Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan-zipwire and several worms


  • This topic is locked This topic is locked
2 replies to this topic

#1 asianpanamanian

asianpanamanian

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 April 2009 - 11:28 PM

I have a virus on my laptop and I am currently using a flash drive to complete all the instructions to switch from my desktop to my laptop. I have tried a system restore, re-installing my operating system software and recovery disc with applications and drivers, of course, all unsuccessful. Everytime my computer boots up, a "HOT KEY" screen pops up repeatedly to the point where I am having to use the task manager to cease the process. I noticed that a "TRUSTEDINSTALLER" user account has been created as well. I also identified some programs under the C:\WINDOWS\SYSTEM32 folder with another forum that states I have several worms and a trojan. Very bad day today :thumbup2: but gracious I found this forum. Thank you for all your help, it is much appreciated.

DDS (Ver_09-03-16.01) - NTFSx86
Run by asianpanamanian at 0:14:30.44 on Thu 04/09/2009
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1662.1197 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BigFix\bigfix.exe
C:\PROGRA~1\COMMON~1\AOL\123925~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\123925~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\geek squad\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HostManager] c:\program files\common files\aol\1239252495\ee\AOLHostManager.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [CHotkey] zHotkey.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-08 23:36 <DIR> --d----- c:\program files\Yahoo!
2009-04-08 23:36 <DIR> --d----- c:\program files\CCleaner
2009-04-08 23:34 <DIR> --d----- c:\users\asianp~1\appdata\roaming\Webroot
2009-04-08 22:34 550,912 a------- c:\windows\zHotkey.exe
2009-04-08 22:34 532,544 a------- c:\windows\PIC.dll
2009-04-08 22:34 42,040 a------- c:\windows\PatchWnd.exe
2009-04-08 22:34 36,864 a------- c:\windows\ShowWnd.exe
2009-04-08 22:34 24,576 a------- c:\windows\HKNTDLL.dll
2009-04-08 22:34 11,776 a------- c:\windows\HIDMNT.dll
2009-04-08 22:34 5,280 a------- c:\windows\hotbtnv.vxd
2009-04-08 22:33 176,128 a------- c:\windows\system32\NVUNINST.EXE
2009-04-08 22:22 330,752 a----r-- c:\windows\system32\drivers\NETBIOS.PDB
2009-04-08 22:22 <DIR> --d----- c:\windows\system32\OEM
2009-04-08 22:21 1,270 a------- c:\windows\system32\oeminfo.ini
2009-04-08 22:18 <DIR> --d----- c:\program files\Realtek
2009-04-08 22:18 487,424 a------- c:\windows\RtlExUpd.dll
2009-04-08 22:08 <DIR> --d----- c:\program files\Microsoft Money 2006
2009-04-08 22:04 <DIR> --d----- C:\Windows.old
2009-04-08 22:03 <DIR> --d----- c:\users\asianp~1\appdata\roaming\AOL
2009-04-08 21:52 13,352 a------- c:\windows\BigFixClientOverride.dll
2009-04-08 21:52 <DIR> --d----- c:\program files\BigFix
2009-04-08 21:52 306,688 a------- c:\windows\IsUninst.exe
2009-04-08 21:52 24 a------- c:\windows\system32\emver.ini
2009-04-08 21:51 <DIR> --d----- c:\programdata\Prism Deploy
2009-04-08 21:51 <DIR> --d----- c:\progra~2\Prism Deploy
2009-04-08 21:51 <DIR> --d----- c:\program files\common files\New Boundary
2009-04-08 21:50 173,184 a------- c:\windows\system32\ygpss.scr
2009-04-08 21:50 <DIR> --d----- c:\users\asianp~1\appdata\roaming\You've Got Pictures Screensaver
2009-04-08 21:50 <DIR> --d----- c:\program files\common files\Nullsoft
2009-04-08 21:50 86,016 a------- c:\windows\unvise32qt.exe
2009-04-08 21:49 <DIR> --d----- c:\programdata\QuickTime
2009-04-08 21:49 <DIR> --d----- c:\program files\common files\Real
2009-04-08 21:49 <DIR> --d----- c:\programdata\Viewpoint
2009-04-08 21:49 <DIR> --d----- c:\progra~2\Viewpoint
2009-04-08 21:49 <DIR> --d----- c:\program files\Viewpoint
2009-04-08 21:49 <DIR> --d----- c:\programdata\Pure Networks
2009-04-08 21:49 <DIR> --d----- c:\progra~2\Pure Networks
2009-04-08 21:49 <DIR> --d----- c:\program files\Pure Networks
2009-04-08 21:48 <DIR> --d----- c:\program files\common files\AolCoach
2009-04-08 21:48 <DIR> --d----- c:\programdata\AOL
2009-04-08 21:48 <DIR> --d----- c:\program files\common files\aolshare
2009-04-08 21:48 <DIR> --d----- c:\program files\America Online 9.0
2009-04-08 21:48 <DIR> --d----- c:\program files\common files\AOL
2009-04-08 21:46 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-08 21:46 <DIR> --dsh--- c:\windows\Installer
2009-04-08 21:31 <DIR> --d----- c:\users\asianpanamanian
2009-04-08 17:28 <DIR> --d----- C:\DriversApps

==================== Find3M ====================

2009-04-08 22:20 86,016 a------- c:\windows\inf\infstor.dat
2009-04-08 22:20 51,200 a------- c:\windows\inf\infpub.dat
2009-04-08 22:20 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-08 21:49 8,552 a------- c:\windows\system32\drivers\asctrm.sys
2006-11-02 05:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:15:01.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 asianpanamanian

asianpanamanian
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 11 April 2009 - 04:56 AM

RESOLVED :thumbup2:

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:24 PM

Posted 24 April 2009 - 09:59 AM

Thanks for informing us.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users