Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PE_PARITE.A infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 antonic

antonic

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dalmatia, Croatia
  • Local time:06:20 AM

Posted 25 April 2009 - 01:31 PM

Hi.

I am trying to deal with this computer security for some time now. There were several threats that (I think) were successfully removed. Now Trend Micro reports PE_PARITE.A. Spybot reports nothing thought there were some trojans that were always coming back. So here goes my DDS log.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Korisnik at 20:03:53,48 on sub 25.04.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1250.385.1033.18.447.196 [GMT 2:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
"C:\WINDOWS\system32\svchost.exe" 54773
d:\Ora817\BIN\TNSLSNR.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
d:\ora817\bin\ORACLE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\Korisnik\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
IE: &Search
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: {69EBDB08-7113-4E9E-BD3B-12EA38DF577E} = 195.29.149.196 195.29.166.116

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\ydm6vyjl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.accessoires.com.hr/
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll

============= SERVICES / DRIVERS ===============

R2 OracleOra817TNSListener;OracleOra817TNSListener;d:\ora817\bin\tnslsnr --> d:\ora817\bin\TNSLSNR [?]
R2 OracleServiceORA817;OracleServiceORA817;d:\ora817\bin\oracle.exe ora817 --> d:\ora817\bin\ORACLE.EXE ORA817 [?]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-24 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-9-28 36368]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-5-10 6016]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-24 651264]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys --> c:\windows\system32\drivers\nod32drv.sys [?]
S2 foxwei;wrsky; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 mstsc;mstsc;c:\windows\RemoteAbc.exe [2009-3-12 386050]
S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?]
S2 Remote;Remote; [x]
S3 OracleClientCache80;OracleClientCache80;d:\dev6i\bin\ONRSD80.EXE [2005-5-2 101376]
S3 OracleOra817ClientCache;OracleOra817ClientCache;d:\ora817\bin\ONRSD.EXE [2002-5-10 417280]
S3 OracleOra817PagingServer;OracleOra817PagingServer;d:\ora817\bin\pagntsrv.exe [2007-5-10 52224]
S4 360Tyf;360˛ČŔ; [x]
S4 OracleOra817Agent;OracleOra817Agent;d:\ora817\bin\dbsnmp.exe [2000-11-11 246784]
S4 OracleOra817DataGatherer;OracleOra817DataGatherer;d:\ora817\bin\vppdc.exe [2000-11-11 171008]
S4 OracleOra817HTTPServer;OracleOra817HTTPServer;d:\ora817\apache\apache\Apache.exe [2000-11-9 3584]

=============== Created Last 30 ================


==================== Find3M ====================

2009-04-24 08:16 10,458,112 a----r-- c:\windows\system32\RTLCPL.EXE
2009-04-24 08:16 25,600 a----r-- c:\windows\system32\VModes.exe
2009-04-24 08:16 155,648 a----r-- c:\windows\system32\NeroCheck.exe
2009-04-24 08:16 206,336 a------- c:\windows\system32\mtrstart.exe
2009-04-24 08:16 51,712 a------- c:\windows\system32\migpwd.exe
2009-04-24 08:16 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-04-24 08:16 20,480 a------- c:\windows\system32\cliconfg.exe
2009-04-24 08:15 161,792 a------- c:\windows\SWREG.exe
2009-04-24 08:15 98,816 a------- c:\windows\sed.exe
2009-04-24 08:15 306,688 a------- c:\windows\IsUninst.exe
2009-04-23 08:24 283,136 a------- c:\windows\Arj.exe
2009-04-22 14:15 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-03-12 18:11 386,050 a------- c:\windows\RemoteAbc.exe
2009-03-09 21:34 32,768 a------- c:\windows\system32\dictsd32.sys
2009-03-09 17:46 2,208 a------- c:\windows\system32\config.dll
2009-03-03 05:51 16,384 a------- c:\windows\DCEBoot.exe
2009-02-20 13:48 2,638 a------- c:\windows\system32\assuntos.dll
2009-02-20 13:48 20,543 a------- c:\windows\system32\frases.dll
2009-02-20 09:03 45,121 a------- c:\windows\system32\logs.dll
2009-02-16 09:31 2,208 a------- c:\windows\system32\ixg7253.exe
2009-02-16 09:31 224,256 a------- c:\windows\fhw1806.dll
2009-02-10 13:50 225,280 a------- c:\windows\msp9106.dll

============= FINISH: 20:05:03,46 ===============


Thanks up front. :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 antonic

antonic
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dalmatia, Croatia
  • Local time:06:20 AM

Posted 29 April 2009 - 07:59 AM

I succeeded to solve this one... so you can close the topic.

Thanks anyway.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:20 AM

Posted 04 May 2009 - 12:28 AM

Thanks for informing us.
Good Luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users