Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Troj/Rustok-N


  • This topic is locked This topic is locked
2 replies to this topic

#1 laylani

laylani

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 26 January 2009 - 07:51 AM

I found out my family's computer has Troj/Rustok-N' spyware?malware? i dont know which or what the difference is but that it's some kind of infection and my computer is a victim. Yes, i was trying to go onto a porn-site when i found this out, but i found out even before this happened. with the same vitmax--or something---ad showing up every website i visit.
heres some examples;
- computer slows down real slowwwwwww then crashes (shuts off & dont wanna turn on)
- ads pop up every time i click
- porn site said so (IP address was blah blah blah infected with troj/rustok-n')
- i see it relates to others with the same infected virus...virus, is it?
I just want to cure my family's computer. I need help, so far I've followed through alright with this site.
Which is very detailed, i feel like a computer doctor!

Well I got to saving & posting the DDS file but as for the attach file (even after I saved it onto my desktop) I can't find it anywhere.
and now as I try to browse it---i can't find it!---thus, stopping me from uploadin' it. after clicking on the DDS Icon all it says now is,
"This tool does not your supoort your operating system
Press any key to continue"

DDS (Ver_09-01-19.01) - FAT32x86
Run by Family_3 at 2:16:59.89 on Mon 01/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.217 [GMT -10:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Family_2\AppData\Roaming\MySpace\IM\bin\MySpaceIM.exe
C:\Users\Family_2\AppData\Roaming\MySpace\IM\bin\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\baloon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Family_2\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8CA5ED52-F3FB-4414-A105-2E3491156990} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [CamWizard] c:\program files\common files\logitech\qcdrv\bin\CamWizard.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [c:\windows\system32\cfrog.exe] c:\windows\system32\cfrog.exe
mRun: [c:\windows\system32\baloon.exe] c:\windows\system32\baloon.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

============= SERVICES / DRIVERS ===============

R0 CLFS;Common Log (CLFS);c:\windows\system32\clfs.sys [2008-6-12 247352]
R0 Ecache;ReadyBoost Caching Driver;c:\windows\system32\drivers\ecache.sys [2008-6-12 143416]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-6-12 58936]
R0 msisadrv;ISA/EISA Class Driver;c:\windows\system32\drivers\msisadrv.sys [2008-6-12 16440]
R0 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2006-11-1 40040]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\drivers\dfsc.sys [2008-6-12 75264]
R1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-6-12 16384]
R3 bowser;Bowser;c:\windows\system32\drivers\bowser.sys [2008-6-12 69632]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys [2008-10-18 625152]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2008-6-12 181304]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\drivers\monitor.sys [2008-6-12 41984]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2008-6-12 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\drivers\mrxsmb10.sys [2008-11-12 212480]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\drivers\mrxsmb20.sys [2008-6-12 78848]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\drivers\nwifi.sys [2008-10-18 148480]
R3 NAVENG;NAVENG;c:\progra~2\symantec\defini~1\virusd~1\20070820.048\NAVENG.SYS [2007-11-20 81232]
R3 NAVEX15;NAVEX15;c:\progra~2\symantec\defini~1\virusd~1\20070820.048\NAVEX15.SYS [2007-11-20 865904]
R4 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\drivers\lltdio.sys [2008-6-12 47104]
R4 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-6-12 84480]
R4 PEAUTH;PEAUTH;c:\windows\system32\drivers\PEAuth.sys [2006-11-1 878080]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2006-11-1 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2006-11-1 5248]
S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\drivers\E1G60I32.sys [2006-11-2 117760]
S3 Filetrace;FileTrace;c:\windows\system32\drivers\filetrace.sys [2008-6-12 27648]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2007-11-20 180272]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\msrpc.sys [2008-6-12 163384]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2006-11-1 420968]
S4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2006-11-1 297576]
S4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2006-11-1 67688]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\BrSerId.sys [2006-11-1 71808]
S4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-11-1 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-11-1 12160]
S4 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2006-11-1 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2006-11-1 38912]
S4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2006-11-1 316520]
S4 HpCISSs;HpCISSs;c:\windows\system32\drivers\HpCISSs.sys [2006-11-1 37480]
S4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iaStorV.sys [2006-11-1 232040]
S4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2006-11-1 65536]
S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-1 35944]
S4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2006-11-1 65640]
S4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2006-11-1 65640]
S4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2006-11-1 65640]
S4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2006-11-1 28776]
S4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2006-11-1 78952]
S4 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2006-11-1 23144]
S4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2006-11-1 80488]
S4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-1 45160]
S4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-1 20608]

=============== Created Last 30 ================

2009-01-26 01:39 <DIR> --d----- c:\users\family_3\appdata\roaming\Malwarebytes
2009-01-26 01:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-26 01:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 01:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-26 01:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 01:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-21 10:01 137,042,921 a------- c:\windows\MEMORY.DMP
2009-01-03 13:36 <DIR> --d----- c:\users\family_3\appdata\roaming\Spare Backup
2009-01-03 13:36 <DIR> --d----- c:\users\family_3\appdata\roaming\Symantec
2009-01-03 13:34 <DIR> --d--r-- c:\users\family_3\Searches
2009-01-03 13:30 <DIR> --d--r-- c:\users\family_3\Contacts
2009-01-03 11:54 <DIR> --d-h--- c:\users\family_3\AppData
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Videos
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Saved Games
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Pictures
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Music
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Links
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Downloads
2009-01-03 11:54 <DIR> --d--r-- c:\users\family_3\Documents
2009-01-03 11:54 <DIR> --d----- c:\users\family_3\Roaming
2009-01-03 11:54 <DIR> --d----- c:\users\Family_3
2008-12-31 22:43 <DIR> --dshr-- C:\resycled
2008-12-31 22:43 255 ---shr-- C:\autorun.inf
2008-12-28 13:50 <DIR> --d----- c:\programdata\Xfire
2008-12-28 13:50 <DIR> --d----- c:\progra~2\Xfire
2008-12-28 13:10 2,297,552 a------- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2009-01-03 11:58 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-03 11:58 86,016 a------- c:\windows\inf\infstor.dat
2009-01-03 11:58 51,200 a------- c:\windows\inf\infpub.dat
2008-12-11 10:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-31 17:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 17:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 17:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 17:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 17:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 17:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 15:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-28 20:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-18 12:12 174 a--sh--- c:\program files\desktop.ini
2008-10-18 12:00 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 02:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 02:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 02:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 02:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-01 23:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-01 23:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-01 23:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-01 23:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:22:05.41 ===============

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 03 February 2009 - 07:07 AM

Hi

If you still need help with this post a fresh dds report, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 09 February 2009 - 07:38 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users