Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious Browser virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dante3241324

Dante3241324

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 28 January 2009 - 11:10 PM

Hi. Lately i've noticed that when I try to go to websites my browser is hijacked by things like yellowpages, and that some can't even be accessed. Malwarebytes found a lot of trojans and removed them, but the problems still persist. Malwarebytes also no longer detects any problems. (Possibly due to it being unable to update)

I can't update malwarebytes or any antivirus because the adware/virus prevents it from doing so. It has also taken my privileges on modifying the HOSTS, and there is indeed a "::1 localhost" entry in there that is malicious but i cannot remove it.

Edit: I have deleted the infected HOSTS file and replaced it with a fixed version of it, but the problems are still going on.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Edward at 23:03:37.26 on Wed 01/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1220 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Lenovo\HaloLighting\HaloLighting.exe
C:\Program Files\Second Display Control\WisAvCtrl.exe
C:\Program Files\Second Display Control\WisOSD.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Second Display Control\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Edward\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyCut_Utility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [HaloLighting] c:\program files\lenovo\halolighting\HaloLighting.exe
mRun: [WisAvCtrl] "c:\program files\second display control\WisAvCtrl.exe"
mRun: [WisOSD] "c:\program files\second display control\WisOSD.exe"
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Enqueue current page with Bulk Image Downloader - file://c:\users\edward\desktop\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\users\edward\desktop\iemenu\iebidlinkqueue.htm
IE: Open current page with Bulk Image Downloader - file://c:\users\edward\desktop\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\users\edward\desktop\iemenu\iebidlink.htm
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\edward\appdata\roaming\mozilla\firefox\profiles\6xq1klc4.default\
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-9-20 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2008-9-20 18048]
R3 ICOLOR;Lenovo icolor Controller Driver;c:\windows\system32\drivers\setool.sys [2008-9-20 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-28 15504]
R3 WisLMSvc;WisLMSvc;c:\program files\second display control\WisLMSvc.exe [2008-9-20 118784]
R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-28 170640]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-28 24652]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]

=============== Created Last 30 ================

2009-01-28 21:55 <DIR> --d----- c:\program files\CCleaner
2009-01-28 21:36 <DIR> --d----- c:\programdata\Lavasoft
2009-01-28 21:25 <DIR> --d----- c:\users\edward\appdata\roaming\Malwarebytes
2009-01-28 21:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-28 21:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 21:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-28 21:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 21:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-28 20:41 <DIR> --d----- c:\programdata\avg8
2009-01-28 20:41 <DIR> --d----- c:\program files\AVG
2009-01-28 20:41 <DIR> --d----- c:\progra~2\avg8
2009-01-28 19:59 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-28 19:53 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-01-28 18:47 <DIR> --d----- c:\users\edward\appdata\roaming\BID
2009-01-28 18:41 327 ---shr-- C:\autorun.inf
2009-01-28 17:46 <DIR> --d----- c:\users\edward\appdata\roaming\IrfanView
2009-01-28 17:46 <DIR> --d----- c:\program files\IrfanView
2009-01-28 17:28 <DIR> --d----- c:\program files\Steam
2009-01-28 17:28 <DIR> --d----- c:\program files\common files\Steam
2009-01-28 17:27 <DIR> --d----- c:\program files\uTorrent
2009-01-28 17:27 <DIR> --d----- c:\users\edward\appdata\roaming\uTorrent
2009-01-28 16:40 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-28 16:29 <DIR> --d----- c:\users\edward\Tracing
2009-01-28 16:19 <DIR> --d----- c:\programdata\Viewpoint
2009-01-28 16:19 <DIR> --d----- c:\progra~2\Viewpoint
2009-01-28 16:19 <DIR> --d----- c:\program files\Viewpoint
2009-01-28 16:19 <DIR> --d----- c:\programdata\acccore
2009-01-28 16:19 <DIR> --d----- c:\progra~2\acccore
2009-01-28 16:19 <DIR> --d----- c:\programdata\AOL OCP
2009-01-28 16:19 <DIR> --d----- c:\programdata\AOL
2009-01-28 16:19 <DIR> --d----- c:\program files\common files\AOL
2009-01-28 16:19 <DIR> --d----- c:\program files\AIM6
2009-01-28 16:19 367 a---h--- C:\IPH.PH
2009-01-28 16:17 <DIR> --d----- c:\program files\Microsoft
2009-01-28 16:16 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-28 16:15 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-28 16:12 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-28 16:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-28 16:03 428,544 a------- c:\windows\system32\EncDec.dll
2009-01-28 16:02 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-28 16:02 1,695,744 a------- c:\windows\system32\gameux.dll
2009-01-28 16:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-28 16:02 988,216 a------- c:\windows\system32\winload.exe
2009-01-28 16:02 927,288 a------- c:\windows\system32\winresume.exe
2009-01-28 16:02 615,992 a------- c:\windows\system32\ci.dll
2009-01-28 16:02 19,000 a------- c:\windows\system32\kd1394.dll
2009-01-28 16:02 378,368 a------- c:\windows\system32\srcore.dll
2009-01-28 16:02 318,464 a------- c:\windows\system32\rstrui.exe
2009-01-28 16:02 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-01-28 16:02 40,960 a------- c:\windows\system32\srclient.dll
2009-01-28 16:02 14,848 a------- c:\windows\system32\srdelayed.exe
2009-01-28 16:02 6,656 a------- c:\windows\system32\kbd106n.dll
2009-01-28 16:00 1,314,816 a------- c:\windows\system32\quartz.dll
2009-01-28 16:00 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-28 16:00 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-28 15:58 <DIR> --d-h--- c:\windows\PIF
2009-01-28 15:55 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-28 15:50 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-28 15:50 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-28 15:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-28 15:50 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-28 15:49 16 a------- c:\windows\system32\coh.cache
2009-01-28 15:46 <DIR> --d----- c:\users\edward\Bluetooth Software
2009-01-28 15:45 <DIR> --d----- c:\users\Edward

==================== Find3M ====================

2009-01-28 16:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-28 16:23 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-28 16:23 86,016 a------- c:\windows\inf\infstor.dat
2009-01-28 16:23 51,200 a------- c:\windows\inf\infpub.dat
2008-12-15 21:42 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-10-31 22:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 22:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 22:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 22:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 22:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:04:32.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Dante3241324

Dante3241324
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 30 January 2009 - 01:23 AM

Eh, disregard my problem. I reformatted my HDD and it wiped everything out.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:54 PM

Posted 30 January 2009 - 01:59 PM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users