Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus attack


  • Please log in to reply
3 replies to this topic

#1 ashoka149

ashoka149

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 30 May 2009 - 07:09 AM

Friends,

My first time on any forum, so please overlook mistakes.

I have a desktop,athalon 4400; 2GB RAM, 300GB hard drive, ATI radeon 800, running windows XP home edition with SP3.
I downloaded a trailer of a movie off the internet. It appeared to be a WMV file. when I tried to play it the windows media player 11 window opened but I got a smaller window with message saying that the player was downloading permission to play the file. After this WMP 11 window crashed and I had to reboot.
Since then norton internet security 2009 does not work in normal mode. I tried to run malware bytes anti-malware free version but it would not work as well. I had lost internet access. When I clicked on the internet icon (IE8), I got a message saying could not connect. Firefox again could not connect to the default web page. I have broad band acess with a wired router. When I checked the LAN settings the "use automatically configure settings" was unticked as was "use proxy server". When I ticked the use automatic configuration settings, and tried again IE did not work. My windows firewall which was working earlier had stopped working. I got into safe mode and ran norton. Found a virus called PROXY DNS. Once this was was removed I was able to use IE in safe mode. When I tried to google, I was redirected to different websites like ebay, my facebook, and downloads.com todownload antispyware. I had to reset my internet settings before I could use the internet.

I downloaded Combifix after reading about it at a few other sites, but when I save it and run it from desktop it does not run in safe mode. Also when I try to run it directly without downloading it I get an error message "cannot change file name to combifix 1" although I did not try to change this name myself. I suspect it is the virus. I can access system restore but when I try to do it message says "system restore will use a few minutes to gather data about restore point and then close", but nothing happens even after an hour.

Any help would be much appreciated.

ashok149

Edited by ashoka149, 30 May 2009 - 07:18 AM.


BC AdBot (Login to Remove)

 


#2 ashoka149

ashoka149
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 30 May 2009 - 11:28 AM

hi guys

I managed to get malware bytes to work by changing the .exe to .bat. Thanks for not responding earlier. Norton, combifix and IE8 do not still work in normal mode. Help..........

I have pasted below the file that was saved. I have had evidence eliminator for the last 4 years. not sure if the plug in's are malware.

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

30/05/2009 16:23:47
mbam-log-2009-05-30 (16-23-32).txt

Scan type: Quick Scan
Objects scanned: 110180
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 5
Files Infected: 143

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\Eeshellx.dll (Rogue.EvidenceEliminator) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{0e6117e2-c367-4be3-8045-52669e71b5df} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f272845d-cec2-4f95-92ee-6d08fdfbd471} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b1816445-a3ed-11d3-b2b3-00104b4c6b08} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\eeshellx.shellext (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b1816445-a3ed-11d3-b2b3-00104b4c6b08} (Rogue.EvidenceEliminator) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e280ba1-75f7-45cb-989f-31a2c437a796}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aba5ff5e-f2eb-4494-b697-17958be102ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8e280ba1-75f7-45cb-989f-31a2c437a796}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{aba5ff5e-f2eb-4494-b697-17958be102ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{8e280ba1-75f7-45cb-989f-31a2c437a796}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.168,85.255.112.146 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{aba5ff5e-f2eb-4494-b697-17958be102ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.168 -> No action taken.

Folders Infected:
c:\documents and settings\ashoka acharya\Start Menu\Programs\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
C:\Program Files\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Help (Rogue.EvidenceEliminator) -> No action taken.

Files Infected:
C:\WINDOWS\system32\Eeshellx.dll (Rogue.EvidenceEliminator) -> No action taken.
c:\documents and settings\ashoka acharya\start menu\Programs\evidence eliminator\Evidence Eliminator Help.lnk (Rogue.EvidenceEliminator) -> No action taken.
c:\documents and settings\ashoka acharya\start menu\Programs\evidence eliminator\Evidence Eliminator License Agreement.lnk (Rogue.EvidenceEliminator) -> No action taken.
c:\documents and settings\ashoka acharya\start menu\Programs\evidence eliminator\Evidence Eliminator Read Me.lnk (Rogue.EvidenceEliminator) -> No action taken.
c:\documents and settings\ashoka acharya\start menu\Programs\evidence eliminator\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Ee.exe (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\INSTALL.LOG (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\License.txt (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\ReadMe.txt (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\UNWISE.EXE (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\UNWISE.INI (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Config.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Drives.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Files.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\FilesContents.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Folders.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\FolderScans.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\IECookiesKeep.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\IEDownloadedKeep.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\MozillaCookiesKeep.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\OE5ChoiceList.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\PlugInSelections.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\ScanMasks.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\TBChoiceList.dat (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\AbsoluteFTP.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\ASPack.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Avant Browser.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Cabinet Manager.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Copernic 2000.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Copernic Agent.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v3.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v7.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v3.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\DiskKeeper v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\DivXPlayer.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Download Accelerator.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Eudora Mail.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\EventLog.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\FTP Explorer.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\GetRight v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Google Chrome.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\GoogleBar.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\GoogleNavigation.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\GoZilla.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Helios TextPad v3.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Helios TextPad v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\HelpWriter.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Icon Extractor.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\ICQ 2000a.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\InstallShield Express.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\J2 Messenger.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Kazaa.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Limewire v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microangelo 98.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft FrontPage.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft HTML Help.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Office.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\My Network Places.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Napster Music Community.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\NEATO Labels.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\NeoPlanet v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton File Manager.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton Personal Firewall.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Norton Utilities 2000.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\NoteTab Pro.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Opera Browser.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\PackageForTheWeb.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Personal Ancestral File.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Quicktime.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Real Download v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Real Player v10.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\RealOne Player.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\RemoteDesktop.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Safari Browser.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\SureThing CD Labeler.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Telnet.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\UltraEdit v4.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\UltraEdit v7.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Web Ferret v3.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinOnCD.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v2.6.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v2.70.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v3.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinZip v7.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\WinZip v8.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Wise Installer.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Yahoo Player.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\YahooMessenger.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\ZipMagic 2000.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Data\Plug-Ins\Zone Alarm.eep (Rogue.EvidenceEliminator) -> No action taken.
c:\program files\evidence eliminator\Help\ee.chm (Rogue.EvidenceEliminator) -> No action taken.
c:\documents and settings\ashoka acharya\Desktop\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> No action taken.
c:\WINDOWS\system32\gewsosmg.dll (Trojan.Vundo) -> No action taken.

Edited by ashoka149, 30 May 2009 - 11:36 AM.


#3 ashoka149

ashoka149
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 30 May 2009 - 06:07 PM

hello again

I decided to go for it as the odds of 1 in 100 did not seem too high to me. (I treat a lot of patients with viral infections in real life!! A lot easier than this)

Have got everything working again. Did the following just in case any one else may find it useful:

1. Downloaded autorun eater.exe in safe mode and installed and ran it. It removed one autorun file from C drive. Can be got free if you google!
2. Ran malwarebytes malware removal tool in safe mode and when rebooting moved into normal mode and removed 6 files noted to be infected with trojans. See log file in the post above.
3.Ran SMITFRAUDFIX.exe in safe mode. Seemed to remove a couple of files but no names appeared in the DOS window.
4. Ran COMBIFIX.exe after changing name to Combifix.bat in safe mode. Got it working at last. Found evidence of rootkit activity in 3 files in system32 folder C:\ windows\system32\drivers\gxvcumqlvhosenkltpfrjbarsvxowkkymyxy.sys; C:\windows\system32\gxvxcqjvrt......krom.dll; and C;\windows\system32\gxvxct......akom.dll. Combix asked me to write down the names and needed to reboot into normal mode to delete these files. Further files were removed by combifix as follows:

C:\windows\system32\temp.reg
C;\documents and settings\owners name\application data\inst.exe
C:\windows\system32\Pncrt.dll

Once combifix had exited I had my normal desktop icons and norton internet security 2009 and internet explorer working again.

I have downloaded the latest definitions of norton and run a scan. Nothing found.

I have restored the windows firewall.

Anythings I need to do to make sure that the system is clean?????

Thanks for the advice on the many posts from today. I used the advice there to tackle this problem.

ashoka149

#4 ashoka149

ashoka149
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 31 May 2009 - 04:17 AM

guys

Here is what I have done so far again based on advice from sites found by googling:

1. Updated norton virus definitions and run a full scan. No virus found.
2. Updated windows
3.Reset internet home page and internet settings via internet properties dialogue box
4.Updated malware bytes and ran a full system scan. No malware found.
5.Checked for system restore points created when infected, planning to delete it. But none found.
6. Ran CCleaner to remove temporary files
7. Ran commodo registry cleaner and backed up registry
8.Checked both internet and firewall trusted and banned websites.
9Downloaded LSPfix freeware, and checked for damage to LSP: none found.
10. Checked windows system files for digital signature from acessories/system tools/system information
11. Checked host files entries: none abnormal found.Replaced host file from adbin website which blocks a number of dodgy sites being accessed. Downloaded adbin to use in future.
12. Read through the tutorial on safe internet use on Bleeping computer.com!!! Very useful.

Any other suggestions? The computer appears to be working fine.

Edited by ashoka149, 31 May 2009 - 04:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users