Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses Cleaned, Can't access certain internet sites


  • This topic is locked This topic is locked
4 replies to this topic

#1 gino_d_animal

gino_d_animal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 04 June 2009 - 06:44 PM

After McAffee reported several viruses, I rebooted to Safe Mode and ran, Malwarebytes AntiVirus (Smart Scan), McAfee, Lavasoft Anniversary Edition(Full Scan), Windows Defender (Full Scan). Rebooted system and came back up. Now I can't access certain antispyware/update sites, including windowsupdate.microsoft.com, malwarebytes.org, http://forums.spywareinfo.com/, www.microsoft.com.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dad at 19:32:49.70 on Thu 06/04/2009
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.693 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\program Files\MicPhone\antit.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Dad\Local Settings\Temporary Internet

Files\Content.IE5\DUGCN0HT\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\temp\dds.scr

============== Pseudo HJT Report ===============

StartupFolder: c:\docume~1\dad\startm~1\programs\startup\spampal.lnk - c:\program

files\spampal\spampal.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activclient agent.lnk - c:\program

files\actividentity\activclient\acsagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program

files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program

files\kodak\kodak easyshare software\bin\EasyShare.exe

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [2005-12-27

16855]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-4 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-8 201320]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2004-12-2 91136]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe

[2007-5-15 182576]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-8 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-3-8

144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [2005-12-27

21808]
R3 cxbu0wdm;SmartTerminal XX44;c:\windows\system32\drivers\cxbu0wdm.sys [2009-3-28 97792]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-4 40160]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\virusscan\mcsysmon.exe [2009-3-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-8 40488]
S2 0126911239919730mcinstcleanup;McAfee Application Installer Cleanup

(0126911239919730);c:\windows\temp\0126911239919730mcinst.exe

c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service -->

c:\windows\temp\0126911239919730mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini

-cleanup -nolog -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1005904]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-8 33832]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2002-3-20 14448]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service -->

c:\windows\system32\GameMon.des -service [?]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2004-12-2 23180]

=============== Created Last 30 ================

2009-06-04 19:32 359,893 a------- c:\temp\dds.scr
2009-06-04 19:20 <DIR> --d----- c:\program files\Trend Micro
2009-06-04 19:19 812,344 a------- c:\temp\HJTInstall.exe
2009-06-04 19:03 124,928 a------- c:\windows\system32\sopidkc.exe
2009-06-04 19:03 9 a------- c:\windows\system32\comsa32.sys
2009-06-04 19:03 <DIR> --dshr-- c:\program files\MicPhone
2009-06-04 03:12 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 03:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 03:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 20:18 <DIR> --d----- c:\windows\dhcp
2009-06-02 20:15 36,864 a------- c:\windows\system32\dncyool32.sys
2009-05-31 20:43 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-05-31 20:41 2 a------- C:\881627298
2009-05-31 20:40 42,496 a------- C:\lnrqiyh.exe
2009-05-24 00:41 <DIR> --d----- C:\CFLog
2009-05-24 00:40 2,785,582 a------- c:\windows\system32\GameMon.des
2009-05-24 00:29 <DIR> --d----- c:\program files\Subagames

==================== Find3M ====================

2009-06-01 07:30 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-06-01 07:26 155,648 a------- c:\windows\system32\wscript.exe
2009-06-01 07:26 5,632 a------- c:\windows\system32\write.exe
2009-06-01 07:25 119,808 a------- c:\windows\system32\winmine.exe
2009-06-01 07:22 50,176 a------- c:\windows\system32\proquota.exe
2009-06-01 07:21 20,992 a------- c:\windows\system32\MSG.EXE
2009-06-01 07:20 72,704 a------- c:\windows\system32\magnify.exe
2009-06-01 07:19 7,680 a------- c:\windows\system32\HOSTNAME.EXE
2009-06-01 07:19 8,704 a------- c:\windows\system32\EVENTVWR.EXE
2009-06-01 07:18 5,120 a------- c:\windows\system32\BOOTVRFY.EXE
2009-06-01 07:18 142,848 a------- c:\windows\system32\bootcfg.exe
2009-06-01 07:17 14,336 a------- c:\windows\system32\auditusr.exe
2009-06-01 03:13 14,848 a------- c:\windows\system32\jdbgmgr.exe
2009-06-01 03:13 77,824 a------- c:\windows\system32\HPZinw12.exe
2009-06-01 02:01 16,896 a------- c:\windows\system32\wbem\UNSECAPP.EXE
2009-06-01 00:32 744,448 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-05-31 21:51 77,824 a------- c:\windows\system32\nvsvc32.exe
2009-05-31 21:12 126,464 a------- c:\windows\system32\wbem\wmiapsrv.exe
2009-05-31 21:09 180,224 a------- c:\windows\system32\dwwin.exe
2009-05-31 21:06 15,360 a------- c:\windows\system32\PENTNT.EXE
2009-05-31 21:05 89,600 a------- c:\windows\system32\smlogsvc.exe
2009-05-31 21:05 289,792 a------- c:\windows\system32\vssvc.exe
2009-05-31 21:04 49,664 a------- c:\windows\system32\W32TM.EXE
2009-05-31 21:04 9,216 a------- c:\windows\system32\PRINT.EXE
2009-05-31 21:04 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-05-31 21:03 184,320 a------- c:\windows\system32\accwiz.exe
2009-05-31 21:03 106,496 a------- c:\windows\system32\sysocmgr.exe
2009-05-31 21:02 347,136 a------- c:\windows\system32\tourstart.exe
2009-05-31 21:02 61,440 a------- c:\windows\system32\tlntadmn.exe
2009-05-31 21:02 7,680 a------- c:\windows\system32\forcedos.exe
2009-05-31 21:02 23,040 a------- c:\windows\system32\fltmc.exe
2009-05-31 21:02 9,216 a------- c:\windows\system32\FINGER.EXE
2009-05-31 21:02 7,680 a------- c:\windows\system32\CKCNV.EXE
2009-05-31 21:02 98,304 a------- c:\windows\system32\ctxsetup.exe
2009-05-31 21:00 78,848 a------- c:\windows\system32\msiexec.exe
2009-05-31 21:00 194,560 a------- c:\windows\system32\wisptis.exe
2009-05-31 21:00 171,520 a------- c:\windows\system32\wjview.exe
2009-05-31 21:00 98,304 a------- c:\windows\system32\ahui.exe
2009-05-31 21:00 69,632 a------- c:\windows\system32\USRSHUTA.EXE
2009-05-31 20:59 679,936 a------- c:\windows\system32\sstext3d.scr
2009-05-31 20:59 19,968 a------- c:\windows\system32\ssbezier.scr
2009-05-31 20:59 704,512 a------- c:\windows\system32\ss3dfo.scr
2009-05-31 20:59 19,456 a------- c:\windows\system32\shutdown.exe
2009-05-31 20:59 77,824 a------- c:\windows\system32\shrpubw.exe
2009-05-31 20:59 18,944 a------- c:\windows\system32\secedit.exe
2009-05-31 20:59 77,312 a------- c:\windows\system32\sdbinst.exe
2009-05-31 20:59 121,856 a------- c:\windows\system32\schtasks.exe
2009-05-31 20:59 9,728 a------- c:\windows\system32\RESET.EXE
2009-05-31 20:57 69,632 a------- c:\windows\system32\odbcconf.exe
2009-05-31 20:57 32,768 a------- c:\windows\system32\odbcad32.exe
2009-05-31 20:57 36,864 a------- c:\windows\system32\netstat.exe
2009-05-31 20:57 86,016 a------- c:\windows\system32\netsh.exe
2009-05-31 20:57 331,776 a------- c:\windows\system32\netsetup.exe
2009-05-31 20:56 12,288 a------- c:\windows\system32\attrib.exe
2009-05-31 20:56 32,256 a------- c:\windows\system32\ASR_LDM.EXE
2009-05-31 20:56 56,320 a------- c:\windows\system32\FSUTIL.EXE
2009-05-31 20:56 14,848 a------- c:\windows\system32\FC.EXE
2009-05-31 20:56 50,688 a------- c:\windows\system32\eventcreate.exe
2009-05-31 20:56 39,424 a------- c:\windows\system32\ESENTUTL.EXE
2009-05-31 20:56 62,976 a------- c:\windows\system32\driverquery.exe
2009-05-31 20:56 17,920 a------- c:\windows\system32\dpnsvr.exe
2009-05-31 20:55 17,920 a------- c:\windows\system32\DISKPERF.EXE
2009-05-31 20:55 39,936 a------- c:\windows\system32\cmmon32.exe
2009-05-31 20:55 49,152 a------- c:\windows\system32\clspack.exe
2009-05-31 20:55 17,920 a------- c:\windows\system32\ping.exe
2009-05-31 20:53 146,432 a------- c:\windows\regedit.exe
2009-05-31 20:53 299,520 a------- c:\windows\uninst.exe
2009-05-31 20:53 25,600 a------- c:\windows\TWUNK_32.EXE
2009-05-31 20:53 33,792 a------- c:\windows\oeuninst.exe
2009-05-31 20:53 283,648 a------- c:\windows\winhlp32.exe
2009-05-26 22:37 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-22 21:44 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
2008-10-09 15:45 19,055 a------- c:\program files\common files\puwubefoli.reg
2008-10-09 15:45 18,235 a------- c:\program files\common files\uvyzizu.dll
2008-10-09 15:45 11,433 a------- c:\docume~1\alluse~1\applic~1\jukemer.dll
2008-10-09 15:39 14,345 a------- c:\docume~1\alluse~1\applic~1\ilywys.exe
2008-10-09 15:39 12,849 a------- c:\program files\common files\zady._sy
2008-10-09 15:39 11,434 a------- c:\program files\common files\onufafis.bat
2004-09-15 19:31 184,192 a------- c:\docume~1\dad\applic~1\GDIPFONTCACHEV1.DAT
2004-04-28 08:57 61,440 a------- c:\program files\msado20.tlb
1998-05-15 00:00 73,184 a------- c:\program files\DAO2535.TLB
2007-04-02 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007032620070402\index.dat
2007-04-09 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007040220070409\index.dat
2007-04-09 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007040920070410\index.dat
2007-04-10 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007041020070411\index.dat
2007-04-11 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007041120070412\index.dat
2007-04-12 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007041220070413\index.dat
2007-04-13 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012007041320070414\index.dat
2007-04-14 06:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist01200704142007

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:02 AM

Posted 05 June 2009 - 04:46 AM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.
It is clearly here that almost all exe and scr files are infected.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 gino_d_animal

gino_d_animal
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 06 June 2009 - 02:12 AM

I've been meaning to do that for a while anyway, Thanks!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:02 AM

Posted 06 June 2009 - 02:35 AM

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:02 AM

Posted 15 June 2009 - 10:25 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users