Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with unknown malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 BaldNomad

BaldNomad

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 12 April 2009 - 11:44 AM

I have an HP laptop infected with a bunch of malware. Uncontrolled pop-ups, unable to install anti-malware software, blocking internet searches and sites related to malware, etc. The only way I can even perform a simple file open task without endless lockups/slowdowns is to remove the computer from the network. When it's off the network it seems to behave much better, but when on the network it is basically a doorstop.

Using a flash drive and sneakernet, I was able to get DDS to run and here are the results. Any help is very much appreciated!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Damon Bowman at 11:21:15.04 on Sun 04/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.170 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Damon Bowman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2b649016-72a4-73da-7fb4-57b7e5c6dce0}: {0ecd6c5e-7b75-4bf7-ad37-4a27610946b2} - c:\windows\system32\qvokgf.dll
BHO: MMklkl: {1428a472-5260-404e-9977-7ecdf1daf936} - c:\windows\system32\mukmil.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {98197b04-35be-4f77-8c1f-cf479090a375} - c:\windows\system32\fahokipa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\progra~1\mi3aa1~1\wcescomm.exe"
uRun: [reader_s] c:\documents and settings\damon bowman\reader_s.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Nyivon] rundll32.exe "c:\windows\Rcuduhone.dll",e
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Spalofihutafuzac] rundll32.exe "c:\windows\aloluwenuqave.dll",e
mRun: [CPM6a644833] Rundll32.exe "c:\windows\system32\hujinuya.dll",a
mRun: [69577baf] rundll32.exe "c:\windows\system32\lihedayu.dll",b
mRun: [pojisajayi] Rundll32.exe "c:\windows\system32\vukolosu.dll",s
dRun: [<NO NAME>] c:\windows\temp\r9xxw2w.exe
dRun: [Windows Resurections] c:\windows\temp\r9xxw2w.exe
dRun: [Diagnostic Manager] c:\windows\temp\1527008578.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: e&xport to microsoft excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {cafeefac-0016-0000-0013-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15016/CTPID.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: eabbcafcffb - c:\windows\system32\eabbcafcffb.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: qvokgf.dll c:\windows\system32\bidubiti.dll c:\windows\system32\yozakapa.dll c:\windows\system32\hujinuya.dll,c:\windows\system32\sokuhuyu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hujinuya.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hujinuya.dll
LSA: Notification Packages = scecli scecli c:\windows\system32\sokuhuyu.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-11 28544]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S2 icf;ICF;c:\windows\system32\svchost.exe:ext.exe []
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-04-12 10:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-12 10:25 121 ---sh--- c:\windows\system32\upizatul.ini
2009-04-12 00:28 16 a------- c:\windows\Mpobowapupiy.bin
2009-04-12 00:28 1,420 a------- c:\windows\Qfimerax.dat
2009-04-11 23:18 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-11 23:18 <DIR> --d----- c:\program files\Panda Security
2009-03-27 17:06 9,216 a------- c:\windows\instsp2.exe
2009-03-27 01:31 112,366 a------- c:\windows\system32\drivers\66f3aa2b.sys
2009-03-27 01:30 157,184 a------- c:\windows\aloluwenuqave.dll
2009-03-27 00:28 0 a------- c:\windows\system32\icf.exe.exe
2009-03-26 19:58 43,008 a------- C:\dxxrp.exe
2009-03-26 19:58 27,136 a------- C:\vaybq.exe
2009-03-26 19:56 7,680 a------- C:\ijmaxk.exe
2009-03-26 19:55 10,240 a------- C:\dcowt.exe
2009-03-26 19:55 40,448 a------- C:\liymwuq.exe
2009-03-26 17:12 201,232 a------- c:\windows\system32\mukmil.dll
2009-03-26 17:07 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-03-26 17:06 88,428 a------- c:\windows\system32\drivers\d1e04022.sys
2009-03-26 17:06 30,208 a------- c:\windows\system32\reader_s.exe
2009-03-26 17:06 43,008 a------- C:\aoqckrns.exe
2009-03-26 17:06 27,136 a------- C:\ajtbyh.exe
2009-03-26 17:06 2 a------- C:\1767340800
2009-03-26 17:05 40,448 a------- c:\windows\Rcuduhone.dll
2009-03-26 17:05 10,240 a------- C:\pavw.exe
2009-03-26 17:05 40,448 a------- C:\dmsiacq.exe
2009-03-25 17:06 3,327,215 a--sh--- c:\windows\system32\uyadehil.ini
2009-03-25 17:05 129,536 a--sh--- c:\windows\system32\qvokgf.dll
2009-03-25 14:34 3,327,206 ---sh--- c:\windows\system32\uyadehil.tmp
2009-03-25 13:54 129,536 a--sh--- c:\windows\system32\fvpweb.dll
2009-03-25 01:36 128,000 a--sh--- c:\windows\system32\bneskc.dll
2009-03-24 13:35 129,024 a--sh--- c:\windows\system32\vocjis.dll
2009-03-24 01:35 1,410,297 ---sh--- c:\windows\system32\azipufik.ini
2009-03-24 01:35 129,024 a--sh--- c:\windows\system32\wyurkj.dll
2009-03-23 13:35 1,410,306 ---sh--- c:\windows\system32\atayames.ini
2009-03-23 13:35 128,000 a--sh--- c:\windows\system32\bpatqi.dll
2009-03-23 01:35 1,791,165 ---sh--- c:\windows\system32\inuyokug.ini
2009-03-23 01:34 128,000 a--sh--- c:\windows\system32\ingrda.dll

==================== Find3M ====================

2009-04-12 10:24 49,152 a--sh--- c:\windows\system32\bobebeji.dll
2009-04-12 10:23 90,624 a--sh--- c:\windows\system32\lutazipu.dll
2009-04-12 10:23 98,304 a--sh--- c:\windows\system32\hujinuya.dll
2009-04-12 10:23 53,760 a--sh--- c:\windows\system32\gipofosi.exe
2009-03-27 17:06 94,208 a--sh--- c:\windows\system32\kimurori.dll
2009-03-27 17:06 89,600 a--sh--- c:\windows\system32\vagezije.dll
2009-03-27 17:06 61,440 a--sh--- c:\windows\system32\somivofe.exe
2009-03-27 09:38 55,764 a------- c:\windows\Sysvxd.exe
2009-03-27 05:06 61,440 a--sh--- c:\windows\system32\hajirifi.exe
2009-03-27 05:06 94,208 a--sh--- c:\windows\system32\zinowile.dll
2009-03-27 05:06 90,112 a--sh--- c:\windows\system32\poriyibu.dll
2009-03-27 01:30 14,336 a------- c:\windows\system32\svchost.exe
2009-03-27 01:30 14,336 a------- c:\windows\system32\dllcache\svchost.exe
2009-03-26 17:07 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-03-26 17:05 61,440 a--sh--- c:\windows\system32\pizeziza.exe
2009-03-26 17:05 95,232 a--sh--- c:\windows\system32\yozakapa.dll.vir
2009-03-26 17:05 90,112 a--sh--- c:\windows\system32\domafewe.dll
2009-03-25 17:05 129,536 a--sh--- c:\windows\system32\tanetezo.dll
2009-03-25 17:05 94,720 a--sh--- c:\windows\system32\bidubiti.dll.vir
2009-03-25 17:05 90,624 a--sh--- c:\windows\system32\lenosopo.dll
2009-03-25 13:55 90,624 a--sh--- c:\windows\system32\tizanapa.dll
2009-03-25 13:54 129,536 a--sh--- c:\windows\system32\bikehana.dll
2009-03-25 13:54 94,720 a--sh--- c:\windows\system32\hohevopu.dll
2009-03-25 01:35 128,000 a--sh--- c:\windows\system32\hedarida.dll
2009-03-25 01:35 95,232 a--sh--- c:\windows\system32\hukeliwa.dll
2009-03-25 01:35 89,600 a--sh--- c:\windows\system32\pumuhenu.dll
2009-03-24 13:35 96,256 a--sh--- c:\windows\system32\nohijali.dll
2009-03-24 13:35 90,624 -------- c:\windows\system32\lihedayu.dll
2009-03-24 13:35 129,024 a--sh--- c:\windows\system32\teraniye.dll
2009-03-24 01:35 129,024 a--sh--- c:\windows\system32\kemuzike.dll
2009-03-24 01:35 94,720 a--sh--- c:\windows\system32\jarugede.dll
2009-03-24 01:35 89,600 -------- c:\windows\system32\kifupiza.dll
2009-03-23 13:35 128,000 a--sh--- c:\windows\system32\rikekohu.dll
2009-03-23 13:35 90,112 -------- c:\windows\system32\semayata.dll
2009-03-23 13:35 95,744 a--sh--- c:\windows\system32\purobiku.dll
2009-03-23 01:34 128,000 a--sh--- c:\windows\system32\zuzebufo.dll
2009-03-23 01:34 93,696 a--sh--- c:\windows\system32\zogewosi.dll
2009-03-23 01:34 88,576 -------- c:\windows\system32\gukoyuni.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 06:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 11:22:18.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 18 April 2009 - 05:25 PM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why: Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

#3 BaldNomad

BaldNomad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 20 April 2009 - 04:01 PM

Thanks for your response, this is what I was already thinking.

One question - is there a danger in using an external drive to back up my files, as long as I avoid backing up EXE/SCR files? What can I do to prevent any remnants of the infection from migrating to the newly re-installed machine, or worse, to other computers on my network or other computers that I use with the external drive?

Thanks again for the assist!

#4 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 20 April 2009 - 04:38 PM

I would advise against using an external drive, if possible you should backup to CD or DVD then everything should be scanned prior to returning it to the computer after it has been reformatted.

#5 BaldNomad

BaldNomad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 20 April 2009 - 06:23 PM

well, I thought of that (using a CD or DVD) but I cannot burn a disc using the infected PC. I guess, since every EXE I run gets infected by the virus, that the CD-burning software is corrupted and/or infected. When I try to run it, it simply exits without any message.

I think I will take the machine apart, remove the drive and connect it to another PC using an IDE/SATA to USB adapter. If I do this I should be able to copy files from the infected drive onto a CD using the second computer. As long as I don't run any EXE files from the infected drive, this should be safe, right?

the last thing I want is for any of this crap to end up on any of MY computers. The infected computer belongs to a friend who I'm trying to help...I have both XP and Vista machines in my house.

I do (also) have a newish macbook pro, if that enables any safer data copying methods...however I don't think it could read the PC drive's files anyway because the PC drive is NTFS and the Mac only understands FAT, right?

Currently she is trying to find her HP-supplied Windows reinstall disk...but I think the version of XP it will have will be pre SP1, or certainly pre SP-2. Can I download Windows updates and save them to a CD somehow, so that I don't have to put the unpatched computer on the Internet to download updates?

Edited by BaldNomad, 20 April 2009 - 06:25 PM.


#6 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 21 April 2009 - 06:12 AM

While the CD/DVD option is the most preferable you can copy them on to your external drive just disable autorun before doing it and afterwards:
http://www.howtogeek.com/howto/windows/dis...and-usb-drives/

Before you transfer them back be sure to scan them with an updated antivirus, if you want to be extra careful you can reformat your external drive before letting it back to your own computers.

You can download an image file to burn to CD with sp3 from Microsoft: http://www.microsoft.com/downloads/details...;displaylang=en

#7 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 26 April 2009 - 10:18 AM

This Topic is now closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users