


  • Please log in to reply
5 replies to this topic

#1 eep.

eep.

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 28 December 2008 - 04:32 AM

Hello,
so I've read some of the other posts that seem similar to my situation however I have additional problems that make it difficult to try and follow the steps of the other posts. It started when I was surfing on an unsecured wireless network using firefox when the link I clicked on was reported as a "attack site" by firefox and denied it's viewing. Later prevx 2.0 asked to grant prunnet.exe access and I blocked the process. After hibernating the computer, upon restart I started experiencing the following symptoms. I'm running windows XP professional service pack 2.

-I cleaned out my temporary internet files, temp folder, used CCleaner, and used ATF cleaner
-No internet connection and blank network connections panel
>> Using ipconfig all media is disconnected
>>dependent services like WMI are all stopped though set on automatic
-found uknown service "##Id_String1.6844F930..." and stopped it
-Very slow startup of computer, before and after logon information

-Cannot run SuperAntiSpyware and a generic "has encountered a problem" will result
-Cannot run AVG anti spyware and says "connection to service failed. Please reinstall..."
-NOD32 still is able to on demand scan and found 1 infected file 2 days after
>>%Temp%\rmeocwxnas.tmp-Win32/TrojanDownloader.Agent.ASFY trojan
>>The threat log for the day symptoms first started are as follows
AMON temp\TDSSb1f9.tmp Win32/Patched.AE virus
AMON C:\windows\Kernel32.exe a variant of Win32/Kryptik.DF trojan
AMON temp int files\content.ie5\...\clicker[1].txt a variant of Win32/Kryptik.DF trojan
AMON temp\[some.tmp] a variant of Win32/Adware Virtumonde.NCV application
IMON a variant of Win32/TrojanDownloader.Agent.OOL trojan
AMON *system32\[some .dll] win/32Adware.virtumonde application
AMON temp\removalfile.bat win/32Adware.virtumonde application
>>All of the files detected by AMON were quarantined except for the top one TDSSb1f9.tmp

-Prunnet.exe runs at startup
>>I deleted the prunnet.exe in 2 places and stopped it from starting up
-Search function window will not show up when I try to access it
-User accounts panel is blank
-Programs will not run using a jump drive, I tried to install malwarebytes, hijackthis, and another spyware program.
>>There is an hour glass and the process will show up in taskmgr but nothing shows
-Cannot drag desktop items or copy and paste files, though words in documents can be copy and pasted

-many services aren't started / msinfo32 won't load in run
>>I mentioned many services were not started relating to ICS like ACG WMI
>>When I try to start them I get errors 1069/1068
-mshtml.dll could not be loaded because DllRegisterServer entry point was not found



Anyways, thanks if you managed to read the whole thing and are at the end =), any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:54 AM

Posted 28 December 2008 - 01:39 PM

Did you try this for Malwarebytes?:


If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 eep.

eep.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 28 December 2008 - 06:06 PM

Yes I did try installing using that method and the process seemed to be going smoothly but then at the end of the installation in setup.exe it does not complete and stops at "finishing installation" and just hangs there. The green progress bar is full, the process is still running under tskmgr and the cancel sign is grayed out.

#4 eep.

eep.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 28 December 2008 - 11:06 PM

so I have ran Superantispyware, spy bot search and destroy using the method of renaming and caught a bunch of files and registry listings. Spybot found ".ini" in system32 related to virtumonde and ".log" + ".zip" of win32.TDSS.rtk in the temp folders. Super found Rootkit.TDSServ/FAke and Rootkit.TDSServ related items and Trojan.Unknown Origin. Malwarebyte still will not install fully because it returns an error at the end:

"Run-time error '372'
Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

I see the vbalgrid6.ocx in the same folder as malwarebytes so I'm not sure. When I try to run the program it will give the same error. I also disabled the TDSSserv.sys and deleted it using Avenger.

Most of the symptoms still remain so not really sure where to go from here and how to get malwarebytes up and running. thanks.

#5 eep.

eep.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 28 December 2008 - 11:30 PM

and when I try to register or unregister the vbalsgrid6.ocx it says LoadLibrary("vbalsgrid6.ocx") failed- The specified module could not be found

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:54 AM

Posted 29 December 2008 - 10:37 AM

From what I have read about this type of infection is to uninstall mbam and start over. If that doesn't work then it's time for a HJT log, using the preparation guide found here:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Then submitting it in the proper forum here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users