Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/Rustok-N


  • This topic is locked This topic is locked
7 replies to this topic

#1 illusion4657

illusion4657

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 29 December 2008 - 12:24 PM

There was a thread similar to this one posted about a couple weeks ago.

I am having a similar problem. When I go to websites that stream videos for me (youtube still works for some reason), I get a message that reads....


" Your computer (IP: 72.196.234.8) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N' "

I ran my McAfee virus scan, and to no avail, nothing was detected. I don't know if this is just a glitch on the website or if it really is some hidden virus.

I know you guys are really good at catching viruses and I'm kind of backed into a corner here.

Thanks!!

BC AdBot (Login to Remove)

 


#2 illusion4657

illusion4657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 29 December 2008 - 12:31 PM

DDS:



DDS (Version 1.1.0) - NTFSx86
Run by Troy at 12:29:17.90 on Mon 12/29/2008
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2460 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
X:\program files\steam\steam.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Troy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
uRun: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart /l:enu
uRun: [Steam] "x:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\troy\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.11\RivaTuner.exe" /S
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\troy\applic~1\mozilla\firefox\profiles\kgm6isvt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\troy\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\FrameworkService.exe" /ServiceStart [2008-10-31 104000]
R2 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\Mcshield.exe" [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe" [2006-11-30 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-10-31 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-10-31 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-10-31 168776]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-10-29 176128]

=============== Created Last 30 ================

2008-12-02 17:31 <DIR> --d----- c:\program files\Ventrilo
2008-12-02 17:31 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

==================== Find3M ====================

2008-10-31 18:33 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-10-31 18:33 22,328 a------- c:\docume~1\troy\applic~1\PnkBstrK.sys
2008-10-31 18:32 107,832 a------- c:\windows\system32\PnkBstrB.exe
2008-10-31 18:32 2,250,024 a------- c:\windows\system32\pbsvc.exe
2008-10-31 18:32 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-30 20:56 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-29 17:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-29 17:23 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-02 10:07 453,152 a------- c:\windows\system32\NVUNINST.EXE
2006-06-23 01:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 12:29:38.62 ===============


DDS ATTACH:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/29/2008 5:27:15 PM
System Uptime: 12/26/2008 10:10:55 AM (74 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K-E
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 3005/335mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 211.408 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 232.813 GiB free.
X: is FIXED (NTFS) - 298 GiB total, 254.752 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/29/2008 5:29:40 PM - System Checkpoint
RP2: 10/29/2008 9:50:27 PM - Installed SoundMAX
RP3: 10/29/2008 9:50:30 PM - Installed SoundMAX
RP4: 10/29/2008 9:58:44 PM - Installed JMB36X Raid Configurer
RP5: 10/29/2008 10:00:17 PM - Installed ASUS WiFi-AP Solo
RP6: 10/30/2008 2:40:32 PM - Installed Adobe Reader 9.
RP7: 10/30/2008 2:49:18 PM - Installed iTunes
RP8: 10/30/2008 2:56:54 PM - Installed Ventrilo Client
RP9: 10/30/2008 3:01:40 PM - Installed Microsoft Office Professional Edition 2003
RP10: 10/30/2008 3:08:58 PM - Printer Driver HP LaserJet 1020 Installed
RP11: 10/30/2008 3:09:01 PM - Printer Driver HP LaserJet 1022 Installed
RP12: 10/30/2008 3:09:03 PM - Printer Driver HP LaserJet 1022n Installed
RP13: 10/30/2008 3:09:05 PM - Printer Driver HP LaserJet 1022nw Installed
RP14: 10/30/2008 3:12:31 PM - Logitech Camera Driver Install
RP15: 10/30/2008 4:17:49 PM - Installed Steam
RP16: 10/30/2008 8:53:48 PM - Installed DirectX
RP17: 10/31/2008 6:29:55 PM - Installed Far Cry 2
RP18: 10/31/2008 6:33:47 PM - Installed DirectX
RP19: 10/31/2008 6:51:10 PM - Installed McAfee VirusScan Enterprise
RP20: 11/1/2008 10:09:59 PM - System Checkpoint
RP21: 11/2/2008 10:23:47 AM - Installed Oblivion
RP22: 11/2/2008 10:23:51 AM - Installed DirectX 9.0
RP23: 11/2/2008 3:34:03 PM - Installed DirectX
RP24: 11/2/2008 3:34:44 PM - Installed %1 %2.
RP25: 11/2/2008 3:34:47 PM - Printer Driver Microsoft XPS Document Writer Installed
RP26: 11/2/2008 3:37:56 PM - Installed DirectX
RP27: 11/2/2008 3:38:35 PM - Installed Fallout 3
RP28: 11/3/2008 4:55:41 PM - System Checkpoint
RP29: 11/4/2008 6:30:07 PM - System Checkpoint
RP30: 11/5/2008 7:14:34 PM - System Checkpoint
RP31: 11/7/2008 4:38:24 PM - System Checkpoint
RP32: 11/8/2008 5:57:33 PM - System Checkpoint
RP33: 11/9/2008 7:10:37 PM - System Checkpoint
RP34: 11/10/2008 8:01:21 PM - System Checkpoint
RP35: 11/11/2008 10:10:07 PM - System Checkpoint
RP36: 11/13/2008 6:00:54 PM - System Checkpoint
RP37: 11/13/2008 10:28:38 PM - Removed Fallout 3
RP38: 11/15/2008 12:39:30 AM - System Checkpoint
RP39: 11/16/2008 1:35:21 AM - System Checkpoint
RP40: 11/16/2008 2:46:24 PM - Removed Oblivion
RP41: 11/17/2008 5:41:34 PM - System Checkpoint
RP42: 11/18/2008 6:07:22 PM - System Checkpoint
RP43: 11/19/2008 6:12:26 PM - System Checkpoint
RP44: 11/20/2008 6:28:11 PM - System Checkpoint
RP45: 11/21/2008 7:34:42 PM - System Checkpoint
RP46: 11/22/2008 8:08:48 PM - System Checkpoint
RP47: 11/23/2008 10:15:20 PM - System Checkpoint
RP48: 11/24/2008 11:04:48 PM - System Checkpoint
RP49: 11/25/2008 11:40:57 PM - System Checkpoint
RP50: 11/27/2008 12:23:00 AM - System Checkpoint
RP51: 11/29/2008 4:53:00 PM - System Checkpoint
RP52: 11/30/2008 6:40:59 PM - System Checkpoint
RP53: 12/1/2008 7:21:37 PM - System Checkpoint
RP54: 12/2/2008 5:31:03 PM - Removed Ventrilo Client
RP55: 12/2/2008 5:31:19 PM - Installed Ventrilo Client
RP56: 12/3/2008 5:53:31 PM - System Checkpoint
RP57: 12/4/2008 5:58:55 PM - System Checkpoint
RP58: 12/6/2008 12:25:06 AM - System Checkpoint
RP59: 12/7/2008 12:36:30 AM - System Checkpoint
RP60: 12/8/2008 7:19:59 PM - System Checkpoint
RP61: 12/9/2008 10:43:10 PM - System Checkpoint
RP62: 12/11/2008 7:18:44 AM - System Checkpoint
RP63: 12/12/2008 6:01:05 PM - System Checkpoint
RP64: 12/13/2008 6:51:13 PM - System Checkpoint
RP65: 12/14/2008 7:51:13 PM - System Checkpoint
RP66: 12/15/2008 10:20:38 PM - System Checkpoint
RP67: 12/16/2008 10:52:32 PM - System Checkpoint
RP68: 12/18/2008 6:02:03 PM - System Checkpoint
RP69: 12/19/2008 6:30:05 PM - System Checkpoint
RP70: 12/20/2008 11:20:56 PM - System Checkpoint
RP71: 12/21/2008 11:43:26 PM - System Checkpoint
RP72: 12/23/2008 5:56:42 PM - System Checkpoint
RP73: 12/25/2008 1:00:22 AM - System Checkpoint
RP74: 12/26/2008 1:02:52 PM - System Checkpoint
RP75: 12/27/2008 1:15:27 PM - System Checkpoint
RP76: 12/29/2008 1:44:55 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ASUS WiFi-AP Solo
AviSynth 2.5
Bonjour
Counter-Strike: Source
Crysis Warhead
Day of Defeat: Source
Far Cry 2
Google Chrome
Google Gears
iTunes
JMB36X Raid Configurer
K-Lite Mega Codec Pack 4.2.5
LaserJet 1020 series
Logitech QuickCam
Logitech® Camera Driver
Marvell Miniport Driver
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser (KB925673)
MVision
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OrderReminder HP LaserJet 1020
PowerISO
PunkBuster Services
QuickTime
RivaTuner v2.11
SoundMAX
Steam
Team Fortress 2
Ventrilo Client
Videora iPod Converter 4.02
WebFldrs XP
Windows Communication Foundation
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
World of Goo
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

#3 illusion4657

illusion4657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 29 December 2008 - 02:33 PM

bump :/

#4 illusion4657

illusion4657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 29 December 2008 - 10:36 PM

bump again >.>

#5 illusion4657

illusion4657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 01 January 2009 - 05:41 PM

bump

#6 illusion4657

illusion4657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 08 January 2009 - 08:59 PM

hey, im back, still no reply, anyone willing to help me?

#7 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:22 PM

Posted 09 January 2009 - 04:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system.
Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#8 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:22 PM

Posted 13 January 2009 - 06:04 PM

Due to the lack of feedback, this Topic is now closed.

If you still have problems, please Start a new topic.

Or contact any Moderator to reopen it if still applicable.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users