Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got malware/virus and now cannot access a portable HD


  • Please log in to reply
2 replies to this topic

#1 pinebilly

pinebilly

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 May 2009 - 06:35 PM

See Below (sorry tried to delete but didnt know how)

Edited by pinebilly, 04 May 2009 - 06:47 PM.


BC AdBot (Login to Remove)

 


#2 pinebilly

pinebilly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 04 May 2009 - 06:44 PM

Hello,

First off wanted to say thanks in advance for any help as I have been battling this for a few days and its frustrating.

I some how received malware/worm/virus that hijacked my browser and then would not let me update my antivirus/malware programs in order to clean them, in the end it also stopped my connection to the internet.

I received the virus on my dell laptop and I transferred some important files (like pics/word docs etc) to a portable hard drive. At that point I reloaded my OS on my Dell and then connected my portable drive to my desktop pc so I could download the drivers and transfer to my portable drive and then transfer back to my laptop. Well, needless to say that was a stupid idea as it infected my desktop immediately. (Sorry if this is a bit confusing, its quite dumb on my part to have done this..)


Here I am now and I have reloaded the OS on my dell laptop which I am currently typing on. I first thought I would try to clean the portable hard drive so I downloaded quite a few antivirus programs/malware etc and had them running before I connected them to my laptop. I then have scanned the portable drive (with all of them) and it did find some trojans etc. I removed (I think) all of the threats and went to go click on the drive to access the contents and I am getting this error - Windows cannot find 'RECYCLER/S-5-1-79 (with a bunch of other numbers after it..)


The contents on the hard drive is important to me as its pics from a wedding etc. Also I do not know if this laptop is reinfected (I tried to take all the precautions not to and I have scanned it numerous times with various tools and its come up clean..).

Any and all help would be so appreciated. I am willing to start from the basics and learn how to go about doing this properly. After I fix this pc and the portable HD, I have a pc in the basement that is totally messed up as well (It will not let me run any malware/antivirus programs) and I need to fix that as well. I have spent countless hours and could surely use some experts out there.

Thanks in advance. (I have to go to work here in about 30 minutes but will be checking this topic in approx 5 hrs and will respond then.)

Billy



DDS TXT LOG


DDS (Ver_09-03-16.01) - NTFSx86
Run by 5000000 at 16:39:18.07 on Mon 05/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.295 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated)
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\Documents and Settings\5000000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241389787031
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\5000000\applic~1\mozilla\firefox\profiles\eqri2yy5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-3 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-3 39184]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-4 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-3 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-3 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-4 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-4 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-4 55640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-3 700152]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-3 33040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-4 38496]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-04 16:14 388,608 a------- c:\windows\system32\cmd.execf
2009-05-04 14:04 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-04 14:03 <DIR> --d----- c:\program files\Avira
2009-05-04 14:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-04 13:52 <DIR> --d----- c:\docume~1\5000000\applic~1\Malwarebytes
2009-05-04 13:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-04 13:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 13:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-04 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-04 03:26 112,128 a------- c:\windows\system32\staco.dll
2009-05-04 02:47 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-04 02:32 2,944 ac------ c:\windows\system32\dllcache\drmkaud.sys
2009-05-04 02:32 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-05-04 02:32 171,776 ac------ c:\windows\system32\dllcache\kmixer.sys
2009-05-04 02:32 171,776 a------- c:\windows\system32\drivers\kmixer.sys
2009-05-04 02:32 52,864 ac------ c:\windows\system32\dllcache\dmusic.sys
2009-05-04 02:32 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-05-04 02:32 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-05-04 02:32 54,272 a------- c:\windows\system32\drivers\swmidi.sys
2009-05-04 02:32 142,464 ac------ c:\windows\system32\dllcache\aec.sys
2009-05-04 02:32 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-05-04 02:32 6,400 ac------ c:\windows\system32\dllcache\splitter.sys
2009-05-04 02:32 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-05-04 02:29 82,944 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-05-04 02:29 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-05-04 02:28 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-05-04 02:28 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-05-04 02:28 4,992 ac------ c:\windows\system32\dllcache\mspqm.sys
2009-05-04 02:28 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-05-04 02:28 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2009-05-04 02:28 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-04 02:28 282,624 a------- c:\windows\stsystra.exe
2009-05-04 02:27 3,592,192 a------- c:\windows\system32\stacgui.cpl
2009-05-04 02:27 651,264 a------- c:\windows\system32\stlang.dll
2009-05-04 02:27 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-05-04 02:27 4,096 a------- c:\windows\system32\ksuser.dll
2009-05-04 02:27 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-05-04 02:27 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2009-05-04 02:27 130,048 a------- c:\windows\system32\ksproxy.ax
2009-05-04 02:27 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-05-04 02:24 1,107,224 a------- c:\windows\system32\drivers\sthda.sys
2009-05-04 02:24 200,704 a------- c:\windows\system32\stacapi.dll
2009-05-04 02:24 146,944 a------- c:\windows\system32\st325602.dll
2009-05-04 02:18 <DIR> --d----- C:\5b71ddda4b06561da6c62d9c
2009-05-04 02:18 <DIR> --d----- c:\program files\SigmaTel
2009-05-04 02:02 5 a------- c:\windows\system32\drivers\DELL_XPS_MP061 .MRK
2009-05-04 02:02 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK
2009-05-04 02:01 666 a------- c:\windows\speed.reg
2009-05-04 02:01 <DIR> --d----- c:\program files\Dell
2009-05-04 00:51 <DIR> --d----- c:\windows\pss
2009-05-04 00:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-05-04 00:14 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-04 00:14 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-04 00:14 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-04 00:14 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-04 00:14 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-04 00:14 <DIR> --d----- C:\042e474fe4838fbdd0403b719d
2009-05-04 00:14 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-04 00:14 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-04 00:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-04 00:04 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-04 00:04 <DIR> --d----- c:\docume~1\5000000\applic~1\SUPERAntiSpyware.com
2009-05-04 00:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-03 23:57 <DIR> --d----- c:\program files\CCleaner
2009-05-03 23:52 <DIR> --d----- c:\program files\Defraggler
2009-05-03 23:25 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-05-03 23:25 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-05-03 23:25 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-05-03 23:25 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-05-03 23:25 <DIR> --d----- c:\program files\ThreatFire
2009-05-03 23:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-03 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-05-03 23:05 155,384 a------- c:\windows\system32\guard32.dll
2009-05-03 23:05 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-03 23:05 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-03 23:05 <DIR> --d----- c:\program files\COMODO
2009-05-03 22:52 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-05-03 22:52 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-05-03 22:52 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-05-03 15:57 316,640 a------- c:\windows\WMSysPr9.prx
2009-05-03 15:57 96,768 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-05-03 15:55 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-03 15:52 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-05-03 15:51 19,528 a------- c:\windows\002345_.tmp
2009-05-03 15:51 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-05-03 15:49 <DIR> --d----- c:\windows\EHome
2009-05-03 15:36 <DIR> --d----- c:\docume~1\5000000\applic~1\Intel
2009-05-03 15:36 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-05-03 15:36 21,361 a------- c:\windows\AegisP.sys
2009-05-03 15:36 13,984 a------- c:\windows\AegisP.inf
2009-05-03 15:36 10,640 a------- c:\windows\AegisP.cat
2009-05-03 15:36 2,777,088 a------- c:\windows\system32\NETw4r32.dll
2009-05-03 15:36 2,236,032 a------- c:\windows\system32\drivers\NETw4x32.sys
2009-05-03 15:36 745,472 a------- c:\windows\system32\NETw4c32.dll
2009-05-03 15:32 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-03 15:32 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-05-03 15:32 <DIR> --d-h--- c:\windows\$hf_mig$
2009-05-03 15:32 <DIR> --d----- c:\windows\system32\bits
2009-05-03 15:31 351,232 a------- c:\windows\system32\winhttp.dll
2009-05-03 15:31 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-05-03 15:31 438,784 -------- c:\windows\system32\xpob2res.dll
2009-05-03 15:31 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-05-03 15:31 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-05-03 15:30 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-05-03 15:30 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-05-03 15:30 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-05-03 15:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-05-03 15:30 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-05-03 15:11 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-05-03 15:11 <DIR> --d----- c:\program files\Belarc
2009-05-03 15:07 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-05-03 14:54 <DIR> --d----- C:\WUTemp
2009-05-03 14:54 192,000 a------- c:\windows\system32\iuengine.dll
2009-05-03 14:47 <DIR> --ds---- c:\documents and settings\5000000\UserData
2009-05-03 14:46 172,032 a------- c:\windows\system32\igfxres.dll
2009-05-03 14:44 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-05-03 14:44 <DIR> --d----- c:\program files\Broadcom
2009-05-03 14:40 <DIR> --d----- C:\dell
2009-05-03 12:41 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-05-03 12:41 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-03 12:41 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-05-03 12:41 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-02 23:44 <DIR> --ds---- c:\windows\system32\Microsoft
2009-05-02 23:41 <DIR> --dsh--- c:\windows\Installer
2009-05-02 23:41 <DIR> --d----- c:\documents and settings\5000000
2009-05-02 23:39 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-02 23:37 111,104 ac------ c:\windows\system32\dllcache\mtstocom.exe
2009-05-02 23:36 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-05-02 23:35 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-02 23:35 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-05-02 23:35 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-02 23:35 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-05-02 23:35 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-05-02 23:35 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-05-02 23:35 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-05-02 23:35 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-05-02 23:35 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-05-02 23:35 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-05-02 23:35 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-05-02 23:35 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-05-02 23:34 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-02 23:32 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-02 23:32 <DIR> --d----- c:\program files\Online Services
2009-05-02 23:32 <DIR> --d----- c:\program files\Messenger
2009-05-02 23:32 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-02 23:31 <DIR> --d----- c:\program files\Windows NT
2009-05-02 16:27 <DIR> --d----- c:\program files\common files\ODBC
2009-05-02 16:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-02 16:26 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-05-03 16:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-02 23:36 558,142 a------- c:\windows\java\packages\Q0DBZR5J.ZIP
2009-05-02 23:36 2,678 a------- c:\windows\java\packages\data\ZH77RN3B.DAT
2009-05-02 23:36 155,995 a------- c:\windows\java\packages\UOZ3RRJF.ZIP
2009-05-02 23:36 2,678 a------- c:\windows\java\packages\data\APB1ZLR9.DAT
2009-05-02 23:36 2,678 a------- c:\windows\java\packages\data\E233HBD3.DAT
2009-05-02 23:36 2,678 a------- c:\windows\java\packages\data\29B93PFV.DAT
2009-05-02 23:36 2,678 a------- c:\windows\java\packages\data\171V1VJP.DAT
2009-05-02 23:33 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 16:40:02.98 ===============

Edited by pinebilly, 04 May 2009 - 06:46 PM.


#3 pinebilly

pinebilly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 05 May 2009 - 12:34 AM

I just fixed the problem myself and wanted to post in case anyone else runs across this (and I am sure people do)

I used a program called "Autorun Eater" and it worked instantly.

Here is a description of what was happening to me (almost exactly) - http://forums.cnet.com/5208-6142_102-0.html?threadID=328308 and you can download autorun eater here - http://www.softpedia.com/get/Security/Secu...run-Eater.shtml .


I will post again using another thread because I do have my desktop that is completely infected and I could use some experts help with hijack this etc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users