Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had virtool:win32/obfuscator infection, I want to make sure its gone.


  • This topic is locked This topic is locked
6 replies to this topic

#1 auraspeed

auraspeed

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 05 April 2009 - 03:10 AM

Hello,

Overview:
OS: Windows Vista Home Premium x64 SP1
AntiVirus: OneCare, Avira Antivir Personal
Others I use: Malwarebytes Anti-Malware, CCleaner Registry Cleaner, TweakNow RegClean, ThreatExpert Memory Scanner.
All updated daily. Have ran each program many times since infection.

Problem:
Last week I was infected with malware named VirTool:Win32/Obfuscator.DQ. My OneCare detected it immediately (Avira did not) but was unable to quarantine or delete right away. After a few attempts it was successful at removing it but ended up crashing and having to be Force Quit. The second this started happening I instantly turned off my wireless connection on my computer and ran full scans with all software that I've listed above and nothing was detected at all. Since then I have ran each software program at least once a day and have found nothing.

Since then I've been quite paranoid that something is still lurking since the computer has been running slow and none of the other software programs had detected the infection.

Here attached is my HijackThis log and OneCare Virus Log that shows the Actions, Time, File Name, and Infection that took place. Also to note, my computer is unable to Run DDS.scr since the command line prompt states that it does not support my operating system.

Thank you for your help,
Bryan


HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:41:37 AM, on 4/5/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Program Files\Sony\VAIO Care\listener.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exeC:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\WinSSNotifyE.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\HijackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dllO4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dllO18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeO23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exeO23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exeO23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exeO23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exeO23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exeO23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeO23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeO23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exeO23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)--End of file - 12414 bytes

OneCare Log File of Virus Activity
3/27/2009 1:32 AM  Windows Live OneCare found potentially harmful or unwanted software on your computer    Threat Name: VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:32 AMFile Name:	C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\93tgteme.default\Cache\9866AD8Ed01Threat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)Threat Status:	Removed3/27/2009 1:31 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:31 AMFile Name:	C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\93tgteme.default\Cache\9866AD8Ed01Threat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)Threat Status:	Detected3/27/2009 1:11 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:11 AMFile Name:	C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\93tgteme.default\Cache\9866AD8Ed01Threat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS)Threat Status:	Quarantine failed3/27/2009 1:11 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:11 AMFile Name:	C:\Users\Bryan\AppData\Local\Temp\j0BCoegi.exe.partThreat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS)Threat Status:	Quarantine failed3/27/2009 1:11 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:11 AMFile Name:	C:\Users\Bryan\AppData\Local\Temp\WhaXbSEy.exe.partThreat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS)Threat Status:	Quarantine failed3/27/2009 1:10 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:10 AMFile Name:	C:\Users\Bryan\AppData\Local\Temp\j0BCoegi.exe.partThreat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)Threat Status:	Detected3/27/2009 1:10 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:10 AMFile Name:	C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\93tgteme.default\Cache\9866AD8Ed01Threat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)Threat Status:	Detected3/27/2009 1:10 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:10 AMFile Name:	C:\Users\Bryan\AppData\Local\Temp\WhaXbSEy.exe.partThreat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)Threat Status:	Detected3/27/2009 1:10 AM 	Windows Live OneCare found potentially harmful or unwanted software on your computerThreat Name:	VirTool:Win32/Obfuscator.DQDetection Date and Time:	3/27/2009 1:10 AMFile Name:	C:\Users\Bryan\AppData\Local\Mozilla\Firefox\Profiles\93tgteme.default\Cache\9866AD8Ed01Threat Severity:	SevereThreat Category:	ToolVirus and spyware monitoring found potentially unwanted software:	(ANTIVIRUS_ONACCESS_INFECTED)Threat Status:	Detected


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:04 AM

Posted 14 April 2009 - 11:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 auraspeed

auraspeed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 21 April 2009 - 02:05 PM

Sorry about the late reply. I've tried using the DDS tool but when I run it the program states that it can't run since it doesn't support my operating systerm. I did turn off wireless and shut off all antivirus and spyware programs and still gave me the same response.

What is the next option?

Thanks

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:04 PM

Posted 24 April 2009 - 09:16 AM

OK, you are using a 64 bit OS, so your options are very limited.

First are you seeing any problems or strange activities of your computer?

Second, the files were confined to temporary files and to the browser cache. So the first thing I would do, even if you are having no problems, is to clear out your temporary files and the cache.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Let me know if you are having any problems, and about how big a mass of files were cleaned off by ccleaner.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 auraspeed

auraspeed
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 25 April 2009 - 01:23 AM

I've actually used CCleaner for quite a while on a normal basis. When the problem first came up, I instantly took damage control by shutting off my wireless, closed all non-essential programs, and ran the laptop through my battery of programs using only program of each type at a time; first OneCare ran a virus scan, I then ran my Avira AntiVir full scan, then ran MalwareBytes, Spybot Search and Destroy, CCleaner, TweakNow Reg Cleaner, and lastly Threat Expert Memory Scanner. I didn't learn of this website until later that day and then realized that it is recommended to not take a lot of action cleaning after the post to the board to keep the logs posted consistent with the computer's current config. Since my post was a few weeks ago I have continued my daily regiment of protection so the HjT log is most likely not up to date.

Since the first few minutes after infection (the very first Virus Scan with OneCare when the problem arose) no other viruses have shown up in any of my scanners. Yet, my computer stills seems to be acting up and almost every boot and shutdown Windows faults and I'm welcomed to the "Windows failed to properly Shutdown/boot" screen.

Regardless, I ran CCleaner just now and the files removed amounted to ~510 MB.

Edited by auraspeed, 25 April 2009 - 01:26 AM.


#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:04 PM

Posted 25 April 2009 - 01:55 PM

OK, the next thing to do is peak under the hood and find out why you are getting those faults.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:04 PM

Posted 06 May 2009 - 03:57 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users