Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Troj/Rustok-N"


  • This topic is locked This topic is locked
2 replies to this topic

#1 dj09

dj09

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 May 2009 - 09:48 PM

Initially when running Firefox 3.0.10, Google searches started redirecting.

This presented itself firstly by continuously redirecting in a loop until Firefox stated it had ended the process after detecting that the website was redirecting in a loop that would not end. If this didn't happen a Google search would eventually end up redirecting to either a pornographic site or to a page displaying results of a good search for words unrelated to my original search.

Upon redirecting to a website, Firefox would sometimes display this message in the form of a webpage:

-------------------------------------------------------
"Your computer (IP: xx.xxx.xx.xx) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

Make sure your computer is protected before continue browsing. Without this antivirus software your computer becomes a pushover for hackers.

Make sure you use effective antivirus software. We recommend you to check your computer right now and the software that have already helped thousands of our visitors.

We apologize for the inconvenience."

-------------------------------------------------------

Firstly, I didn't install the software suggested above.

Action I have taken up to this point includes:
  • Ran a scan with Norton 2009, Norton didn't detect anything. Attempted to update virus definitions and was met with the message "Unable to connect to the Norton Liveupdate server. Please check your internet connection."
  • Downloaded SuperAntiSpyware, successfully installed the program but upon opening windows tells me "SUPERAntiSpyware has encountered a problem and needs to close. We are sorry for the inconvenience."
  • Downloaded Malwarebytes Anti Malware, successfull installed the program but upon opening the .exe nothing happens, no reaction from windows at all.
  • I've also tried running online scans at http://www.kaspersky.com but am met with this message "Update has failed. Program has failed to start. Close the Kaspersky online scanner 7.0 window and open it again to install the program. You must be online to update the kaspersky online scanner 7.0 database"
-------------------------------------------------------

DDS (Ver_09-03-16.01) - NTFSx86
Run by Dan at 12:27:01.59 on Mon 05/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2906 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\sysregi.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll42.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\welik.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe c:\windows\cursors\lsass.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Hotfix-KB5504305] c:\windows\system32\rundll42.exe
uRun: [DiskChk help] rundll32.exe "c:\documents and settings\all users.windows\proto.dll" run
uRunServices: [Hotfix-KB5504305] c:\windows\system32\rundll42.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Hotfix-KB5504305] c:\windows\system32\rundll42.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Nod32 Runtime] sysregi.exe
mRunServices: [Hotfix-KB5504305] c:\windows\system32\rundll42.exe
mRunServices: [Nod32 Runtime] sysregi.exe
mExplorerRun: [Lsass Service] c:\documents and settings\dan\application data\microsoft\windows\lsass.exe
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {2B9CC4F5-F8D6-4781-B32E-0B3D60DB2449} = 85.255.112.178,85.255.112.99
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\cli08iw1.default\
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\all users.windows\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-4-11 16384]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1002000.007\SymEFA.sys [2009-5-11 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-5-11 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-5-11 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.006\IDSxpx86.sys [2009-5-11 274808]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2009-4-11 24720]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-4-5 16400]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-5-11 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-11 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081202.022\NAVENG.SYS [2009-5-11 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20081202.022\NAVEX15.SYS [2009-5-11 876112]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-4-5 97808]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-4-5 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-4-5 21904]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2009-5-9 13824]

=============== Created Last 30 ================

2009-05-11 11:57 245,795 a------- C:\downdsload.exe^1
2009-05-11 11:19 245,795 a------- C:\download.exe^1
2009-05-11 11:19 308,736 a------- c:\windows\welik.exe
2009-05-11 11:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 11:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 10:37 27,136 a--sh--- c:\documents and settings\all users.windows\proto.dll
2009-05-11 10:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 10:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 10:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 10:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-05-11 10:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-11 10:29 <DIR> --d----- c:\docume~1\dan\applic~1\SUPERAntiSpyware.com
2009-05-11 10:06 <DIR> --d--r-- c:\program files\Norton Support
2009-05-11 10:05 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-05-11 10:04 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-11 10:04 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-11 10:04 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-11 10:04 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-11 10:04 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-11 10:04 <DIR> --d----- c:\program files\Symantec
2009-05-11 10:04 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-11 10:04 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-05-11 10:04 <DIR> --d----- c:\program files\Norton AntiVirus
2009-05-11 10:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Norton
2009-05-11 10:04 <DIR> --d----- c:\program files\NortonInstaller
2009-05-11 10:04 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-05-11 08:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-11 08:50 23,296 a------- c:\windows\system32\drivers\NaiFiltr.sys
2009-05-10 21:50 <DIR> --d----- c:\program files\McAfee VirusScan Home Edition 7.02 Demo 30
2009-05-10 19:02 0 a------- c:\windows\system32\commonpriv.log.lock
2009-05-10 19:00 <DIR> --d----- c:\program files\AVG
2009-05-10 19:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-05-10 18:10 69 a------- c:\windows\NeroDigital.ini
2009-05-10 17:35 314 ---shr-- C:\autorun.inf
2009-05-10 17:34 <DIR> --d----- c:\program files\PluginVideo
2009-05-10 17:34 65,536 ---shr-- c:\windows\system32\rundll42.exe
2009-05-10 10:57 <DIR> --d----- c:\program files\iPod
2009-05-10 10:57 <DIR> --d----- c:\program files\iTunes
2009-05-10 10:57 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-10 10:52 <DIR> --d----- c:\program files\Bonjour
2009-05-10 03:37 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-10 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-09 14:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-09 14:21 85,376 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2009-05-09 14:20 <DIR> --d----- C:\db9f1910a0866781cea8ce7a
2009-05-09 14:19 <DIR> --d----- C:\5a2e679c096a7fed460401
2009-05-09 14:19 1,287,168 a------- c:\windows\system32\SET38B.tmp
2009-05-09 14:19 <DIR> --d----- C:\700100c531e1f4675a
2009-05-09 14:19 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-09 14:18 446,464 -------- c:\windows\system32\HHActiveX.dll
2009-05-09 14:18 548,864 -------- c:\windows\system32\msvcp80.dll
2009-05-09 14:18 <DIR> --d----- c:\program files\Pinnacle
2009-05-09 14:18 626,688 -------- c:\windows\system32\msvcr80.dll
2009-05-05 21:18 <DIR> --d----- c:\documents and settings\dan\Tracing
2009-04-20 05:47 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\media center programs
2009-04-19 21:07 <DIR> --d----- c:\program files\Funcom
2009-04-19 21:06 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Funcom
2009-04-19 17:30 <DIR> --d----- c:\program files\Perfect World Entertainment
2009-04-19 17:29 258,352 a------- c:\windows\system32\unicows.dll
2009-04-19 12:42 <DIR> --d----- c:\docume~1\dan\applic~1\Braid
2009-04-19 12:09 <DIR> --d----- c:\docume~1\dan\applic~1\GetRightToGo
2009-04-19 11:57 <DIR> --d----- c:\program files\Braid
2009-04-19 11:40 <DIR> --d----- c:\docume~1\dan\applic~1\Broken Rules
2009-04-19 11:40 4,096 a------- c:\windows\d3dx.dat
2009-04-19 11:35 <DIR> --d----- c:\program files\Garage Games
2009-04-13 19:51 86,683 a------- c:\windows\system32\pthreadGC2.dll
2009-04-13 19:51 <DIR> --d----- c:\program files\AoA Audio Extractor
2009-04-13 19:31 <DIR> --d----- c:\program files\GoldWave
2009-04-13 18:37 2,535,424 a------- c:\windows\system32\agsaamj.dll
2009-04-13 18:37 610,304 a------- c:\windows\system32\agsaamg.dll
2009-04-13 18:37 372,736 a------- c:\windows\system32\agsaamc.dll
2009-04-13 18:37 90,112 a------- c:\windows\system32\agsaami.dll
2009-04-13 18:37 53,760 a------- c:\windows\system\ppacklib.dll
2009-04-13 18:37 77 a------- c:\windows\system32\winitn.dll
2009-04-13 18:37 40,960 a------- c:\windows\system32\VBAME.DLL
2009-04-13 18:37 1 a------- c:\windows\sslzdlt.dll
2009-04-13 18:37 1,077,344 a------- c:\windows\system32\mscomctl.ocx
2009-04-13 18:37 647,872 a------- c:\windows\system32\MSCOMCT2.OCX
2009-04-13 18:37 237,568 a------- c:\windows\system32\lame_enc.dll
2009-04-13 18:37 152,848 a------- c:\windows\system32\Comdlg32.ocx
2009-04-13 18:37 <DIR> --d----- c:\program files\AML Products
2009-04-13 18:19 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-04-13 18:14 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-13 18:14 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-13 18:12 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-04-13 08:10 <DIR> --d----- c:\program files\common files\DirectX
2009-04-13 07:58 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-04-13 07:58 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-04-13 07:58 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-04-13 07:58 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-04-13 07:58 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-04-13 07:58 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-04-13 07:58 8,192 a------- c:\windows\system32\kbdkor.dll
2009-04-13 07:58 6,144 a------- c:\windows\system32\kbd106.dll
2009-04-13 07:58 6,144 a------- c:\windows\system32\kbd101c.dll
2009-04-13 07:58 5,632 a------- c:\windows\system32\kbd103.dll
2009-04-13 07:58 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-04-13 07:58 6,144 a------- c:\windows\system32\kbd101b.dll
2009-04-13 07:35 <DIR> --d----- C:\nDoors
2009-04-12 20:46 <DIR> --d----- c:\program files\Eudemons Online
2009-04-12 20:19 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PMB Files
2009-04-12 20:18 <DIR> --d----- c:\program files\Pando Networks
2009-04-12 15:41 189,784 a------- c:\windows\system32\PnkBstrB.xtr
2009-04-12 14:43 <DIR> --d----- c:\docume~1\dan\applic~1\id Software
2009-04-12 14:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\id Software
2009-04-12 14:25 138,464 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-12 14:25 22,328 a------- c:\docume~1\dan\applic~1\PnkBstrK.sys
2009-04-12 14:24 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-04-12 14:24 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-04-12 14:24 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-12 14:24 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-12 14:20 <DIR> --d----- c:\program files\Activision
2009-04-12 13:57 <DIR> --dsh--- c:\windows\ftpcache
2009-04-12 10:59 368,640 a------- c:\windows\system32\ReWire.dll
2009-04-12 10:58 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Propellerhead Software
2009-04-12 10:58 <DIR> --d----- c:\docume~1\dan\applic~1\Propellerhead Software
2009-04-12 01:59 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-04-12 01:59 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-04-12 01:59 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-04-12 01:59 54,272 a------- c:\windows\system32\drivers\swmidi.sys
2009-04-12 01:59 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-04-12 01:59 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-04-12 01:59 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-04-12 01:59 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-04-12 01:59 171,776 a------- c:\windows\system32\drivers\kmixer.sys
2009-04-12 01:59 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-04-12 01:59 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-04-12 01:57 74,240 a------- c:\windows\system32\usbui.dll
2009-04-12 01:57 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-04-12 01:55 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-04-12 01:53 141,702 ac------ c:\windows\system32\dllcache\netfx.cat
2009-04-12 01:51 261 a------- c:\windows\system32\$winnt$.inf
2009-04-11 20:02 <DIR> --d----- c:\docume~1\dan\applic~1\uTorrent
2009-04-11 19:58 <DIR> --d----- c:\docume~1\dan\applic~1\Digidesign
2009-04-11 19:58 32 a------- c:\windows\system32\w3data.vss
2009-04-11 19:58 32 a------- c:\windows\system32\msvcsv60.dll
2009-04-11 19:58 32 a------- c:\windows\msocreg32.dat
2009-04-11 19:58 <DIR> --d----- c:\docume~1\dan\applic~1\PACE Anti-Piracy
2009-04-11 19:58 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PACE Anti-Piracy
2009-04-11 19:54 <DIR> --d----- c:\program files\Steinberg
2009-04-11 19:53 673,546 a------- c:\windows\unins000.exe
2009-04-11 19:53 61,440 a------- c:\windows\system32\marblaxp.dll
2009-04-11 19:53 53,248 a------- c:\windows\system32\drivers\maplevmd000.exe
2009-04-11 19:53 49,152 a------- c:\windows\system32\mapleapi.dll
2009-04-11 19:53 31,624 a------- c:\windows\system32\mapledxp.dll
2009-04-11 19:53 24,720 a------- c:\windows\system32\drivers\mapledxp.sys
2009-04-11 19:53 7,459 a------- c:\windows\unins000.dat
2009-04-11 19:49 16,384 a------- c:\windows\system32\drivers\DigiFilt.sys
2009-04-11 19:46 3,683,014 a------- c:\windows\system32\DirectIO.dll
2009-04-11 19:46 1,362,460 a------- c:\windows\system32\ExpansionHD_Firmware.bin
2009-04-11 19:46 659,456 a------- c:\windows\system32\DSI.dll
2009-04-11 19:46 270,336 a------- c:\windows\system32\DigiPlatformSupport.dll
2009-04-11 19:46 90,112 a------- c:\windows\system32\WinMMFix.dll
2009-04-11 19:46 15,872 a------- c:\windows\system32\digicoin.dll
2009-04-11 19:46 172,032 a------- c:\windows\system32\Diomidi.DLL
2009-04-11 18:58 <DIR> --d----- c:\program files\VideoLAN
2009-04-11 18:45 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-11 18:45 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-11 18:04 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-04-11 18:04 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-04-11 18:02 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-11 18:01 69,632 a------- c:\windows\Alcmtr.exe
2009-04-11 17:57 765,952 a------- c:\windows\system32\xvidcore.dll
2009-04-11 17:57 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-11 17:57 77,824 a------- c:\windows\system32\xvid.ax
2009-04-11 17:53 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-11 17:53 19,528 a------- c:\windows\000001_.tmp
2009-04-11 17:53 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-04-11 17:24 <DIR> --ds---- c:\documents and settings\dan\UserData
2009-04-11 17:21 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-11 17:10 <DIR> --d----- c:\program files\WinAce
2009-04-11 17:01 453,152 a------- c:\windows\system32\nvudisp.exe
2009-04-11 17:01 215,383 a------- c:\windows\system32\nvapps.xml
2009-04-11 17:01 19,054 a------- c:\windows\system32\nvdisp.nvu
2009-04-11 17:00 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-04-11 16:49 1,355,906 a------- c:\windows\UnInstallDynalinkADSL.dll
2009-04-11 16:49 <DIR> --d----- c:\program files\Dynalink
2009-04-11 16:41 <DIR> --d----- c:\documents and settings\Dan
2009-04-11 16:15 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-11 16:13 221,696 ac------ c:\windows\system32\dllcache\seo.dll
2009-04-11 16:12 838,144 ac------ c:\windows\system32\dllcache\chtbrkr.dll
2009-04-11 16:11 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-04-11 16:09 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-04-11 16:08 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-11 16:07 65,954 a------- c:\windows\Prairie Wind.bmp

==================== Find3M ====================

2009-05-11 10:43 843,776 a------- c:\windows\cursors\supdate.exe
2009-05-11 10:43 843,776 ---shr-- c:\windows\cursors\csrss.exe
2009-05-10 19:02 311,340 ---sh--- c:\windows\cursors\lsass.exe
2009-04-11 17:56 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-11 17:52 315,392 a------- c:\windows\HideWin.exe
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2004-08-04 00:56 300,032 ---shr-- c:\windows\system32\sysregi.exe

============= FINISH: 12:27:09.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:05 PM

Posted 15 May 2009 - 04:29 PM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:05 PM

Posted 23 May 2009 - 09:57 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users