Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing this malware ( AntivirusPro2009)


  • Please log in to reply
1 reply to this topic

#1 El Motilon

El Motilon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 01 March 2009 - 05:28 PM

I got this malware out of no were, while listening to some music, and I don't know how to remove it. Someone please help me.

Herers the log::



DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 17:21:16.35 on Sun 03/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.880 [GMT -5:00]

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesDell AIO Printer A960dlbfbmgr.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDell AIO Printer A960dlbfbmon.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [Aim6] "c:program filesaim6aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Dell AIO Printer A960] "c:program filesdell aio printer a960dlbfbmgr.exe"
mRun: [Wkoge] rundll32.exe "c:windowsPbuqiper.dll",e
mRun: [SpySweeper] "c:program fileswebrootspy sweeperSpySweeperUI.exe" /startintray
mRun: [Jguhiyepete] rundll32.exe "c:windowsowarugugavopiwam.dll",e
dRunOnce: [RunNarrator] Narrator.exe
IE: Download &Flash Movies - c:program filesflash2xflash huntersave.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1ownerapplic~1mozillafirefoxprofilesfvxgt5b1.default
FF - plugin: c:documents and settingsownerapplication datamozillafirefoxprofilesfvxgt5b1.defaultextensionsflashplugin@idmplatformwinntpluginsnpidmdcp.dll
FF - plugin: c:documents and settingsownerapplication datamozillafirefoxprofilesfvxgt5b1.defaultextensionsmoveplayer@movenetworks.complatformwinnt_x86-msvcpluginsnpmnqmp071101000055.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: XUL Cache: {FD4C8519-7674-4DCF-A2E0-F0303F068051} - c:documents and settingsownerlocal settingsapplication data{fd4c8519-7674-4dcf-a2e0-f0303f068051}

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2008-6-27 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:program fileswebrootspy sweeperSpySweeper.exe [2008-5-18 3572592]
R3 DCamUSB20;Veo Web Camera;c:windowssystem32driversVeoMini20.sys [2008-5-18 122219]

=============== Created Last 30 ================

2009-03-01 17:18 134,144 a------- c:windowsowarugugavopiwam.dll
2009-03-01 16:59 <DIR> --d----- C:cmdcons
2009-03-01 16:56 161,792 a------- c:windowsSWREG.exe
2009-03-01 16:56 98,816 a------- c:windowssed.exe
2009-03-01 14:31 85,102 a------- c:windowssystem32drivers2703f74b.sys
2009-03-01 14:31 2 a------- C:1816318727
2009-03-01 14:30 39,936 a------- c:windowsPbuqiper.dll
2009-02-18 18:33 268 a---h--- C:sqmdata09.sqm
2009-02-18 18:33 244 a---h--- C:sqmnoopt09.sqmhttp://www.bleepingcomputer.com/forums/style_images/bc/folder_editor_images/rte-bold.png
2009-02-18 12:58 268 a---h--- C:sqmdata08.sqm
2009-02-18 12:58 244 a---h--- C:sqmnoopt08.sqm
2009-02-14 18:23 <DIR> --d----- c:windowssystem32LogFiles
2009-02-08 23:06 <DIR> --d----- c:docume~1ownerapplic~1Filter Forge
2009-02-08 23:05 <DIR> --d----- c:program filesRaybanMirror

==================== Find3M ====================

2009-02-19 17:43 11,690 ac-sh--- c:windowssystem32KGyGaAvL.sys
2008-08-06 20:18 56 ---shr-- c:windowssystem327A785DE3D4.sys

============= FINISH: 17:21:54.87 ===============


I got a black Desktop saying "WARNING" in hello letters. I couldnt open task mananger. or change anything.

I suddently, see these weird dll files and I cannot remove them, i dont even know if i got rid of the malware, but here are the names of the .dll files, how do I remove them?



Names:: PBUQUIPER.DLL


OWARUGUGAVOPIWAM.DLL

I googgle'ed the, and got nothing, so please help.

Merged topics then posts. ~ OB

Attached Files


Edited by Orange Blossom, 02 March 2009 - 05:45 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:28 PM

Posted 03 March 2009 - 04:50 PM

Hello El Motilon and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users