Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i am infected with c:\windows\system32\msivxcount


  • This topic is locked This topic is locked
2 replies to this topic

#1 boon1

boon1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 26 June 2009 - 04:51 AM

keep getting dodgey popups and cant seem to be able to burn cds or dvd. malwarebytes can find this but cant remove it completely. also as i said for some reason when i try to burn a cd or dvd i am being told to download nero burning rights, which i have but still wont work, i have also downloaded imageburn but it cant find any burning devices. my computer knows it there but something is stopping me from using it. all this has happened since i found out i had winbluesoft malware which i managed to remove. i had to rename the exe file to make it work.i dont know if the above problems are related but they both happened at the same time, it would be great if someone could help. thanks


DDS (Ver_09-06-26.01) - NTFSx86
Run by kens at 10:09:20.10 on 26/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.471 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Bit Comet\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://search.live.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic professional 6\SMSystemAnalyzer.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [ZPLED] c:\program files\wireless\rf keyboard\1.0\ZPKBDLED.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [SystemGuardAlerter] "c:\program files\iolo\system mechanic professional 6\SystemGuardAlerter.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\killer.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\slimmu~1.lnk - c:\program files\slim multimedia keyboard\MagicKey.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236454020609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kens\applic~1\mozilla\firefox\profiles\fqh5sc8z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\kens\application data\mozilla\firefox\profiles\fqh5sc8z.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 108552]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2009-3-8 11886]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-7 298776]
R2 USBDriver;USBDriver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-24 38160]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-7 906520]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2009.sp2\RpcAgentSrv.exe [2009-3-8 98488]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-06-26 08:54 61,440 a------- c:\windows\system32\drivers\gllhd.sys
2009-06-26 08:51 <DIR> --d----- c:\docume~1\kens\applic~1\AVG8
2009-06-25 06:08 8,192 a------- c:\windows\system32\6335s5zrse1499.bin
2009-06-25 02:52 3,354 a------- c:\windows\system32\24779h9cztoo56cd.cpl
2009-06-24 23:03 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-24 22:42 <DIR> --d----- c:\program files\Windows Resource Kits
2009-06-24 22:16 2,031,616 a------- c:\windows\UNNeroBurnRights.exe
2009-06-24 22:16 65,536 a------- c:\windows\system32\NeroCo.dll
2009-06-24 22:16 57,344 a------- c:\windows\system32\NeroBurnRights.cpl
2009-06-24 22:16 23,936 a------- c:\windows\UNNeroBurnRights.cfg
2009-06-24 22:10 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-24 21:15 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-06-24 21:13 2,973,696 a------- c:\windows\UNNeroVision.exe
2009-06-24 21:13 192,817 a------- c:\windows\UNNeroVision.cfg
2009-06-24 21:12 1,568,768 a------- c:\windows\system32\ImagX7.dll
2009-06-24 21:12 476,320 a------- c:\windows\system32\ImagXpr7.dll
2009-06-24 21:12 471,040 a------- c:\windows\system32\ImagXRA7.dll
2009-06-24 21:12 364,544 a------- c:\windows\system32\TwnLib4.dll
2009-06-24 21:12 262,144 a------- c:\windows\system32\ImagXR7.dll
2009-06-24 21:12 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-06-24 21:12 38,912 a------- c:\windows\system32\picn20.dll
2009-06-24 21:06 <DIR> --d----- c:\program files\QSuite
2009-06-24 17:28 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 17:28 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 16:39 <DIR> --d----- c:\docume~1\kens\applic~1\Malwarebytes
2009-06-24 15:59 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-24 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-24 11:30 1,158 a------- c:\windows\system32\uzcxcwgd.dat
2009-06-24 10:35 93 a------- c:\windows\system32\kungsfqmaxxtpd.dat
2009-06-24 10:27 69,627 a------- c:\windows\system32\kungsfkwboyrkd.dat
2009-06-24 10:27 108,343 a------- c:\windows\system32\uzcxcwgd.dll
2009-06-24 10:27 106,297 a------- c:\windows\system32\uzcxcwgd.dxx
2009-06-24 10:24 108,343 a------- c:\windows\system32\dlyynmfi.duu
2009-06-24 10:24 1,153 a------- c:\windows\system32\dlyynmfi.dat
2009-06-24 10:22 106,297 a------- c:\windows\system32\dlyynmfi.dll
2009-06-24 10:21 93 a------- c:\windows\system32\kungsfexmoqesi.dat
2009-06-24 10:21 108,343 a------- c:\windows\system32\ijjgmeov.duu
2009-06-24 10:21 1,154 a------- c:\windows\system32\ijjgmeov.dat
2009-06-24 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-06-24 10:19 2,570 a------- c:\windows\system32\kungsfrwxwbduj.dat
2009-06-24 10:19 106,297 a------- c:\windows\system32\ijjgmeov.dll
2009-06-24 10:19 106,297 a------- c:\windows\system32\gopwlrjl.dll
2009-06-24 09:41 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-23 21:51 626,688 a------- c:\windows\system32\msvcr80.dll
2009-06-23 17:58 13,801 a------- c:\windows\system32\184zsteal9051.dll
2009-06-20 20:05 6,872 a------- c:\windows\system32\6baddo9nloade519z8.cpl
2009-06-20 08:03 4,439 a------- c:\windows\50ac9ownlzad5r2335.cpl
2009-06-19 20:46 6,601 a------- c:\windows\system32\8930s5yza9.cpl
2009-06-19 19:48 12,121 a------- c:\windows\5686dzwnlo5de91089.dll
2009-06-18 23:18 16,986 a------- c:\windows\26418h5cktz9l5c3.ocx
2009-06-16 03:10 7,005 a------- c:\windows\system32\97508spamboz6cd.bin
2009-06-15 23:21 9,561 a------- c:\windows\45d0tz9eat5050.ocx
2009-06-10 15:29 6,290 a------- c:\windows\3215zha95tool780.dll
2009-06-07 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autodata Limited
2009-06-07 13:02 <DIR> --d----- c:\program files\common files\Autodata Limited Shared
2009-06-07 13:02 <DIR> --d----- C:\ADCD
2009-06-03 22:20 10,751 a------- c:\windows\649aspy9zr52083.ocx
2009-06-03 11:08 8,453 a------- c:\windows\system32\9ceasteaz17665.cpl
2009-06-03 09:01 18,419 a------- c:\windows\system32\79z5st5al2470.bin
2009-06-01 14:01 <DIR> --d----- c:\program files\Xilisoft
2009-06-01 11:03 16,995 a------- c:\windows\system32\5185hzc9tool726.exe
2009-06-01 02:30 7,477 a------- c:\windows\system32\10484virzs995.bin
2009-05-27 12:11 3,276 a------- c:\windows\214edownlo9der5894z.exe

==================== Find3M ====================

2009-06-26 08:50 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 08:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-27 03:55 16,465 a------- c:\windows\system32\z55sp59are688.bin
2009-05-20 08:13 17,867 a------- c:\windows\system32\2z9305orm58e9.exe
2009-05-17 15:16 130,933 a------- c:\windows\hpoins12.dat
2009-05-17 05:09 11,570 a------- c:\windows\system32\z2311worm59f.bin
2009-05-16 23:35 3,318 a------- c:\windows\5a07sparse3z19.bin
2009-05-16 16:17 18,120 a------- c:\windows\system32\127b59reat805z.bin
2009-05-15 06:49 12,325 a------- c:\windows\5907v5ruscz9.dll
2009-05-10 00:11 6,778 a------- c:\windows\1z89a5kdoor495.bin
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-06 19:29 12,977 a------- c:\windows\53z99spy401.bin
2009-05-06 00:32 3,293 a------- c:\windows\5389spar5ez555.dll
2009-05-04 09:28 8,362 a------- c:\windows\system32\z5026v5ru92a7.exe
2009-05-04 08:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 05:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 05:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-24 12:44 5,411 a------- c:\windows\5843zp5war91633.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 12:51 15,396 a------- c:\windows\32zste5l1299.dll
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 02:47 14,538 a------- c:\windows\system32\3524z5t-a-vi9us142.exe
2009-04-12 08:25 13,108 a------- c:\windows\7de7bzck5oor2199.bin
2009-04-10 01:06 10,243 a------- c:\windows\25943v9ruszad.dll
2009-04-07 10:28 9,012 a------- c:\windows\985s9amzot71f.exe
2009-04-05 08:06 10,121 a------- c:\windows\system32\21565wor93zd.dll
2009-04-05 03:26 7,570 a------- c:\windows\system32\7z79vi51990.exe
2009-04-01 07:35 13,606 a------- c:\windows\3399sparsz30515.dll
2008-11-05 17:03 167,444 a------- c:\documents and settings\kens\cc_20081105_160306.reg
2008-02-25 00:52 12,282 a------- c:\documents and settings\kens\cc_20080224_2352.reg
2001-11-23 05:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 10:09:44.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:35 AM

Posted 30 June 2009 - 09:08 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:35 AM

Posted 04 July 2009 - 04:17 PM

PM by OP, they are going to format.

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users