Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acts differently, and I'm suspicious...


  • This topic is locked This topic is locked
3 replies to this topic

#1 Not_a_Clue

Not_a_Clue

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 22 April 2009 - 01:12 AM

Please look over this log and tell me what you think.

My computer isn't slow, displaying popups or taking actions I don't want, but my latest automatic Windows Update attempt failed and despite a few attempts I can't connect to v6.windowsupdate.microsoft.com to initiate the update again. I also can't connect to grc.com to look at my port status-- my browser just hangs when I try to access the GRC port scanner. Both these are trusted sites in my browser.

I've also had a couple of virus events lately:

I use Zonealarm security suite and 2 days ago (about 8 hours before the Windows update failure) it alerted me that it found and quarantined "Backdoor.Win32.Agent.afqs" during a scan while I was online. It quarantined these files from the following locations:

C:\WINDOWS\SYSTEM32\DLLCACHE\wmiprvse.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe

Also on March 24, A-Squared Free found and quarantined the following:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2375\A0340046.dll Quarantined Win32.Virtob.2!IK

I couldn't find anything on the internet about these exact threats so I thought I'd wait a while to see if others reported the same problems. However the windows update issue got me worried, and the "backdoor" part got me bugged. I'm not a computer expert by any means but I'm interested in learning. I tried to run Hijackthis but it hung up after the first section of the scan "04 - Registry & Start Menu autoruns". I got pretty bugged out after that.

When I ran DDS.SCR I got the following output in the command line window:

As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.

EDS.EXE: can't read StartUp: No such file or directory
Could Not Find C:\DOCUME~1\MARKMO~1\LOCALS~1\Temp\RarSFX0\StartUp
FINDSTR: Cannot open svclist.dat

Not sure if that's normal but I thought I'd include it. Any help or advice you can provide is greatly appreciated!

Thanks,
Mark

Attached Files

  • Attached File  DDS.txt   9.91KB   8 downloads


BC AdBot (Login to Remove)

 


#2 Not_a_Clue

Not_a_Clue
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 29 April 2009 - 11:52 PM

Just as a postscript to my 4/21/09 post, through the Zonealarm forum I found out that Backdoor.Win32.Agent.afqs was a false positive.

That was the good news.

The bad news was Zonealarm found this "infection" in wmiprvse.exe in the C:\WINDOWS\SYSTEM32\WBEM and DLLCACHE folders, so when I deleted the quaratined files (why is it that in hindsight that's a bad idea, but it seemed so good at the time?) I couldn't download windows updates or use my CD drive. That's what got me bugged, although at the time I didn't know all my ills were self-inflicted.

I had to go back to an earlier restore point to get that functionality back. After several hours of fretting, searching among forums for answers, and attempting Windows updating, I think I'm back where I was in the first place.

Hope my learning experience can serve as an example of what not to do for others....

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:22 AM

Posted 30 April 2009 - 06:41 PM

Thanks for informing us.

If you are still having problems please add a new DDS log.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:22 AM

Posted 03 May 2009 - 02:53 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users