Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"71 Infections Have Been Identified in Your System"


  • Please log in to reply
1 reply to this topic

#1 singlestrike

singlestrike

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 06 March 2009 - 10:22 PM

As the topic title suggests, I am in need of some extreme help. I am a bit of a newbie when it comes down to this sort of thing, but I can follow directions very, very well. Anyway, allow me to list the "symptoms" my computer is experiencing (the ones I remember, anyway):

1.) Shutdown in 60 seconds (possibly blaster or sasser variant, but I abort the shutdowns)
2.) Many processes do not commence on start-up
3.) When scanning with McAfee I usually cannot make it too far into the scan without the scan canceling or without my getting the BSOD as result of a memory dump.
4.) My svchost.exe process endlessly replicates itself, and I have to cancel many duplicates of the process until its reproduction "calms down" enough so that I can actually use applications like firefox. Even then I must periodically end the multiple svchost.exe processes.
5.) Prevx CSI 3.0 trial version initially identified 85 individual threats, but after the many failed McAfee scans, successful Spybot S&D scans as well as a successful Avast boot-up scan, that number has fallen to a jaw-dropping 71 infections.
6.) Most of the infections seem to be within my system files, for when my anti malware programs scanned in that region the numbers of infections shot up. Even so, there are many scattered infections about.
7.) Random iexplorer processes pop up at different times.

Now there are many other things, but they slip my memory given the multiple issues I am experiencing. Here also are screenshots (in order) of what Prevx CSI 3.0 has detected, and please disregard the embarrassing inability to crop that I have:

http://i163.photobucket.com/albums/t292/si.../SS1OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS2OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS3OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS4OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS5OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS6OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS7OFPREVX.jpg

http://i163.photobucket.com/albums/t292/si.../SS8OFPREVX.jpg

Thank you so much for the help, guys!
-----------------------------------------

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:28:07.00 on Fri 03/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.303 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090306-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe C:\WINDOWS\TEMP\VRT7.tmp
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\reader_s.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Owner\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: N/A: {0a94b116-4504-4e26-ab05-e61e474aa38b} - c:\program files\askpbar\srchastt\1.bin\A9SRCHAS.DLL
BHO: Google plugin: {684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} - kjsvc32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {cd131136-f0bc-40fe-a18b-24d50462d457} - c:\windows\system32\zitosaba.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Aim6]
uRun: [DW4]
uRun: [<NO NAME>]
uRun: [reader_s] c:\documents and settings\owner\reader_s.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [<NO NAME>]
mRun: [services] c:\windows\services.exe
mRun: [yakasimuke] Rundll32.exe "c:\windows\system32\guvutoho.dll",s
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [CPM1f787e0f] Rundll32.exe "c:\windows\system32\timikeze.dll",a
dRun: [iLike] c:\program files\ilike\1.1.51\ilikesidebar.exe /checkforupdate
dRun: [tolwtmbx.exe] c:\windows\tolwtmbx.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: imdds.dll
Trusted Zone: bleachportal.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
Notify: yayWoLby - yayWoLby.dll
AppInit_DLLs: c:\windows\system32\timikeze.dll,c:\windows\system32\ludiyofu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\timikeze.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\timikeze.dll
SEH: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - No File
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\yayWoLby.dll
LSA: Authentication Packages = msv1_0 nwprovau c:\windows\system32\ljJBqnNg
LSA: Notification Packages = scecli c:\windows\system32\ludiyofu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4rfmo13t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://psu.com/
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4rfmo13t.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-5 22536]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-6 114768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-20 201320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-6 138680]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-20 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 116736]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-8-20 144704]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-6 352920]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-20 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-20 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-20 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-20 40488]
S1 ethjcjul;ethjcjul;c:\windows\system32\drivers\ethjcjul.sys [2009-3-5 136128]
S2 0157151236388561mcinstcleanup;McAfee Application Installer Cleanup (0157151236388561);c:\windows\temp\015715~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015715~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 download02;Remote Access;c:\windows\system32\svchost.exe -k netsvcs [2005-4-13 14336]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-20 33832]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S4 Abpsevadn;Abpsevadn;c:\windows\system32\lodctr.exe [2005-4-13 22528]
S4 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-3-5 4150840]

=============== Created Last 30 ================

2009-03-06 21:16 25,601 a------- c:\windows\system32\2A.tmp
2009-03-06 21:16 80 a------- c:\windows\system32\29.tmp
2009-03-06 20:10 0 a------- c:\windows\system32\28.tmp
2009-03-06 20:10 1 a------- c:\windows\system32\bb1.dat
2009-03-06 18:19 1 a------- c:\windows\system32\tb.dr
2009-03-06 18:13 1 a------- c:\windows\system32\rc.dat
2009-03-06 18:13 1 a------- c:\windows\system32\ps1.dat
2009-03-06 18:13 1 a------- c:\windows\system32\cs.dat
2009-03-06 18:13 1 a------- c:\windows\system32\cookie1.dat
2009-03-06 17:22 72,192 a------- c:\windows\system32\Dr.exe
2009-03-06 17:15 24,577 a------- c:\windows\system32\27.tmp
2009-03-06 17:15 80 a------- c:\windows\system32\26.tmp
2009-03-06 16:42 <DIR> --d----- c:\program files\Trend Micro
2009-03-06 16:31 38,913 a------- c:\windows\services.ex_
2009-03-06 16:31 80 a------- c:\windows\system32\25.tmp
2009-03-06 15:48 25,601 a------- c:\windows\system32\24.tmp
2009-03-06 15:48 80 a------- c:\windows\system32\23.tmp
2009-03-06 15:47 44,032 a------- c:\windows\system32\kjsvc32.dll
2009-03-06 14:50 128 a------- c:\windows\adobe.bat
2009-03-06 14:49 24,577 a------- c:\windows\system32\22.tmp
2009-03-06 14:49 80 a------- c:\windows\system32\21.tmp
2009-03-06 14:32 24,577 a------- c:\windows\system32\20.tmp
2009-03-06 14:32 80 a------- c:\windows\system32\1F.tmp
2009-03-06 14:32 129,024 a--sh--- c:\windows\system32\igvmux.dll
2009-03-05 23:00 24,577 a------- c:\windows\system32\30.tmp
2009-03-05 22:58 161,792 a------- c:\windows\system32\1C.tmp
2009-03-05 22:58 124 a------- c:\windows\system32\1A.tmp
2009-03-05 22:51 39,424 a------- c:\windows\system32\nnnnMCUk.dll
2009-03-05 22:20 22,536 a------- c:\windows\system32\drivers\pxscan.sys
2009-03-05 22:20 <DIR> --d----- c:\program files\Prevx
2009-03-05 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-03-05 22:14 15,481 a------- c:\windows\system32\19.tmp
2009-03-05 22:14 124 a------- c:\windows\system32\18.tmp
2009-03-05 22:09 38,913 a------- c:\windows\system32\1E.tmp
2009-03-05 22:09 29,184 a------- c:\windows\fprbikzj.exe
2009-03-05 22:07 161,792 a------- c:\windows\system32\16.tmp
2009-03-05 22:07 124 a------- c:\windows\system32\15.tmp
2009-03-05 22:03 81,169 a------- c:\windows\system32\14.tmp
2009-03-05 22:03 124 a------- c:\windows\system32\13.tmp
2009-03-05 21:35 56,893 a------- c:\windows\system32\12.tmp
2009-03-05 21:35 124 a------- c:\windows\system32\10.tmp
2009-03-05 21:33 25,601 a------- c:\windows\system32\11.tmp
2009-03-05 21:33 161,792 a------- c:\windows\system32\F.tmp
2009-03-05 21:33 124 a------- c:\windows\system32\E.tmp
2009-03-05 21:31 25,601 a------- c:\windows\system32\D.tmp
2009-03-05 21:31 161,792 a------- c:\windows\system32\B.tmp
2009-03-05 21:31 0 a------- c:\windows\system32\C.tmp
2009-03-05 21:31 124 a------- c:\windows\system32\A.tmp
2009-03-05 21:28 25,601 a------- c:\windows\system32\1B.tmp
2009-03-05 21:26 161,792 a------- c:\windows\system32\9.tmp
2009-03-05 21:26 124 a------- c:\windows\system32\8.tmp
2009-03-05 21:23 24,049 a------- c:\windows\system32\1D.tmp
2009-03-05 21:22 124 a------- c:\windows\system32\17.tmp
2009-03-05 20:24 129,024 a--sh--- c:\windows\system32\dvfwbv.dll
2009-03-05 20:22 33,280 a------- c:\windows\system32\reader_s.exe
2009-03-05 20:22 33,280 a------- c:\documents and settings\owner\reader_s.exe
2009-03-05 20:22 24,577 a------- c:\windows\system32\25D.tmp
2009-03-05 20:22 136,128 a------- c:\windows\system32\drivers\ethjcjul.sys
2009-03-05 20:21 11,264 a------- c:\windows\system32\imdds.dll
2009-03-05 20:21 <DIR> --d----- c:\program files\Zito
2009-03-05 20:20 <DIR> --d----- c:\docume~1\owner\applic~1\Messenger
2009-03-05 20:20 <DIR> --d----- c:\docume~1\owner\applic~1\nidle
2009-03-05 20:20 100 a------- c:\windows\system32\wh
2009-03-05 20:20 162,304 a------- c:\windows\system32\253.tmp
2009-03-05 20:20 124 a------- c:\windows\system32\244.tmp
2009-03-05 20:13 48,640 -------- c:\windows\system32\yayWoLby.dll
2009-03-05 20:13 79,660 a------- c:\windows\system32\prunnet.exe
2009-03-04 00:22 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-03-03 15:31 27,136 a------- c:\windows\regsv32.exe
2009-03-03 15:31 14,336 a------- c:\windows\iehost32.dll
2009-02-25 14:37 839,680 a------- c:\windows\system32\lameACM.acm
2009-02-25 14:37 414 a------- c:\windows\system32\lame_acm.xml
2009-02-25 14:37 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-02-25 14:37 118,784 a------- c:\windows\system32\ac3acm.acm
2009-02-25 14:37 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-02-25 14:37 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-25 14:37 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-02-25 14:37 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-02-23 23:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus

==================== Find3M ====================

2009-03-06 21:15 90,112 a------- c:\windows\DUMPa50a.tmp
2009-03-06 14:32 79,872 a--sh--- c:\windows\system32\riturifa.dll
2009-03-05 20:24 129,024 a--sh--- c:\windows\system32\bibeyojo.dll
2009-03-05 20:24 84,992 a--sh--- c:\windows\system32\mepemipe.dll
2009-03-05 20:24 79,872 a--sh--- c:\windows\system32\wetojufa.dll
2009-03-05 20:23 182,912 ac------ c:\windows\system32\drivers\ndis.sys
2009-03-02 21:33 14,286 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-01-28 18:12 44,032 a------- c:\windows\inform.dat
2009-01-09 20:53 64,512 a---h--- c:\windows\dach300.dll
2009-01-09 20:53 64,512 a---h--- c:\windows\system32\dach300.dll
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-07 13:08 795,648 a------- c:\windows\system32\xvidcore.dll
2007-12-06 22:01 8,224 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-06-05 19:16 81,588 ac------ c:\program files\Codec Pack - All In 1.rar
2006-12-21 21:58 809 ac------ c:\program files\INSTALL.LOG
2006-10-16 17:43 1,420,945 ac------ c:\docume~1\owner\applic~1\Install.dat
2006-08-20 17:35 560 ac------ c:\docume~1\owner\applic~1\ViewerApp.dat
2006-05-11 21:07 4,212,278 ac------ c:\program files\Cucusoft.rar
2006-04-17 20:43 19,014,072 ac------ c:\program files\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment.rar
2006-01-20 17:03 654 a------- c:\program files\iTunes.lnk
2006-01-17 15:30 239,592,071 ac------ c:\program files\RISFull051206.exe
2006-01-03 19:07 2,028,032 ac------ c:\program files\ventrilo-2.3.0-Windows-i386.exe
2005-12-29 12:17 1,975,992 ac------ c:\program files\xfire_installer_16733.exe
2005-12-10 00:02 947,510,784 a------- c:\program files\armyops250.exe
2005-11-12 00:27 4,544,326,118 ac------ c:\program files\wow.rar
2005-11-01 21:01 482 a------- c:\program files\Fraps.lnk
2005-11-01 21:01 665,312 ac------ c:\program files\FRAPS264.EXE
2005-10-08 18:28 3,701,245 ac------ c:\program files\LimeWireWin.exe
2005-09-15 16:31 3,675,802 ac------ c:\program files\LimeWirePro 4.9.30.exe
2005-06-07 22:52 14,403,584 ac------ c:\program files\gta_sa.exe
2005-06-03 17:11 56 a------- c:\program files\nsane productions.url
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\guvutoho.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\ludiyofu.dll

============= FINISH: 21:29:11.75 ===============

Attached Files


Edited by singlestrike, 06 March 2009 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 10 March 2009 - 08:18 PM

Hi,

Unfortunately I have some bad news, your computer is infected with Virut.

Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (software) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

I don't feel there is any point in trying to clean this machine. Sorry to be the bearer of bad news, but that's how I see it.

You can read more about it here if you want; http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

If you have any questions let me know.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users