Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware - type unknown


  • Please log in to reply
5 replies to this topic

#1 skelly99

skelly99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 12 January 2009 - 04:59 PM

Hi - I am affected by some form of malware. I am a Firefox user and am experiencing 4 main issues:-
1) I am getting new firefox windows opened to various sites; ebay, gambling sites, local directory sites
2) A blank firefox window with the following starting URL //sagipsul.com/go/?cmp=vm_mg_juan&uid=9FCA6174DF2E11DDB56316635029FFFF&] //sagipsul.com/go/?cmp=vm_mg_juan&amp...635029FFFF&[/url]
3) A window opening asking for my PC to be scanned for malware, etc when closed a firefox window to AntiVirus 2009 is spawned
4) Ablank firfox window to the following type of URL ////89.188.16.28/dot.gif/?ver=112&cmp=superjuan&uid=9FCA6174DF2E11DDB56316635029FFFF&guid=C1A53236A4454C62AE47A65DDE6BFB94&affid=166350&rid=nej116&m=ish6&revid=9918&lid=www.google.co.uk%2Fsearch%3Fhl=en%26q=malware+%26btnG=Search%26meta=&uqs=155&s=0&c1=155&c2=0&uid_track=abab71df-e18e-496e-9cb5-9e7867897296&br=firefox]http://89.188.16.28/dot.gif/?ver=112&c...&br=firefox[/url]

Thanks, Steve

DDS (Ver_09-01-07.01) - NTFSx86
Run by SK at 21:30:50.10 on 12/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1294 [GMT 0:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\AddInForLotusNotes\notesmon.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\hpoinw07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\SK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.club-vaio.com/en/
uInternet Connection Wizard,ShellNext = hxxp://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
BHO: {0b56ada6-2430-b719-f514-0ab54cc82b37}: {73b28cc4-5ba0-415f-917b-03426ada65b0} - c:\windows\system32\gtqlgf.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {ec679656-5da7-4b65-9f9d-d77e5951062e} - c:\windows\system32\byXRlJAP.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [ISUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [NOTESMON] c:\program files\addinforlotusnotes\notesmon.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [QNAP_NASNetBak] c:\program files\qnap\netbak\NetBak.exe /min
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [54a58e5f] rundll32.exe "c:\windows\system32\ohvvnmpb.dll",b
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sk\startm~1\programs\startup\evernote.lnk - c:\program files\evernote\evernote3\EvernoteTray.exe
StartupFolder: c:\docume~1\sk\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet 7100 series\bin\hpogrp07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nokian~1.lnk - c:\program files\nokia\nnpcs\RunLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: qoMDurRi - qoMDurRi.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: gtqlgf.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXRlJAP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sk\applic~1\mozilla\firefox\profiles\sik1ahhm.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\evernote\evernote3\fftbclipper\components\enbar3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - HiddenExtension: XUL Cache: {C376DD94-A2EF-42D2-9AF0-4EF7B589F9A5} - c:\windows\system32\config\systemprofile\local settings\application

data\{c376dd94-a2ef-42d2-9af0-4ef7b589f9a5}\

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-14 127768]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-3 394952]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2004-12-14 71961]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 GTF32BUS;GT F32 BUS;c:\windows\system32\drivers\gtf32bus.sys [2008-8-18 35200]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2008-8-18 8064]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-21 8320]

=============== Created Last 30 ================

2009-01-12 07:39 129,024 a------- c:\windows\system32\gtqlgf.dll
2009-01-12 07:38 129,024 a------- c:\windows\system32\nvqnhbbf.dll
2009-01-12 07:36 1,260,593 ---sh--- c:\windows\system32\bpmnvvho.ini
2009-01-12 07:35 72,704 a------- c:\windows\system32\ohvvnmpb.dll
2009-01-12 07:35 41,472 a------- c:\windows\system32\ucolikem.dll
2009-01-11 15:54 1,260,593 ---sh--- c:\windows\system32\dfcwpodh.ini
2009-01-11 15:54 72,704 -------- c:\windows\system32\hdopwcfd.dll
2009-01-11 15:54 129,024 a------- c:\windows\system32\pyssyz.dll
2009-01-11 15:54 129,024 a------- c:\windows\system32\gbemmvdo.dll
2009-01-11 15:54 41,472 a------- c:\windows\system32\dkwrsvcs.dll
2009-01-10 16:02 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-10 15:55 52,224 a------- c:\windows\system32\fccdAtrq.dll
2009-01-10 15:53 1,260,593 ---sh--- c:\windows\system32\mnflrkfj.ini
2009-01-10 15:53 129,024 a------- c:\windows\system32\kawsne.dll
2009-01-10 15:53 129,024 a------- c:\windows\system32\clrclmmg.dll
2009-01-10 15:53 41,472 a------- c:\windows\system32\irajxjgc.dll
2009-01-10 15:52 551,878 a--sh--- c:\windows\system32\PAJlRXyb.ini2
2009-01-10 15:52 551,878 a--sh--- c:\windows\system32\PAJlRXyb.ini
2009-01-10 15:52 302,592 a------- c:\windows\system32\byXRlJAP.dll
2009-01-10 15:46 46,080 a------- c:\windows\system32\opnlkhiG.dll
2009-01-10 15:24 48,396 a------- c:\windows\UninstVeetleTVPlayer.exe
2009-01-09 08:56 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-09 08:56 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-05 11:04 <DIR> --d----- c:\program files\CricketSoft
2009-01-04 17:02 38,016 ac------ c:\windows\system32\dllcache\bthmodem.sys
2009-01-04 17:02 38,016 a------- c:\windows\system32\drivers\bthmodem.sys
2009-01-04 12:34 <DIR> --d----- c:\docume~1\sk\applic~1\Samsung
2009-01-04 12:28 174,592 a------- c:\windows\system32\framedyn.dll
2009-01-04 12:27 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-01-04 12:27 766 a------- c:\windows\system32\Uninstall.ico
2009-01-04 12:27 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-01-04 12:26 <DIR> --d----- c:\program files\Samsung
2009-01-03 16:38 25 a------- c:\windows\cdplayer.ini
2009-01-03 16:35 <DIR> --d----- c:\program files\common files\xing shared
2009-01-03 16:35 <DIR> --d----- c:\program files\common files\Real
2008-12-21 21:55 88 a------- c:\windows\FaceFun.INI
2008-12-21 21:00 528 ---shr-- c:\windows\PCGWIN32.LI4
2008-12-21 20:19 65,268 a---h--- c:\windows\system32\mlfcache.dat
2008-12-21 18:48 <DIR> --d----- c:\windows\system32\IOSUBSYS
2008-12-21 15:55 <DIR> --d----- c:\program files\TVAnts
2008-12-21 15:22 <DIR> --d----- c:\program files\sopcast
2008-12-17 10:27 40 a------- c:\windows\opt_1450.ini
2008-12-17 10:27 59 a------- c:\windows\brmx2001.ini
2008-12-17 10:27 410 a------- c:\windows\brwmark.ini
2008-12-17 10:26 30 a------- c:\windows\system32\brss01a.ini
2008-12-17 10:26 184 a------- c:\windows\system32\brsvc01a.bsi
2008-12-17 10:26 52 a------- c:\windows\BRPP2KA.INI
2008-12-17 10:17 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2008-12-17 10:17 25,856 a------- c:\windows\system32\drivers\usbprint.sys

==================== Find3M ====================

2009-01-10 22:09 16,599,328 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-10 22:09 225,476 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-03 16:21 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-12-12 21:47 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 10:37 659,456 a------- c:\windows\system32\wininet.dll

============= FINISH: 21:32:27.45 ===============

Attached Files


Edited by KoanYorel, 12 January 2009 - 05:51 PM.
to modify hot link URLs above


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 13 January 2009 - 07:50 AM

Hello Skelly99 and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 skelly99

skelly99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 14 January 2009 - 04:07 AM

Hi Thunder - thanks for the reply
Find attached the two log files after running the programs you suggested.

Please note I still am getting the firefox windows opened with sagispul.com URL. Here is an example URL from today.

http://sagipsul.com/go/?cmp=vm_mg_juan&...mp;cl=superjuan


Cheers, Steve

Attached Files


Edited by skelly99, 14 January 2009 - 08:46 AM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 14 January 2009 - 10:23 AM

Hello Steve,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/194654/infected-with-malware-type-unknown/
Collect::[9]
c:\windows\system32\opnlkhiG.dll
File::
c:\windows\system32\ffkuz.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the malware sample for further investigation. Please allow this if one of your security programs pops up a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :thumbsup:

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the Download button to the right of Java SE Runtime Environment (JRE) 6 Update 11 (first option).
  • Select your Platform (Windows version) and check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click "Continue" and the page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 skelly99

skelly99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 14 January 2009 - 05:10 PM

Hi
Combo fix log and DDS log attached. The automated upload seemed to work OK.
I will update my Java JRE now.
No sign of the any malware issues so far since the latest run of ComboxFix
Thanks, Steve

Attached Files



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:42 PM

Posted 14 January 2009 - 05:15 PM

Hello Steve,

For a moment there, you got me puzzled,
until I realised you posted an old DDS log. :thumbsup:

You ComboFix logs good. :)

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users