Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "System Security"


  • Please log in to reply
1 reply to this topic

#1 hugoferradeira

hugoferradeira

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 01 January 2009 - 09:03 AM

My computer is infected with "System Security". I had followed the "How to remove System Security (Unistall Instruction)" and the Malware remains.
Performing the quick scan of Malwarebytes Anti-Malware the program detects only one item (Vendor-Rogue.SystemSecurity Category- File). After Remove Selected nothing hapen.
Performing the full scan of Malwarebytes Anti-Malware the program detects two itens. After Remove Selected the icon of System Security, on the desktop, disapers but reaper after system reboot.

With best compliments.
Hugo

DDS (Version 1.1.0) - NTFSx86
Run by Alexandre at 12:50:49,81 on 01-01-2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2559.2060 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Documents and Settings\All Users\Application Data\1338614132\146834049.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programas\Opera\opera.exe
C:\Documents and Settings\Alexandre\Definições locais\Application Data\Opera\Opera\profile\cache4\temporary_download\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programas\ficheiros comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [SoundMAXPnP] c:\programas\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\programas\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\programas\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [avgnt] "c:\programas\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\programas\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\programas\ficheiros comuns\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\programas\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [146834049] "c:\documents and settings\all users\application data\1338614132\146834049.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hppsc1~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hpoddt~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\pinnac~1.lnk - c:\programas\pinnacle\shared files\programs\scheduler\PCLEScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\viarai~1.lnk - c:\programas\via\raid\raid_tool.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

============= SERVICES / DRIVERS ===============

R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2008-12-31 72192]
R1 avgio;avgio;\??\c:\programas\avira\antivir personaledition classic\avgio.sys [2008-12-31 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\programas\avira\antivir personaledition classic\sched.exe" [2008-12-31 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\programas\avira\antivir personaledition classic\avguard.exe" [2008-12-31 151297]
R3 avgntflt;avgntflt;\??\c:\programas\avira\antivir personaledition classic\avgntflt.sys [2008-12-31 52032]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-12-31 6400]
R3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys []
S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-31 556416]

=============== Created Last 30 ================

2009-01-01 11:59 <DIR> --d----- c:\programas\SeedC
2009-01-01 11:17 <DIR> --d----- c:\documents and settings\alexandre\Ambiente de trabalho
2009-01-01 11:17 <DIR> --d-h--- c:\documents and settings\alexandre\Modelos
2009-01-01 11:17 <DIR> --d-h--- c:\documents and settings\alexandre\Definições locais
2009-01-01 11:17 <DIR> --d--r-- c:\documents and settings\alexandre\Os meus documentos
2009-01-01 11:17 <DIR> --d--r-- c:\documents and settings\alexandre\Menu Iniciar
2009-01-01 11:17 <DIR> --d--r-- c:\documents and settings\alexandre\Favoritos
2009-01-01 11:17 <DIR> --d----- c:\documents and settings\Alexandre
2009-01-01 03:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 03:46 2,538,872 a------- c:\programas\mbam-setup.exe
2009-01-01 03:38 525 a------- C:\hpfr3420.xml
2009-01-01 03:34 82,380 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-01-01 03:33 167,936 a----r-- c:\windows\system32\HPZipr12.dll
2009-01-01 03:33 94,208 a----r-- c:\windows\system32\HPZipt12.dll
2009-01-01 03:33 65,795 a----r-- c:\windows\system32\HPZipm12.exe
2009-01-01 03:33 61,699 a----r-- c:\windows\system32\HPZinw12.exe
2009-01-01 03:33 57,344 a----r-- c:\windows\system32\HPZisn12.dll
2009-01-01 03:33 233,528 a----r-- c:\windows\system32\HPZidr12.dll
2009-01-01 03:33 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-01-01 03:33 51,024 a----r-- c:\windows\system32\drivers\hpzid412.sys
2009-01-01 03:32 21,456 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-01-01 03:32 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-01 03:32 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-01 03:32 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-01 03:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-01 03:31 <DIR> --d----- c:\programas\ficheiros comuns\Hewlett-Packard
2009-01-01 03:29 16,618 -------- c:\windows\hpomdl01.dat
2009-01-01 03:29 20,467 a------- c:\windows\hpoins01.dat
2009-01-01 03:27 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-01-01 03:27 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-31 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1338614132
2008-12-31 22:42 <DIR> --d----- c:\programas\Nero
2008-12-31 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-12-31 22:41 <DIR> --d----- c:\windows\RegisteredPackages
2008-12-31 21:20 <DIR> --d----- c:\windows\SHELLNEW
2008-12-31 21:16 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-31 20:53 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-31 20:53 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-31 20:51 <DIR> --d----- c:\programas\LimeWire
2008-12-31 20:31 <DIR> --d----- c:\programas\Avira
2008-12-31 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-12-31 20:07 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-31 20:02 <DIR> --d----- c:\windows\Profiles
2008-12-31 20:02 308,224 a------- c:\windows\IsUn0416.exe
2008-12-31 19:58 <DIR> --d----- c:\programas\Pinnacle
2008-12-31 19:45 147,328 a----r-- c:\windows\system32\drivers\EL2K_XP.sys
2008-12-31 19:45 61,440 a----r-- c:\windows\system32\EL2K_CPP.dll
2008-12-31 19:15 235,100 a------- c:\windows\system32\drivers\MidiSyn.sys
2008-12-31 19:15 <DIR> --d----- c:\programas\Analog Devices
2008-12-31 19:13 72,192 a----r-- c:\windows\system32\drivers\viaraid.sys
2008-12-31 19:13 <DIR> --d----- c:\programas\VIA
2008-12-31 19:13 <DIR> --d----- c:\programas\ficheiros comuns\InstallShield
2008-12-31 19:09 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-31 19:01 33,792 -c------ c:\windows\system32\dllcache\custsat.dll
2008-12-31 18:59 19,569 a------- c:\windows\005445_.tmp
2008-12-31 18:55 3,762 a------- c:\windows\Ascd_tmp.ini
2008-12-31 18:55 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2008-12-31 18:41 316,640 a------- c:\windows\WMSysPr9.prx
2008-12-31 18:39 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-31 18:38 19,528 a------- c:\windows\002235_.tmp
2008-12-31 18:38 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-31 18:37 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-31 18:36 <DIR> --d----- c:\windows\EHome
2008-12-31 18:33 48,128 a------- c:\windows\system32\drivers\61883.sys
2008-12-31 17:57 <DIR> --dsh--- c:\windows\Installer
2008-12-31 17:51 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-31 17:49 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2008-12-31 17:48 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-31 17:48 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-31 17:48 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-31 17:48 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-31 17:48 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-31 17:48 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-31 17:48 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-31 17:48 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-31 17:48 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-31 17:48 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-31 17:48 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-31 17:48 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-31 17:48 <DIR> --d----- c:\windows\srchasst
2008-12-31 17:46 <DIR> --d----- c:\programas\ficheiros comuns\MSSoap
2008-12-31 17:45 <DIR> --d-h--- c:\programas\WindowsUpdate
2008-12-31 17:45 <DIR> --d----- c:\programas\Serviços online
2008-12-31 17:45 <DIR> --d----- c:\programas\Messenger
2008-12-31 17:45 <DIR> --d----- c:\programas\MSN Gaming Zone
2008-12-31 17:45 <DIR> --d----- c:\programas\Windows NT
2008-12-31 17:07 <DIR> --d----- c:\programas\ficheiros comuns\ODBC
2008-12-31 17:07 <DIR> --d----- c:\programas\ficheiros comuns\SpeechEngines
2008-12-31 17:06 <DIR> --d-h--- c:\documents and settings\all users\Modelos
2008-12-31 17:06 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar
2008-12-31 17:06 <DIR> --d--r-- c:\documents and settings\all users\Documentos
2008-12-31 17:06 <DIR> --d----- c:\documents and settings\all users\Favoritos
2008-12-31 17:06 <DIR> --d----- c:\documents and settings\all users\Ambiente de trabalho

==================== Find3M ====================

2008-12-31 19:11 358,982 a------- c:\windows\system32\perfh016.dat
2008-12-31 19:11 50,952 a------- c:\windows\system32\perfc016.dat
2008-12-31 19:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-31 17:46 21,924 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 12:51:00,60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:44 PM

Posted 02 January 2009 - 12:45 PM

Hello Hugo and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users