Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware/virus named 'Troj/Rustok-N' blocking updates


  • This topic is locked This topic is locked
1 reply to this topic

#1 soylentgreen1701

soylentgreen1701

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 18 February 2009 - 01:37 AM

a week and a half ago - 2 weeks the computer started acting wierd. specifically, it was getting slower & the left button on the mouse stopped working on a few websites when it was used to open a link. we've had to start right clicking on things & select from the pop-up scroll. over this time, fewer & fewer websites are enabling us to use the mouse left button. I also saw that updates from mcafee and defender stopped getting through, as well as the updates from microsoft. the computer would state that it was installing updates, go through the procedures, & then state "updates were not configured correctly. reverting changes." it has done that for windows updates every day. i went to the mcafee site to manually download updates & when i got to the last link, i got the google message "oops! this link appears broken - page not found - connection failure" when i went to the microsoft site to download updates, i got "404 not found. requested url was not found on this server." 3 days ago mcafee has been popping up saying that i need to re-install the entire program. windows defender cannot check for updates either, nor can it be manually downloaded. i get"error code 0x80244019 - cannot connect to site to manually install updates." also, often when we navigate, web pages that we had no intention on going to end up as our destination. most of the time they are pornographic, but not always. that's when i got this message from one of the sites:

Your computer (IP: 173.55.76.164) generates an attacking DOS requests at our servers.

This attack was provoked by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes

as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary,

check it for the latest updates available.

You may also download recommended software, which has been approved

by a number of our surfers who encountered the same problem and used

this software to overcome it.

Make sure your computer is protected before continue browsing.

Without this antivirus software your computer becomes a pushover for hackers.

Leaving computer unprotected may lead to:
- Computer performance slowdown and operating system crash
- Serious drop of traffic caused by hidden advertising
- Leak of personal and credit card information
- The inappropriate use of your personal photos by web sites
- Using you machine as a source for spam spreading
- Infection spreading to other removable devices such as
memory cards, writable CD and DVD disks
- Getting your cell phone infected through USB. The first sign
of infection in your cell phone device will appear as sms-messages sent to paid numbers
- etc

Make sure you use effective antivirus software. We recommend you to check your computer

right now and the software that have already helped thousands of our visitors.



Find more comments on the software at: aumhaphpbb.com

the site then directed me to install "WINIAMP" as my virus/spyware. i did not do that.

here is what i got from the DDS scan. only 1 notepad window appeared.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Dickey at 21:53:10.15 on Tue 02/17/2009
Internet Explorer: 7.0.6000.16757
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2037.976 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k nfrsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dickey\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:7070
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: TBSB07183 Class: {6c621f09-dff3-415a-b7d1-142678efeb34} - c:\program files\fast browser search\ie\FBStoolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Fast Browser Search: {c2dca7eb-22d2-4fd2-86a9-f99fcc8122bb} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FBSearch] c:\program files\fast browser searchp\FastBrowserSearchProtection.exe
mRun: [NSWatchDog] c:\windows\NSWATC~1.EXE &PT=MP&MI=60273502724&OS=Microsoft_Windows_Vista_version_6.0
mRun: [c:\windows\system32\baloon.exe] c:\windows\system32\baloon.exe
mRun: [promo.exe] c:\windows\system32\promo.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: torrentportal.com\www
Trusted Zone: utorrent.com\www
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {33FA6CA2-C705-45E5-9DE2-3E35819F507E} = 85.255.112.39,85.255.112.40
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 nfr.sys;nfr.sys;c:\windows\system32\drivers\nfr.sys [2009-2-17 9600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-5-12 78104]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-15 206096]
R2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2006-11-2 22016]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-12 356920]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-20 24652]
S2 gupdate1c98d30b66d6f36;Google Update Service (gupdate1c98d30b66d6f36);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-25 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-17 14:39 0 a------- c:\windows\system32\drivers\nfr.dll.gpref
2009-02-17 14:20 9,600 a------- c:\windows\system32\drivers\nfr.sys
2009-02-17 14:19 0 a------- c:\windows\system32\drivers\nfr.dll.assembly
2009-02-17 14:19 12,804 a------- c:\windows\system32\drivers\nfr.dll
2009-02-17 06:46 445 ---shr-- C:\autorun.inf
2009-02-16 05:54 14,272 a------- c:\windows\system32\b869ackzo5r2522.cpl
2009-02-16 04:35 16,585 a------- c:\windows\system32\29434h5zktool67e.ocx
2009-02-16 01:51 17,995 a------- c:\windows\system32\1c2zthief9593.cpl
2009-02-16 00:43 5,136 a------- c:\windows\system32\99140z5rm527.dll
2009-02-15 20:21 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-02-15 17:08 <DIR> --d----- c:\programdata\SiteAdvisor
2009-02-15 15:12 876,544 a------- c:\windows\system32\TEACico2.dll
2009-02-13 14:42 5,129 a------- c:\windows\system32\5b5fsp95zre2761.ocx
2009-02-12 09:46 <DIR> --d----- c:\programdata\Adobe
2009-02-12 08:43 <DIR> --d----- c:\users\dickey\appdata\roaming\PC Tools
2009-02-12 08:43 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-12 08:39 <DIR> --d----- c:\programdata\Google Updater
2009-02-12 00:46 <DIR> --d----- c:\users\dickey\appdata\roaming\AntiSpywareDAT
2009-02-12 00:46 <DIR> --d----- c:\program files\Security Scanner Full
2009-02-11 20:59 <DIR> --d----- c:\program files\DivX
2009-02-09 18:33 7,540 a------- c:\windows\system32\65c1ad9waze2605.ocx
2009-02-09 10:58 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-02-09 10:58 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-02-09 10:58 <DIR> --d----- c:\users\dickey\appdata\roaming\SUPERAntiSpyware.com
2009-02-09 10:58 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-09 10:57 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-09 09:38 43 a------- c:\windows\av_affiliate.ini
2009-02-09 09:38 120 a------- c:\windows\as_affiliate.ini
2009-02-09 09:12 8,704 a------- c:\windows\system32\rasha.exe
2009-02-09 03:48 4,599 a------- c:\windows\8460tr9j45z.cpl
2009-02-08 22:56 <DIR> --d----- c:\program files\Any Video Converter
2009-02-08 18:17 4,340 a------- c:\windows\system32\2fb1backdooz1095.ocx
2009-02-07 20:40 7,373 a------- c:\windows\11303spam95t5ze.ocx
2009-02-06 22:03 8,193 a------- c:\windows\system32\817threat589z.bin
2009-02-06 20:47 13,267 a------- c:\windows\system32\4955vzr2540.cpl
2009-02-06 15:04 <DIR> --d----- c:\program files\VS Revo Group
2009-02-06 09:53 283,966,797 a------- c:\windows\MEMORY.DMP
2009-02-04 23:19 3,015 a------- c:\windows\5214t9reat298z8.exe
2009-02-04 16:25 <DIR> --d----- c:\program files\coolplay
2009-02-04 13:33 8,848 a------- c:\windows\system32\6447szywa9e1752.cpl
2009-02-04 11:51 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-04 11:51 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-04 11:51 34,799,616 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-02-03 15:26 <DIR> --d----- c:\program files\uTorrent
2009-02-03 12:50 <DIR> --d----- c:\program files\VideoLAN
2009-01-29 08:39 <DIR> --d----- c:\program files\Selectsoft
2009-01-29 08:39 <DIR> --d----- c:\program files\OXXOGames
2009-01-28 19:07 <DIR> --d----- c:\programdata\PlayFirst
2009-01-28 15:06 2,965 a------- c:\windows\15759trojz8b.ocx
2009-01-27 17:05 2,601 a------- c:\windows\95z5spy598.bin
2009-01-26 21:44 6,391 a------- c:\windows\48359zar5e453.exe
2009-01-23 12:32 <DIR> --d----- c:\program files\Bonjour
2009-01-22 13:06 13,205 a------- c:\windows\d35z9yware2779.bin
2009-01-21 21:31 14,998 a------- c:\windows\z75fspyware7279.cpl
2009-01-21 19:25 11,104 a------- c:\windows\29866h9c5tool5cz.bin
2009-01-21 12:29 15,448 a------- c:\windows\9600vzrus7e95.exe
2009-01-21 01:38 17,915 a------- c:\windows\756ado9nloader30z0.cpl
2009-01-20 18:31 <DIR> --d----- c:\program files\Fast Browser SearchP
2009-01-20 18:30 <DIR> --d----- c:\program files\Fast Browser Search

==================== Find3M ====================

2009-02-17 07:13 5,378 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-16 19:40 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-02-16 19:40 20 ----h--- c:\programdata\PKP_DLds.DAT
2009-02-16 19:40 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-02-16 19:40 20 ----h--- c:\progra~2\PKP_DLds.DAT
2009-02-16 17:44 174 a--sh--- c:\program files\desktop.ini
2009-02-15 15:15 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-15 15:15 51,200 a------- c:\windows\inf\infpub.dat
2009-02-15 15:15 86,016 a------- c:\windows\inf\infstor.dat
2009-02-09 09:13 17,249 a------- c:\windows\system32\6935thief2z48.dll
2009-02-05 13:22 17,709 a------- c:\windows\system32\718page.dat
2009-01-26 11:25 155,648 a------- c:\windows\system32\Phanfare Screensaver.scr
2009-01-15 21:16 18,367 a------- c:\windows\5571trz595e.dll
2009-01-12 22:18 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-12 11:31 3,874 a------- c:\windows\system32\5a0cback9zor1594.bin
2009-01-10 14:45 11,536 a------- c:\windows\609zddware5997.dll
2009-01-08 21:25 12,634 a------- c:\windows\system32\46vir15z9.bin
2009-01-07 04:20 5,735 a------- c:\windows\system32\659ztroj38c.exe
2009-01-06 09:16 15,999 a------- c:\windows\29f7virz553.exe
2009-01-05 14:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-26 09:40 14,327 a------- c:\windows\system32\9805spz57.bin
2008-12-25 04:50 12,114 a------- c:\windows\6c01bac95ozr905.exe
2008-12-23 11:46 5,011 a------- c:\windows\9635troz3b.dll
2008-12-22 16:14 5,990 a------- c:\windows\system32\6476no5-a9viruz59b.exe
2008-12-19 16:09 2,588 a------- c:\windows\system32\593spy330z.bin
2008-12-17 07:45 7,500 a------- c:\windows\system32\9839zir2951.dll
2008-12-13 10:48 15,021 a------- c:\windows\9z475roj992.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-12 08:45 10,028 a------- c:\windows\system32\93765not-a-vi5us69dz.exe
2008-12-11 16:50 3,056 a------- c:\windows\4a5ethief3191z.bin
2008-12-10 16:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 16:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 18:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 18:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 18:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 18:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-12-07 21:02 11,739 a------- c:\windows\z1c35ir9212.exe
2008-12-07 07:18 11,333 a------- c:\windows\system32\z20e5ddware901.exe
2008-12-06 22:50 16,634 a------- c:\windows\system32\56z5v9r784.exe
2008-12-03 01:59 3,542 a------- c:\windows\2954backzoor2750.bin
2008-11-28 13:40 6,001 a------- c:\windows\58czv592651.exe
2008-11-21 06:25 14,871 a------- c:\windows\system32\7599steal1z4.dll
2008-11-20 16:46 12,741 a------- c:\windows\system32\29758zp9185.exe
2008-11-20 00:39 17,157 a------- c:\windows\2000zhackt9ol265.exe
2008-05-22 13:12 6,820,032 a------- c:\users\dickey\phanfare_setup.exe
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-01 06:45 88 a--shr-- c:\windows\system32\2538829589.sys
2008-03-03 09:36 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-03-03 09:36 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-03 09:36 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:54:09.89 ===============

i know you're going to need more details & i'll be as detailed as possible.

Thanks
soylentgreen1701
"Look pal, the only thing you're in charge of is Jack and $h!t....and Jack left town."
-Ash, Army of Darkness

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 18 February 2009 - 06:24 AM

Duplicate post.. Closed..

http://www.bleepingcomputer.com/forums/t/204433/spywarevirus-named-trojrustok-n-blocking-updates/

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users