Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seneka,Vundo, maximum number of secrets exceeded


  • This topic is locked This topic is locked
2 replies to this topic

#1 daviddi

daviddi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 04 January 2009 - 03:40 AM

I'm running windows XP. Got hit with Seneka and Vundo. I seemed to have cleaned out most of the problems except for this big one: I can't access my E: or G: drives. When i try to open them in "My Computer", i get the following error message:

E:\ is not accessible.
The maximum number of secrets that may be stored in a single system has been exceeded.

What I've done so far: I followed the instructions in http://www.bleepingcomputer.com/forums/t/177711/maximum-number-of-secrets-exceeded/ .
I cleaned them out repeatedly with 1) AVG, 2) Malwarebytes Anti-Malware, 3)ATF Cleaner and 4) SuperAnti-Spyware. The programs indicate everything is cleaned out but I still have the following issues:

1) the abovementioned error: The maximum number of secrets exceeded.
2) Seneka keeps reappearing upon reboot.
3) System Restore is not able to create a restore point. The error message says: "Please restart the computer, and then run System Restore again", however restarting doesnot fix the problem.

I'm including the logs from 1) DDS, 2)Malwarebytes Anti-Malware(the first scan and the latest scan) and 3)SUPERAntiSpyware

I hope someone can help. Thanks!







DDS (Version 1.1.0) - NTFSx86
Run by Owner at 23:52:52.07 on Sat 01/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3044 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Upline\Upline.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\HP\Upline\UplineMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Upline] "c:\program files\hp\upline\Upline.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: line6.net
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-6-30 39472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-3 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-3 26824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 echo1394;AudioFire service;c:\windows\system32\drivers\echo1394.sys [2008-4-30 68864]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\drivers\L6TPortGX.sys [2008-10-7 521472]
R3 USBMN8X8;M-Audio USB MidiSport 8x8;c:\windows\system32\drivers\usbmn8x8.sys [2008-7-9 22432]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-3 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-3 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-3 76040]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-6-17 98488]
R4 UplineMonitor;UplineMonitor;c:\program files\hp\upline\UplineMonitor.exe [2008-9-20 66864]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USB88LDR;M-Audio USB MidiSport 8x8 Loader;c:\windows\system32\drivers\usb88ldr.sys [2008-7-9 21696]

=============== Created Last 30 ================

2009-01-03 22:12 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-03 22:12 --d----- c:\program files\SUPERAntiSpyware
2009-01-03 22:12 --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-01-03 22:12 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-03 22:00 --d----- c:\program files\Trend Micro
2009-01-03 21:34 --d-h--- C:\$AVG8.VAULT$
2009-01-03 21:31 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-03 21:31 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-03 21:31 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-03 21:31 --d----- c:\windows\system32\drivers\Avg
2009-01-03 21:31 --d----- c:\program files\AVG
2009-01-03 20:28 --d----- c:\program files\msn gaming zone
2009-01-03 19:52 127 a------- c:\windows\system32\MRT.INI
2009-01-03 19:43 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-03 19:43 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-03 19:43 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-03 19:43 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-03 19:43 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-03 19:43 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-03 19:43 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-03 19:43 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-03 19:43 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-03 19:41 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-03 19:40 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-03 19:40 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-03 19:20 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-01-03 19:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-03 19:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 19:13 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 19:13 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-03 18:10 --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-20 14:52 133,120 a------- c:\windows\system32\SFEDT32.DLL
2008-12-20 14:47 303,616 a------- c:\windows\IsUninst.exe
2008-12-20 14:47 --d----- c:\documents and settings\owner\WINDOWS
2008-12-19 23:52 --d----- c:\docume~1\owner\applic~1\LinPlug
2008-12-12 10:18 1,152,654 a------- C:\Exceptions.zip

==================== Find3M ====================

2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-06 14:52 118,784 a------- c:\windows\dsdxirmv.exe
2008-08-07 23:06 388,608 a------- c:\program files\ies_gen3.exe
2008-07-10 22:09 1,246 a------- c:\program files\setuplog.txt
2007-02-23 23:18 1,159,168 a------- c:\program files\IndigoToneMapper.exe
2006-11-30 15:49 2,359,352 a------- c:\program files\adkbkgdnoname.BMP
2006-08-23 10:50 293,888 a------- c:\program files\Authorize Ivory.exe

============= FINISH: 23:53:07.92 ===============






Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

1/3/2009 7:22:02 PM
mbam-log-2009-01-03 (19-22-02).txt

Scan type: Quick Scan
Objects scanned: 6
Time elapsed: 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)










Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

1/3/2009 11:18:52 PM
mbam-log-2009-01-03 (23-18-52).txt

Scan type: Quick Scan
Objects scanned: 49313
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.







SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2009 at 10:56 PM

Application Version : 4.24.1004

Core Rules Database Version : 3694
Trace Rules Database Version: 1670

Scan type : Complete Scan
Total Scan Time : 00:39:34

Memory items scanned : 392
Memory threats detected : 0
Registry items scanned : 5625
Registry threats detected : 13
File items scanned : 101414
File threats detected : 2

Rogue.Component/Trace
HKLM\Software\Microsoft\40235CC8
HKLM\Software\Microsoft\40235CC8#40235cc8
HKLM\Software\Microsoft\40235CC8#Version
HKLM\Software\Microsoft\40235CC8#4023f148
HKLM\Software\Microsoft\40235CC8#402398ad
HKU\S-1-5-21-3318940962-1410522122-3024914800-1003\Software\Microsoft\CS41275
HKU\S-1-5-21-3318940962-1410522122-3024914800-1003\Software\Microsoft\FIAS4018

Rogue.RapidAntivirus
HKU\.DEFAULT\Software\Rapid Antivirus
HKU\S-1-5-18\Software\Rapid Antivirus

Adware.Prun
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet#UninstallString

Adware.Vundo Variant
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EEDZTR26\INDEX[1]
C:\WINDOWS\SYSTEM32\VRFKDVHW.DLL

BC AdBot (Login to Remove)

 


#2 daviddi

daviddi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 04 January 2009 - 10:37 PM

Update: I think I fixed it...everything seems to be back to normal, no viruses showing up on scan. The key seems to be to do a complete scan with Malwarebytes Anti-Malware, not just a quick scan.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:17 PM

Posted 17 January 2009 - 01:49 PM

Thanks for informing us.

Should you find other problems please start a new topic.


This tread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users