Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Virus Remover 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 brianch

brianch

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 24 March 2009 - 01:38 AM

I have a Red circle with a White X in the system tray that occasionally pops up a box that says "". And I have a message box that frequently pops up and with an Alert that says "You have a security problem! Do you want to scan your computer for viruses?". Then IE opens and, after redirecting a few times, ends up on either <http://advancesoftwaretool.com/2009/2/>, or <http://advancesoftwaretool.com/2009/2/?a=cspsant1p&l=273&f=cs_5622918963&ex=&ed=&h=&sub=&prodabbr=3P_UVSM>
among others. I have McAfee and MaleWareBytes AntiMaleware and SpyBot S&D, but still can't get rid of these two viruses.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 1:07:51.20 on Tue 03/24/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.383.124 [GMT -6:00]


============== Running Processes ===============

E:\WINDOWS\system32\svchost -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\system32\slserv.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\system32\svchost.exe -k netsvcs
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\PROGRA~1\FLOCK\FLOCK.EXE
E:\Program Files\Cobian Backup 9\Cobian.exe
E:\Program Files\Cobian Backup 9\cbInterface.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Shell=Explorer.exe
BHO: AutorunsDisabled - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - e:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - e:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - e:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
mRun: [RealTray] e:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] e:\program files\mcafee.com\agent\mcagent.exe /runkey
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\MSMSGS.EXE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2009-3-19 201320]
R2 McProxy;McAfee Proxy Service;e:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-19 359248]
R2 McShield;McAfee Real-time Scanner;e:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-19 144704]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;e:\windows\system32\drivers\lne100v5.sys [2006-11-22 36224]
R3 McSysmon;McAfee SystemGuards;e:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-19 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2009-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2009-3-19 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;e:\windows\system32\drivers\mfesmfk.sys [2009-3-19 40488]
S3 mferkdk;McAfee Inc. mferkdk;e:\windows\system32\drivers\mferkdk.sys [2009-3-19 33832]

=============== Created Last 30 ================

2009-03-24 00:20 <DIR> --d----- e:\program files\Cobian Backup 9
2009-03-21 23:43 <DIR> --d----- e:\docume~1\admini~1\applic~1\Malwarebytes
2009-03-21 23:43 15,504 a------- e:\windows\system32\drivers\mbam.sys
2009-03-21 23:43 38,496 a------- e:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 23:43 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-21 23:43 <DIR> --d----- e:\program files\Malwarebytes' Anti-Malware
2009-03-21 00:51 61,224 a------- e:\documents and settings\administrator\GoToAssistDownloadHelper.exe
2009-03-19 23:39 <DIR> --d----- e:\docume~1\admini~1\applic~1\McAfee
2009-03-19 00:52 <DIR> --d----- e:\windows\pss
2009-03-19 00:38 9,681 a------- e:\windows\system32\Config.MPF
2009-03-19 00:34 143,360 a------- e:\windows\system32\dunzip32.dll
2009-03-19 00:07 33,832 a------- e:\windows\system32\drivers\mferkdk.sys
2009-03-19 00:07 40,488 a------- e:\windows\system32\drivers\mfesmfk.sys
2009-03-19 00:07 35,240 a------- e:\windows\system32\drivers\mfebopk.sys
2009-03-19 00:07 79,304 a------- e:\windows\system32\drivers\mfeavfk.sys
2009-03-19 00:06 201,320 a------- e:\windows\system32\drivers\mfehidk.sys
2009-03-19 00:06 113,952 a------- e:\windows\system32\drivers\Mpfp.sys
2009-03-19 00:01 <DIR> --d----- e:\program files\McAfee.com
2009-03-19 00:00 <DIR> --d----- e:\program files\common files\McAfee
2009-03-18 23:58 <DIR> --d----- e:\program files\McAfee
2009-03-17 18:50 <DIR> --d----- e:\program files\Trend Micro
2009-03-17 17:52 <DIR> --d----- e:\docume~1\admini~1\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-03-17 17:52 <DIR> --d----- e:\program files\TweetDeck
2009-03-17 17:46 20,480 ac------ e:\windows\system32\dllcache\hidserv.dll
2009-03-17 17:46 20,480 a------- e:\windows\system32\hidserv.dll
2009-03-17 17:46 13,952 ac------ e:\windows\system32\dllcache\kbdhid.sys
2009-03-17 17:46 13,952 a------- e:\windows\system32\drivers\kbdhid.sys
2009-03-17 17:46 12,160 ac------ e:\windows\system32\dllcache\mouhid.sys
2009-03-17 17:46 12,160 a------- e:\windows\system32\drivers\mouhid.sys
2009-03-17 17:45 9,600 ac------ e:\windows\system32\dllcache\hidusb.sys
2009-03-17 17:45 9,600 a------- e:\windows\system32\drivers\hidusb.sys
2009-03-15 18:32 <DIR> --d----- e:\docume~1\admini~1\applic~1\Flock
2009-03-15 18:12 <DIR> --d----- e:\program files\Flock
2009-03-10 13:06 <DIR> --d----- e:\program files\Memzip
2009-03-08 20:04 73,728 a------- e:\windows\system32\javacpl.cpl
2009-03-08 20:04 410,984 a------- e:\windows\system32\deploytk.dll
2009-03-08 19:26 142,096 a------- e:\windows\system32\drivers\tmcomm.sys
2009-03-08 19:26 <DIR> --d----- e:\documents and settings\administrator\log
2009-03-08 17:46 <DIR> --d----- e:\program files\CCleaner
2009-03-05 23:32 9,216 a--sh--- e:\windows\Thumbs.db
2009-03-03 18:21 <DIR> --d----- e:\program files\support.com
2009-03-03 18:20 <DIR> --d----- e:\program files\common files\SupportSoft
2009-03-03 18:15 7,168 a--sh--- e:\windows\system32\Thumbs.db
2009-03-03 18:02 <DIR> --d----- e:\program files\Eidos
2009-03-03 18:02 <DIR> --d----- E:\My Music
2009-03-03 18:02 <DIR> --d----- E:\MAV
2009-03-03 17:59 <DIR> --d-h--- e:\docume~1\alluse~1\applic~1\~0
2009-03-02 23:56 <DIR> --d----- e:\docume~1\admini~1\applic~1\Uniblue
2009-03-02 23:46 <DIR> --d----- e:\program files\Spybot - Search & Destroy
2009-03-02 23:46 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-01 23:34 31,768 a------- e:\windows\system32\wucltui.dll.mui
2009-03-01 23:34 18,456 a------- e:\windows\system32\wuaueng.dll.mui
2009-03-01 23:34 23,576 a------- e:\windows\system32\wuaucpl.cpl.mui
2009-03-01 23:34 23,576 a------- e:\windows\system32\wuapi.dll.mui
2009-02-25 17:20 1,148 a------- E:\net_save.dna

==================== Find3M ====================

2009-03-17 19:49 33,792 a------- e:\windows\system32\userinit.exe
2005-11-25 14:45 533 ac------ e:\program files\Shortcut to Windows Media Player.lnk

============= FINISH: 1:11:07.02 ===============




>>>>>>>>>>>>>>>>>>>>>>>>>>
From 3/24 ...
Windows Malicious Software Removal Tool - this program automatically started today, and wasn't able to remove TrojanDownloader:Win32/Renos.BAH

Edited by Orange Blossom, 26 March 2009 - 10:13 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:19 PM

Posted 02 April 2009 - 04:57 PM

Hello brianch,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:19 PM

Posted 12 April 2009 - 05:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users