Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windowsclick.com Rootkit (UACD?)


  • This topic is locked This topic is locked
2 replies to this topic

#1 nintendo1889

nintendo1889

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 11 June 2009 - 11:05 AM

This nasty program just won't go away.

I finally got windows defender to install and update, and it found Trojan:Win32/Vundo.BR and Backdoor:Win32/Haxdoor.gen!b in memory (eg without scanning, just on startup)

http://go.microsoft.com/fwlink/?linkid=370...threatid=124276
http://go.microsoft.com/fwlink/?linkid=370...threatid=108928


Also after trying to install Malwarebytes I get a bunch of suspicious files in the root of my flash drive,

2004-08-04 03:00 53760 24530 7bd6ceb2 LOGONUI.EXE
2004-08-04 03:00 53760 24530 7bd6ceb2 NSSETUP.EXE
2004-08-04 03:00 53760 24530 7bd6ceb2 QUICKTIMEUPDATER.EXE
2004-08-04 03:00 53760 24530 7bd6ceb2 RUNDLL32.EXE
2004-08-04 03:00 53760 24530 7bd6ceb2 SPOOLSV.EXE
2004-08-04 03:00 53760 24530 7bd6ceb2 SVCHOST.EXE

Here's the result of the scanning those files,

http://www.virustotal.com/analisis/1b5d2c1...ad65-1244735319



Here's the dds.txt file:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Software Admin at 11:40:11.78 on Sun 06/11/2006
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1150.601 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\Software Admin\Desktop\anti spyware\Antivirus\avast virus cleaner-11-5-2007-aswclnr.exe
C:\Documents and Settings\Software Admin\Desktop\anti spyware\Antivirus\avast virus cleaner-11-5-2007-aswclnr.tmp
C:\Program Files\Internet Explorer\Iexplore.exe
E:\AntiSpyware\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: c:\windows\system32\sdjee3inf.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\sdjee3inf.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [act] c:\windows\system32\msoobe32.exe
dRun: [<NO NAME>] c:\windows\temp\kkb2cc.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\kkb2cc.exe
dRun: [Diagnostic Manager] c:\windows\temp\4126871614.exe
dRun: [Windows Resurections] c:\windows\temp\kjswlk.exe
dRun: [reader_s] c:\documents and settings\software admin\reader_s.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: vmbox7 - vmbox7.dll
Notify: __c001D99 - c:\windows\system32\__c001D99.dat
STS: c:\windows\system32\tehfb873inf.dll: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\tehfb873inf.dll
STS: c:\windows\system32\sdjee3inf.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\sdjee3inf.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 vmbox7;VMBox Virtual Machine Driver;c:\windows\system32\vmbox7.sys [2006-6-4 8720]
R2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S1 149ecd9e;149ecd9e;c:\windows\system32\drivers\149ecd9e.sys [2006-5-23 0]
S1 SAVRT;SAVRT;\??\c:\program files\norton internet security\norton antivirus\savrt.sys --> c:\program files\norton internet security\norton antivirus\SAVRT.SYS [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton internet security\norton antivirus\savrtpel.sys --> c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [?]
S1 win32x;win32x;\??\c:\windows\system32\drivers\win32x.sys --> c:\windows\system32\drivers\win32x.sys [?]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\system32\avast!avscontrolservice.exe -k netsvcs --> c:\windows\system32\avast!AVSControlService.exe -k netsvcs [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NAVENG.Sys [2006-2-26 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090225.021\NavEx15.Sys [2006-2-26 876144]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-28 198248]
S4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-28 235168]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-28 79464]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-28 181864]
S4 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S4 SAVScan;SAVScan;"c:\program files\norton internet security\norton antivirus\savscan.exe" --> c:\program files\norton internet security\norton antivirus\SAVScan.exe [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 67184]

=============== Created Last 30 ================

2006-06-11 11:21 0 a------- c:\windows\system32\a9k.bin
2006-06-11 11:07 <DIR> --d----- c:\program files\Trend Micro
2006-06-11 11:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2006-06-11 10:52 <DIR> --d----- c:\docume~1\softwa~1\applic~1\Thinstall
2006-06-10 23:54 <DIR> --d----- C:\VundoFix Backups
2006-06-10 21:13 144,896 a------- c:\windows\system32\avast!AVSControlService.exe
2006-06-10 21:00 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2006-06-10 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2006-06-10 20:22 81,920 a------- c:\windows\system32\Startup.cpl
2006-06-09 17:54 58,880 a------- c:\windows\system32\144.tmp
2006-06-09 16:54 58,880 a------- c:\windows\system32\133.tmp
2006-06-09 15:54 58,880 a------- c:\windows\system32\12F.tmp
2006-06-09 14:54 58,880 a------- c:\windows\system32\11F.tmp
2006-06-09 13:54 58,880 a------- c:\windows\system32\E9.tmp
2006-06-09 12:54 58,880 a------- c:\windows\system32\E5.tmp
2006-06-09 12:37 1 a------- c:\windows\system32\DF.tmp
2006-06-09 12:37 84 a------- c:\windows\system32\DD.tmp
2006-06-09 11:54 58,880 a------- c:\windows\system32\D9.tmp
2006-06-09 10:54 58,880 a------- c:\windows\system32\D4.tmp
2006-06-09 09:54 58,880 a------- c:\windows\system32\D0.tmp
2006-06-09 08:54 58,880 a------- c:\windows\system32\CC.tmp
2006-06-09 08:07 1 a------- c:\windows\system32\CB.tmp
2006-06-09 08:06 84 a------- c:\windows\system32\C9.tmp
2006-06-09 07:54 58,880 a------- c:\windows\system32\C5.tmp
2006-06-09 06:54 58,880 a------- c:\windows\system32\C2.tmp
2006-06-09 05:54 58,880 a------- c:\windows\system32\BE.tmp
2006-06-09 04:54 58,880 a------- c:\windows\system32\B6.tmp
2006-06-09 03:54 58,880 a------- c:\windows\system32\AF.tmp
2006-06-09 02:54 58,880 a------- c:\windows\system32\AB.tmp
2006-06-09 01:54 58,880 a------- c:\windows\system32\99.tmp
2006-06-09 00:54 58,880 a------- c:\windows\system32\87.tmp
2006-06-08 23:54 58,880 a------- c:\windows\system32\63.tmp
2006-06-08 22:54 58,880 a------- c:\windows\system32\32.tmp
2006-06-07 13:18 58,880 a------- c:\windows\system32\3C.tmp
2006-06-06 21:46 58,880 a------- c:\windows\system32\35.tmp
2006-06-06 20:46 58,880 a------- c:\windows\system32\31.tmp
2006-06-04 20:15 58,880 a------- c:\windows\system32\3B.tmp
2006-06-04 19:15 58,880 a------- c:\windows\system32\38.tmp
2006-06-04 17:36 7 a------- c:\windows\system32\nar-z1.bin
2006-06-04 17:16 23,695 a------- c:\windows\system32\vmbox7.dll
2006-06-04 17:16 8,720 a------- c:\windows\system32\vmbox7.sys
2006-06-02 22:57 58,880 a------- c:\windows\system32\9F.tmp
2006-06-02 21:57 58,880 a------- c:\windows\system32\82.tmp
2006-06-02 20:57 58,880 a------- c:\windows\system32\17.tmp
2006-06-01 23:03 29,184 a------- c:\windows\system32\jbnmck.dll
2006-06-01 13:47 163,840 -------- c:\windows\system32\dllcache\jgdw400.dll
2006-06-01 13:47 27,648 -------- c:\windows\system32\dllcache\jgpl400.dll
2006-05-31 23:15 58,880 a------- c:\windows\system32\CF.tmp
2006-05-31 22:15 58,880 a------- c:\windows\system32\BA.tmp
2006-05-31 20:16 0 a------- c:\windows\system32\16.tmp
2006-05-31 20:16 0 a------- c:\windows\system32\15.tmp
2006-05-31 20:16 124 a------- c:\windows\system32\13.tmp
2006-05-31 11:27 58,880 a------- c:\windows\system32\4B.tmp
2006-05-29 10:30 1,494,528 -------- c:\windows\system32\dllcache\shdocvw.dll
2006-05-28 17:16 0 a------- C:\F0.tmp
2006-05-28 17:16 0 a------- C:\EF.tmp
2006-05-28 17:16 0 a------- C:\EE.tmp
2006-05-28 17:16 0 a------- C:\ED.tmp
2006-05-27 21:49 58,880 a------- c:\windows\system32\132.tmp
2006-05-27 20:49 58,880 a------- c:\windows\system32\FA.tmp
2006-05-27 19:49 58,880 a------- c:\windows\system32\E2.tmp
2006-05-27 18:50 0 a------- C:\DF.tmp
2006-05-27 18:50 0 a------- C:\DE.tmp
2006-05-27 18:50 0 a------- C:\DD.tmp
2006-05-27 18:50 0 a------- C:\DC.tmp
2006-05-27 18:50 0 a------- C:\DB.tmp
2006-05-27 18:50 0 a------- C:\DA.tmp
2006-05-27 18:50 0 a------- C:\D9.tmp
2006-05-27 18:50 0 a------- c:\windows\system32\D7.tmp
2006-05-27 18:50 0 a------- C:\D6.tmp
2006-05-27 18:49 120 a------- c:\windows\system32\D2.tmp
2006-05-27 18:49 0 a------- C:\D3.tmp
2006-05-27 18:49 0 a------- C:\D1.tmp
2006-05-27 18:49 0 a------- C:\D0.tmp
2006-05-27 18:49 0 a------- C:\CF.tmp
2006-05-27 18:49 0 a------- C:\CE.tmp
2006-05-27 18:49 0 a------- C:\CB.tmp
2006-05-27 18:49 0 a------- C:\CA.tmp
2006-05-27 18:49 0 a------- C:\C9.tmp
2006-05-27 18:49 51,712 a------- C:\C8.tmp
2006-05-26 19:34 0 a------- C:\C7.tmp
2006-05-26 19:32 0 a------- C:\AF.tmp
2006-05-26 19:32 51,712 a------- C:\A8.tmp
2006-05-26 17:34 0 a------- C:\C0.tmp
2006-05-26 17:34 0 a------- C:\BF.tmp
2006-05-25 20:36 0 a------- C:\A5.tmp
2006-05-25 20:36 0 a------- C:\A4.tmp
2006-05-25 20:36 0 a------- C:\A3.tmp
2006-05-25 19:55 0 a------- c:\windows\system32\E4.tmp
2006-05-25 19:55 120 a------- c:\windows\system32\E1.tmp
2006-05-25 19:23 58,880 a------- c:\windows\system32\D8.tmp
2006-05-25 17:25 0 a------- C:\97.tmp
2006-05-25 17:24 0 a------- C:\96.tmp
2006-05-25 17:24 0 a------- C:\95.tmp
2006-05-25 17:24 0 a------- C:\94.tmp
2006-05-25 17:24 0 a------- C:\92.tmp
2006-05-25 17:24 0 a------- C:\90.tmp
2006-05-25 17:23 0 a------- C:\8F.tmp
2006-05-25 17:23 0 a------- C:\8E.tmp
2006-05-25 17:23 0 a------- C:\8D.tmp
2006-05-25 17:23 0 a------- C:\8C.tmp
2006-05-25 17:23 0 a------- C:\8B.tmp
2006-05-25 17:23 0 a------- C:\8A.tmp
2006-05-25 17:23 0 a------- C:\89.tmp
2006-05-25 17:23 0 a------- C:\87.tmp
2006-05-25 17:23 0 a------- C:\86.tmp
2006-05-25 17:23 0 a------- C:\85.tmp
2006-05-25 17:23 51,712 a------- C:\7E.tmp
2006-05-25 17:23 0 a------- c:\windows\system32\34.tmp
2006-05-25 17:21 0 a------- C:\7C.tmp
2006-05-25 17:21 0 a------- C:\7B.tmp
2006-05-25 17:21 0 a------- C:\79.tmp
2006-05-25 17:21 0 a------- C:\77.tmp
2006-05-25 17:21 51,712 a------- C:\76.tmp
2006-05-25 17:21 645 a------- C:\xcrashdump.dat
2006-05-23 23:06 0 a------- C:\84.tmp
2006-05-23 23:06 0 a------- C:\83.tmp
2006-05-23 23:06 0 a------- C:\82.tmp
2006-05-23 23:06 0 a------- C:\81.tmp
2006-05-23 23:06 0 a------- C:\80.tmp
2006-05-23 23:06 0 a------- C:\7F.tmp
2006-05-23 23:06 0 a------- c:\windows\system32\7E.tmp
2006-05-23 23:05 0 a------- C:\7D.tmp
2006-05-23 23:05 120 a------- c:\windows\system32\79.tmp
2006-05-23 23:05 0 a------- C:\7A.tmp
2006-05-23 23:05 0 a------- C:\78.tmp
2006-05-23 23:05 0 a------- C:\75.tmp
2006-05-23 23:05 0 a------- C:\74.tmp
2006-05-23 23:05 0 a------- C:\73.tmp
2006-05-23 23:05 0 a------- C:\72.tmp
2006-05-23 23:05 0 a------- C:\71.tmp
2006-05-23 23:05 0 a------- C:\70.tmp
2006-05-23 23:05 0 a------- C:\6F.tmp
2006-05-23 23:05 51,712 a------- C:\6E.tmp
2006-05-23 15:11 0 a------- C:\6D.tmp
2006-05-23 15:11 0 a------- C:\6C.tmp
2006-05-23 15:11 0 a------- C:\6B.tmp
2006-05-23 15:11 0 a------- C:\6A.tmp
2006-05-23 15:11 0 a------- C:\69.tmp
2006-05-23 15:11 0 a------- C:\68.tmp
2006-05-23 15:11 0 a------- C:\67.tmp
2006-05-23 15:11 0 a------- C:\66.tmp
2006-05-23 15:10 0 a------- C:\65.tmp
2006-05-23 15:10 0 a------- C:\64.tmp
2006-05-23 15:10 0 a------- C:\63.tmp
2006-05-23 15:10 0 a------- C:\62.tmp
2006-05-23 15:10 0 a------- C:\61.tmp
2006-05-23 15:10 0 a------- C:\5D.tmp
2006-05-23 15:10 0 a------- C:\56.tmp
2006-05-23 15:10 0 a------- C:\55.tmp
2006-05-23 15:10 51,712 a------- C:\46.tmp
2006-05-23 14:33 40,448 a------- c:\windows\system32\SYSDLL.exe
2006-05-23 14:32 <DIR> --d----- c:\windows\system32\121973
2006-05-23 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\91231086
2006-05-23 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\11221094
2006-05-23 14:32 0 a------- c:\windows\system32\drivers\149ecd9e.sys
2006-05-23 14:32 25,088 a------- C:\ofrs.exe
2006-05-23 14:32 15,000 a------- c:\windows\system32\yhafd78auhd.dll
2006-05-23 14:32 27,648 a------- c:\windows\system32\__c001D99.dat
2006-05-23 14:32 59,904 a------- C:\wmkfknk.exe
2006-05-22 20:06 0 a------- C:\60.tmp
2006-05-22 20:06 0 a------- C:\5F.tmp
2006-05-22 20:02 0 a------- C:\4E.tmp
2006-05-22 20:02 0 a------- C:\4D.tmp
2006-05-22 20:02 0 a------- C:\4C.tmp
2006-05-22 20:02 0 a------- C:\4B.tmp
2006-05-22 20:02 0 a------- C:\4A.tmp
2006-05-22 20:02 0 a------- C:\49.tmp
2006-05-22 20:02 0 a------- C:\48.tmp
2006-05-22 20:02 0 a------- C:\47.tmp
2006-05-22 20:02 0 a------- C:\44.tmp
2006-05-22 20:02 0 a------- C:\43.tmp
2006-05-22 20:01 0 a------- C:\42.tmp
2006-05-22 20:01 0 a------- C:\41.tmp
2006-05-22 20:01 0 a------- C:\40.tmp
2006-05-22 20:01 0 a------- C:\3F.tmp
2006-05-22 20:01 0 a------- C:\38.tmp
2006-05-22 20:01 0 a------- C:\33.tmp
2006-05-22 20:01 51,712 a------- C:\32.tmp
2006-05-22 20:01 15,000 a------- c:\windows\system32\sdjee3inf.dll
2006-05-22 19:54 0 a------- C:\30.tmp
2006-05-22 19:54 0 a------- C:\2F.tmp
2006-05-22 19:54 0 a------- C:\2E.tmp
2006-05-22 19:54 0 a------- C:\2D.tmp
2006-05-22 19:54 0 a------- C:\28.tmp
2006-05-22 19:54 20,480 a------- C:\12.tmp
2006-05-21 18:05 0 a------- C:\3E.tmp
2006-05-21 18:04 0 a------- C:\3D.tmp
2006-05-21 18:04 0 a------- C:\3C.tmp
2006-05-21 18:04 0 a------- C:\3B.tmp
2006-05-21 18:04 0 a------- C:\3A.tmp
2006-05-21 18:04 0 a------- C:\37.tmp
2006-05-21 18:04 0 a------- C:\36.tmp
2006-05-21 18:04 0 a------- C:\35.tmp
2006-05-21 18:03 0 a------- C:\34.tmp
2006-05-21 18:03 0 a------- C:\2C.tmp
2006-05-21 18:03 0 a------- C:\2B.tmp
2006-05-21 18:03 0 a------- C:\2A.tmp
2006-05-21 18:03 0 a------- C:\29.tmp
2006-05-21 18:03 0 a------- C:\27.tmp
2006-05-21 18:03 0 a------- C:\26.tmp
2006-05-21 18:03 0 a------- C:\25.tmp
2006-05-21 18:03 51,712 a------- C:\24.tmp
2006-05-21 18:00 0 a------- C:\23.tmp
2006-05-21 18:00 0 a------- C:\22.tmp
2006-05-21 18:00 0 a------- C:\21.tmp
2006-05-21 18:00 0 a------- C:\20.tmp
2006-05-21 18:00 0 a------- C:\1F.tmp
2006-05-21 18:00 0 a------- C:\1E.tmp
2006-05-21 18:00 0 a------- C:\1D.tmp
2006-05-21 17:59 0 a------- C:\1C.tmp
2006-05-21 17:59 0 a------- C:\1B.tmp
2006-05-21 17:59 0 a------- C:\1A.tmp
2006-05-21 17:59 0 a------- C:\19.tmp
2006-05-21 17:59 0 a------- C:\18.tmp
2006-05-21 17:59 0 a------- C:\17.tmp
2006-05-21 17:59 0 a------- C:\16.tmp
2006-05-21 17:59 0 a------- C:\15.tmp
2006-05-21 17:59 0 a------- C:\14.tmp
2006-05-21 17:59 51,712 a------- C:\13.tmp
2006-05-21 17:59 15,000 a------- c:\windows\system32\tehfb873inf.dll
2006-05-21 17:58 29,184 a------- c:\windows\system32\jhxm32.dll
2006-05-20 19:01 454,656 a------- c:\windows\system32\msoobe32.exe
2006-05-20 19:01 54,272 a------- c:\windows\system32\AshEvtSvc.exe
2006-05-19 10:08 3,059,200 -------- c:\windows\system32\dllcache\mshtml.dll
2006-05-19 07:59 111,616 -------- c:\windows\system32\dllcache\dhcpcsvc.dll
2006-05-19 07:59 94,720 -------- c:\windows\system32\dllcache\iphlpapi.dll
2006-05-18 00:24 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2006-05-17 22:07 <DIR> --d----- c:\program files\Coreguard Antivirus 2009
2006-05-16 23:25 1 a------- c:\windows\system32\16A.tmp
2006-05-16 23:25 84 a------- c:\windows\system32\169.tmp

==================== Find3M ====================

2006-05-29 22:47 94,208 a------- c:\windows\DUMP4fa6.tmp
2006-05-28 20:33 94,208 a------- c:\windows\DUMP4e6e.tmp
2006-05-28 17:15 135,168 ----h--- c:\windows\system32\VT101.EXE
2006-05-26 19:31 94,208 a------- c:\windows\DUMP4f58.tmp
2006-05-25 20:33 94,208 a------- c:\windows\DUMP4d35.tmp
2006-05-23 15:10 94,208 a------- c:\windows\DUMP4e20.tmp
2006-05-23 14:33 77,312 a------- c:\windows\system32\userinit.exe
2006-05-20 19:01 182,912 a------- c:\windows\system32\drivers\ndis.sys
2006-05-20 19:01 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2006-05-05 04:47 174,592 a------- c:\windows\system32\drivers\rdbss.sys
2006-05-05 04:47 174,592 -------- c:\windows\system32\dllcache\rdbss.sys
2006-05-05 04:41 453,120 a------- c:\windows\system32\drivers\mrxsmb.sys
2006-05-05 04:41 453,120 -------- c:\windows\system32\dllcache\mrxsmb.sys
2006-05-01 19:09 82,944 a--sh--- c:\windows\system32\bezuyiza.exe
2006-05-01 19:09 105,984 -------- c:\windows\system32\toyigeru.dll
2006-05-01 19:09 100,864 -------- c:\windows\system32\jakejoki.dll
2006-04-30 10:43 105,984 -------- c:\windows\system32\batideto.dll
2006-04-30 10:43 81,408 a--sh--- c:\windows\system32\jofalasa.exe
2006-04-29 20:46 98,304 -------- c:\windows\system32\semehine.dll
2006-04-29 20:46 80,896 a--sh--- c:\windows\system32\ludiyofu.exe
2006-04-27 17:00 67,072 a--sh--- c:\windows\system32\nebiyune.dll
2006-04-27 17:00 98,304 a--sh--- c:\windows\system32\rifediga.dll
2006-04-27 17:00 105,984 a--sh--- c:\windows\system32\zuhenawu.dll
2006-04-27 17:00 78,848 a--sh--- c:\windows\system32\yabafoga.exe
2006-04-22 22:07 108,032 -------- c:\windows\system32\mimubama.dll
2006-04-22 22:07 83,456 a--sh--- c:\windows\system32\kolojebe.exe
2006-04-22 22:07 100,864 -------- c:\windows\system32\jalehini.dll
2006-04-21 18:20 181,248 a------- C:\wxsdug.exe
2006-04-21 18:20 43,520 a------- C:\ptrf.exe
2006-04-21 18:20 30,720 a------- C:\cpjopaid.exe
2006-04-21 18:20 290,304 a------- C:\wcfgayg.exe
2006-04-21 18:20 65,536 a------- C:\hclpsfee.exe
2006-04-21 18:20 69,632 a------- C:\tqpxlyy.exe
2006-04-21 18:20 108,032 a--sh--- c:\windows\system32\wawunego.dll
2006-04-21 18:20 101,376 a--sh--- c:\windows\system32\bowikiku.dll
2006-04-21 18:20 84,480 a--sh--- c:\windows\system32\kolayela.exe
2006-04-19 21:14 107,520 a--sh--- c:\windows\system32\hakologe.dll
2006-04-19 21:14 83,968 a--sh--- c:\windows\system32\zajifali.exe
2006-04-17 21:16 83,968 a--sh--- c:\windows\system32\manuhavi.exe
2006-04-17 21:16 107,520 -------- c:\windows\system32\gutenadu.dll
2006-04-16 22:36 107,008 a--sh--- c:\windows\system32\vohelipe.dll
2006-04-14 19:52 109,056 a--sh--- c:\windows\system32\lugesate.dll
2006-04-13 22:42 107,008 a--sh--- c:\windows\system32\wijuhalu.dll
2006-04-13 22:42 83,456 a--sh--- c:\windows\system32\tohuzeno.exe
2006-04-12 19:11 107,520 a--sh--- c:\windows\system32\desohuve.dll
2006-04-12 19:11 84,480 a--sh--- c:\windows\system32\joyabupe.exe
2006-04-12 07:11 109,568 a--sh--- c:\windows\system32\mebozihi.dll
2006-04-12 07:11 83,456 a--sh--- c:\windows\system32\zewobihu.exe
2006-04-11 19:10 83,456 a--sh--- c:\windows\system32\nitekufi.exe
2006-04-11 19:10 109,568 -------- c:\windows\system32\zorihali.dll
2006-04-11 00:02 147,968 a--sh--- c:\windows\system32\gojidisi.exe
2006-04-11 00:02 110,592 a--sh--- c:\windows\system32\kawepibo.dll
2006-04-11 00:02 82,432 a--sh--- c:\windows\system32\tifupeva.exe
2006-03-16 19:38 49,152 -------- c:\windows\system32\verclsid.exe

============= FINISH: 11:40:58.79 ===============



I've attached attach.txt and also the windows defender logs.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 AM

Posted 12 June 2009 - 06:33 AM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. As a matter of fact, I can't find any legitimate entry in your logs.
In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 AM

Posted 07 July 2009 - 07:21 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users