Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please, Infected with a dangerous Virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 ifatkid

ifatkid

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 19 January 2009 - 02:59 PM

EDIT: Nvm, I"m resorting to reformat, since I have to do typed essays for schoolwork. Close this, although it be'd nice to know how I got this virus for future safety. Thank you.



From another one of my threads, a global moderator was kind enough to lead me to this section where I can receive some help for this "very dangerous" virus.

The thread: http://www.bleepingcomputer.com/forums/t/196116/help-ive-been-infected-with-win32delfuc/

Here is my DDS

DDS (Ver_09-01-18.01) - NTFSx86
Run by Huang Han Lin at 11:52:13.01 on Mon 01/19/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.624 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe C:\WINDOWS\TEMP\VRRD.tmp
D:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Huang Han Lin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Google plugin: {89f2c12a-027a-4de3-88f6-9f31a1c0f17c} - xwa.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
dRun: [vbwalahj.exe] c:\windows\vbwalahj.exe
dRun: [ragygwmj.exe] c:\windows\ragygwmj.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: sbfxi - sbfxi.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 110080]
S1 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
Unknown4 surrd;surrd; [x]

=============== Created Last 30 ================

2009-01-19 11:44 45,568 a------- c:\windows\system32\xwa.dll
2009-01-19 11:42 45,568 a------- c:\windows\system32\xlk.dll
2009-01-19 11:42 1 a------- c:\windows\system32\rs
2009-01-19 11:42 0 a------- c:\windows\system32\surrd.sys
2009-01-18 20:30 0 a------- c:\windows\system32\a9k.bin
2009-01-18 17:11 23,657 a------- c:\windows\system32\sbfxi.dll
2009-01-18 15:39 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-18 15:39 --d----- c:\program files\SUPERAntiSpyware
2009-01-18 15:39 --d----- c:\docume~1\huangh~1\applic~1\SUPERAntiSpyware.com
2009-01-18 15:38 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-18 13:11 --d----- c:\docume~1\huangh~1\applic~1\Malwarebytes
2009-01-18 13:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 13:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 13:11 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 13:11 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-17 14:54 42,496 a------- c:\windows\system32\13.tm_
2009-01-17 14:41 --d----- c:\program files\common files\Sonic
2009-01-17 14:40 143,414 a------- c:\windows\dla.exe
2009-01-17 14:40 87,136 a------- c:\windows\system32\drivers\drvmcdb.sys
2009-01-17 14:40 61,498 a------- c:\windows\system32\tfswapi.dll
2009-01-17 14:40 40,544 a------- c:\windows\system32\drivers\drvnddm.sys
2009-01-17 14:40 23,545 a------- c:\windows\system32\drivers\ssrtln.sys
2009-01-17 14:40 5,627 a------- c:\windows\system32\drivers\sscdbhk5.sys
2009-01-17 14:40 --d----- c:\windows\system32\dla
2009-01-17 14:40 --d----- c:\program files\Sonic
2009-01-17 14:35 7 a------- c:\windows\system32\nar.bin
2009-01-17 14:32 264 a------- c:\windows\wininit.ini
2009-01-17 12:53 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-17 12:20 --d----- c:\windows\system32\appmgmt
2009-01-17 09:42 23,657 a------- c:\windows\system32\sbfxi.dl_
2009-01-16 23:28 29,184 a------- c:\windows\system32\A46.tmp
2009-01-16 22:36 --d----- c:\docume~1\huangh~1\applic~1\LimeWire
2009-01-16 22:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 22:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-16 22:33 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-01-16 22:33 39,424 a------- c:\windows\system32\reader_s.tmp
2009-01-16 22:33 39,424 a------- c:\documents and settings\huang han lin\reader_s.exe
2009-01-16 22:33 163,492 a------- c:\windows\system32\9E9.tmp
2009-01-16 18:55 --d----- c:\docume~1\huangh~1\applic~1\Megaupload
2009-01-12 19:43 --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-12 18:02 --d----- c:\program files\SCORE-HIGH
2009-01-12 18:01 1,046,288 a---h--- c:\windows\system32\Msjet35.dll
2009-01-12 18:01 570,128 a---h--- c:\windows\system32\Dao350.dll
2009-01-12 18:01 415,504 a---h--- c:\windows\system32\Msrepl35.dll
2009-01-12 18:01 252,176 a---h--- c:\windows\system32\Msrd2x35.dll
2009-01-12 18:01 198,848 a---h--- c:\windows\system32\Mci32.ocx
2009-01-12 18:01 140,488 a---h--- c:\windows\system32\Comdlg32.ocx
2009-01-12 18:01 123,664 a---h--- c:\windows\system32\Msjint35.dll
2009-01-12 18:01 118,784 a---h--- c:\windows\system32\Msstdfmt.dll
2009-01-12 18:01 101,888 a---h--- c:\windows\system32\Vb6stkit.dll
2009-01-12 18:01 89,360 a---h--- c:\windows\system32\Vb5db.dll
2009-01-12 18:01 77,824 a---h--- c:\windows\system32\Msbind.dll
2009-01-12 18:01 24,848 a---h--- c:\windows\system32\Msjter35.dll
2009-01-11 16:46 --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-01-11 16:36 --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-01-11 16:36 --d----- c:\program files\common files\AOL
2009-01-11 16:36 --d----- c:\program files\AIM6
2009-01-11 16:36 824 a---h--- C:\IPH.PH
2009-01-11 16:16 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-11 16:16 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-01-11 16:16 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-11 16:16 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-01-11 16:16 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-01-11 16:16 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-01-11 16:15 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-11 16:14 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-11 16:14 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-11 16:14 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-11 16:14 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-11 16:14 3,067,904 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-01-11 16:13 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-11 16:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-11 16:12 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-11 16:12 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-11 16:12 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-11 16:12 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-11 16:05 --d----- c:\windows\system32\scripting
2009-01-11 16:05 --d----- c:\windows\system32\en
2009-01-11 16:05 --d----- c:\windows\system32\bits
2009-01-11 16:05 --d----- c:\windows\l2schemas
2009-01-11 16:04 --d----- c:\windows\ServicePackFiles
2009-01-11 16:02 --d----- c:\windows\network diagnostic
2009-01-11 15:55 327,040 -------- c:\windows\system32\drivers\ati2mtaa.sys
2009-01-11 15:48 --d----- c:\windows\system32\PreInstall
2009-01-11 15:48 --d-h--- c:\windows\$hf_mig$
2009-01-11 15:46 376 a------- c:\windows\ODBC.INI
2009-01-11 15:46 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-01-11 15:46 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-01-11 15:46 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-11 15:46 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-01-11 15:46 --d----- c:\windows\system32\SoftwareDistribution
2009-01-11 15:45 --ds---- c:\documents and settings\huang han lin\UserData
2009-01-11 15:44 --d----- c:\windows\ShellNew
2009-01-11 15:39 180,770 ac------ c:\windows\system32\dllcache\c_20932.nls
2009-01-11 15:38 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-01-11 15:38 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-01-11 15:38 53,248 a----r-- c:\windows\system32\mhwt.dll
2009-01-11 15:38 34,293 a----r-- c:\windows\system32\IntelCci.dll
2009-01-11 15:38 172,032 a----r-- c:\windows\system32\intelmoh.dll
2009-01-11 15:38 61,157 a----r-- c:\windows\system32\drivers\IntelC53.sys
2009-01-11 15:38 37,048 a----r-- c:\windows\system32\drivers\mohfilt.sys
2009-01-11 15:38 1,233,525 a----r-- c:\windows\system32\drivers\IntelC51.sys
2009-01-11 15:38 647,929 a----r-- c:\windows\system32\drivers\IntelC52.sys
2009-01-11 15:35 --d----- c:\program files\Modem Helper
2009-01-11 15:34 1,902 -------- c:\windows\system32\SetupBD.din
2009-01-11 15:34 155,648 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-01-11 15:34 204,800 a------- c:\windows\system32\Prounstl.exe
2009-01-11 15:34 155,648 a------- c:\windows\system32\drivers\e100b325.sys
2009-01-11 15:34 36,864 a------- c:\windows\system32\e100bmsg.dll
2009-01-11 15:34 19,456 a------- c:\windows\system32\IntelNic.dll
2009-01-11 15:34 5,110 a------- c:\windows\system32\e100b325.din
2009-01-11 15:34 --d----- C:\drvrtmp
2009-01-11 15:33 --d----- c:\program files\SigmaTel
2009-01-11 15:32 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-01-11 15:32 --d----- c:\program files\ATI Technologies
2009-01-11 15:30 --d----- c:\windows\system32\ReinstallBackups
2009-01-11 15:30 --d----- c:\windows\system32\vmm32
2009-01-11 15:29 --d----- c:\program files\Dell
2009-01-11 15:26 --d----- c:\windows\RegisteredPackages
2009-01-11 15:22 --d----- c:\windows\system32\URTTemp
2009-01-11 15:22 --d----- c:\program files\RGB
2009-01-11 15:20 --d----- c:\program files\DIGStream
2009-01-11 15:20 --d----- c:\program files\ESPNMotion
2009-01-11 15:20 --d----- c:\program files\GemMaster
2009-01-11 15:20 --d----- c:\program files\EnglishOtto
2009-01-11 15:17 --d----- c:\documents and settings\Huang Han Lin
2009-01-11 15:14 --ds---- c:\windows\system32\Microsoft
2009-01-11 14:51 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-11 14:49 10,240 ac------ c:\windows\system32\dllcache\snmpstup.dll
2009-01-11 14:48 67,072 ac------ c:\windows\system32\dllcache\convlog.exe
2009-01-11 14:47 --d----- C:\DELL
2009-01-11 14:47 2,577 a------- c:\windows\system32\CONFIG.NT
2009-01-11 14:47 0 a------- c:\windows\control.ini
2009-01-11 14:47 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-11 14:47 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-11 14:47 316,640 a------- c:\windows\WMSysPr9.prx
2009-01-11 14:46 --dsh--- c:\documents and settings\all users\DRM
2009-01-11 14:46 --d-h--- c:\program files\WindowsUpdate
2009-01-11 14:45 --d----- c:\program files\common files\MSSoap
2009-01-11 14:43 --d----- c:\program files\Online Services
2009-01-11 14:43 --d----- c:\program files\Windows Plus
2009-01-11 14:42 --d----- c:\program files\Messenger
2009-01-11 14:42 --d----- c:\program files\MSN Gaming Zone
2009-01-11 14:41 --d----- c:\program files\Windows NT
2009-01-11 06:28 --d----- c:\program files\common files\ODBC
2009-01-11 06:28 --d----- c:\program files\common files\SpeechEngines
2009-01-11 06:28 --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-16 22:33 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-01-11 16:08 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-11 15:46 5,058 a------- c:\windows\help\hhcolreg.dat
2009-01-11 14:43 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 11:52:30.76 ===============

Attached Files


Edited by ifatkid, 19 January 2009 - 09:52 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:14 PM

Posted 30 January 2009 - 08:13 AM

Closing this threadbecause of this:

EDIT: Nvm, I"m resorting to reformat, since I have to do typed essays for schoolwork. Close this, although it be'd nice to know how I got this virus for future safety. Thank you.


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users