Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360 ad popup / Vundo Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 RhysPiper

RhysPiper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 26 February 2009 - 04:51 AM

constant popups and majority of websites blocked with following heading displayed: "Internet Explorer Warning - visiting this web site may harm your computer!"


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 19:57:59.75 on Thu 26/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.223 [GMT 11:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Owner\My Documents\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\infoaxe\updater.exe
C:\Program Files\A360\av360.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: infoaxe.com Toolbar: {2f8d500e-4546-45b7-9236-d4fd9850cf1c} - c:\program

files\infoaxe\ietb.dll
BHO: {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common

files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1

\symant~1\ids\IPSBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: &Research: {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\winconfig.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital

imaging\bin\hpdtlk02.dll
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common

files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: infoaxe.com Toolbar: {717edde0-444f-4ff0-b9c9-f60ec423e690} - c:\program

files\infoaxe\ietb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [Acme.PCHButton] c:\progra~1\myhppa~1\pavilion\xphapbf3en\plugin\bin\PCHButton.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [InfoaxeUpdater] c:\program files\infoaxe\updater.exe
uRun: [338A0473377B048436B76120CDCB5114] c:\program files\a360\av360.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}

\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [WinCinemaMgr] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [POINTER] point32.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EPSON Stylus CX3100] c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE /P19 "EPSON

Stylus CX3100" /O6 "USB001" /M "Stylus CX3100"
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [PCSuiteTrayApplication] c:\documents and settings\owner\my documents\nokia\nokia pc suite

6\LaunchApplication.exe -startup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\palmon~1.lnk - c:\program

files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program

files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program

files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program

files\updates from hp\137903\program\BackWeb-137903.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

c:\windows\system32\msjava.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program

files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [2005-11-15 7680]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE

[2008-2-19 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE

[2008-2-19 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE

[2008-2-19 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090225.056\NAVENG.SYS [2009-2-26 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090225.056\NAVEX15.SYS [2009-2-26

876144]
S3 bfastfao;bfastfao;\??\c:\docume~1\owner\locals~1\temp\bfastfao.sys --> c:\docume~1

\owner\locals~1\temp\bfastfao.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-2-9

1245064]

=============== Created Last 30 ================

2009-02-26 13:14 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-26 13:11 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-26 04:04 300,032 a------- c:\windows\system32\winconfig.dll
2009-02-26 04:02 <DIR> --d----- c:\program files\A360
2009-02-23 20:21 <DIR> --d----- c:\program files\infoaxe
2009-02-23 15:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-23 15:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-23 15:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-23 15:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-23 15:28 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-23 15:28 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-23 15:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-23 15:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-23 15:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-23 15:12 <DIR> --d----- c:\windows\network diagnostic
2009-02-21 18:15 <DIR> --d----- c:\documents and settings\owner\Phone Browser
2009-02-20 21:56 <DIR> --d----- c:\program files\common files\PCSuite
2009-02-20 21:56 <DIR> --d----- c:\program files\common files\Nokia
2009-02-20 21:56 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-02-20 21:55 12,288 a------- c:\windows\system32\drivers\nmwcdcj.sys
2009-02-20 21:55 12,288 a------- c:\windows\system32\drivers\nmwcdcm.sys
2009-02-20 21:55 8,320 a------- c:\windows\system32\drivers\nmwcdc.sys
2009-02-20 21:55 137,216 a------- c:\windows\system32\drivers\nmwcd.sys
2009-02-20 21:55 65,536 a------- c:\windows\system32\nmwcdcocls.dll
2009-02-20 21:55 90,624 a------- c:\windows\system32\nmwcdcls.dll
2009-02-19 12:42 5,632 a------- c:\windows\system32\ptpusb.dll
2009-02-19 12:41 159,232 a------- c:\windows\system32\ptpusd.dll
2009-02-19 12:35 <DIR> --d----- c:\program files\Canon
2009-02-19 12:35 <DIR> --d----- c:\program files\common files\Canon
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-09 16:59 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-02-09 16:45 <DIR> --d----- c:\program files\WinPcap
2009-02-09 16:34 <DIR> --d----- c:\windows\system32\N360_BACKUP
2009-02-09 15:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1

\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-09 15:08 <DIR> --d----- c:\program files\Norton 360
2009-02-09 15:06 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-09 15:06 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-09 15:06 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-09 15:06 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-02 21:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-02 17:12 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-02 17:11 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-02 17:11 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-02 16:11 <DIR> --d----- c:\program files\common files\Authentium Shared

==================== Find3M ====================

2009-02-20 16:46 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-02-02 16:12 98,031 a------- c:\windows\War3Unin.dat
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2007-06-12 23:51 18,040,176 a------- c:\program

files\Install_Messenger_nous.exe

============= FINISH: 19:59:01.92 ===============

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:30 AM

Posted 06 March 2009 - 07:44 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log (make sure notepad's word wrap is disabled), please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:30 AM

Posted 12 March 2009 - 02:03 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users