Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with PWS.LDPinchIE, Win32.Delf.uc, Win32.Agent.pz

  • This topic is locked This topic is locked
1 reply to this topic



  • Members
  • 3 posts
  • Local time:10:59 PM

Posted 19 April 2009 - 05:44 PM

OK Nomally I goto google, and read past bleeping computer related topics to the three viruses I listed in the topic, or for anything. But this crap takes the cake. Ive never delt with garbage like this.

I just moved into a new neighborhood, and have been looking for an unsecured internet for a while. Someone just brought one online friday. But when I connected to it (which its what Im connected to now) Trojans started popping up out of nowhere. Ive run Hijackthis and SDfix and will put the logs at the bottom. SD Fix seems to find the viruses, but cannot delete them properly. Itll find them delete them then list hidden attributes, which are still viruses, and not delete them. These little buggers are tricky.

So if someone could please help me out here. It keeps trying to send mass loads of spam mails. Ive also reformated about 4 times now. Its giving false positives in the ask manager running proccesses. svchost, IEXPLORER (listed under system, its supposed to be listed under HP_Owner for me not to mention its in caps), random charactered trojans that google has no info on, winlogin.exe is all messed up. MY LoginUI wont work properly anymore. and all of them are listed as exe in places they shouldnt be. Anyways heres the logs, Im gonna TRY to play some runescape while I wait for an answer.

One more thing, Computer is running slow, dont know if i can run spybot or counterspy again. LOL speaking of which Counterspy's Safe mode scan wont even run. PERIOD. So yeah:

Edit. Running Catchme now. Took winamp like 5 minutes to load after i clicked the button to start it... heh.

Edit2: "tap tap" From what I can see from the main forum page for the HJT topic, Ive already been buried like 10 times over. So Ill leave firefox on for as long as possible. Installing IE8 now. Just waitin now i guess. Spin some mixes then I should have a reply by then.

Edit3: Removed Internet Explorer from the add/remove windows components screen. Doing better. Also removed IE8. Gonna try to find the virus infected iexplore.exe and delete them manually.

Edit4:So far after removing every file named iexplore.exe (thank god for firefox) nothings popped up yet. Still watching it though. Still infected as well. So when someone can get a chance... HELP ME! STOP SKIPPING ME!

Edit5:I dont think anyones gonna help me..... Ive been looking and theres about 3-5 "admins" that keep skiping me and other people in line and helping others. Mind you, I can completely understand if this isnt your field. But skipping someone while not telling someone that you have viewed their post but cannot help them with this matter, that would be a lot easier in our part to at least know we werent completely skipped.

Attached Files

Edited by NYTDDS, 20 April 2009 - 12:50 PM.

BC AdBot (Login to Remove)


#2 Buckeye_Sam


    Malware Expert

  • Members
  • 17,382 posts
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:59 PM

Posted 25 April 2009 - 04:36 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users