Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with at least virut.ce


  • This topic is locked This topic is locked
1 reply to this topic

#1 castmodean

castmodean

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:fl
  • Local time:10:08 AM

Posted 24 July 2009 - 09:59 AM

Hello,

I will admit to clicking something I should have known better than clicking and now I am paying the price! SYmantec endpoint 11 started reporting malicious calls and the system suddenly slowed down. Upon restart the computer was sluggish and access to the root of c: was barred through the crashing of windows explorer. Malwarebytes and symantec were further blocked from updating, and 'ceased' to exist as far as the computer was concerned, though I do not see any entries in the hosts file that I expect would be blocking it. Removing the hardrive and scanning it on another computer with Kapersky revealed traces of virut.ce all over the computer, as well as several backdoor downloaders. Attempts to clean the computer so far have failed as while I can scan the drive and remove the listed cases of virut. Something else seems to be reinfecting the computer. Any help will be greatly appreciated. Below is the DDS file.


DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL
Run by Administrator at 10:22:29.18 on Fri 07/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1359 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator.SCAN1\Desktop\FixVirut.com
C:\Documents and Settings\Administrator.SCAN1\Desktop\dds.scr
C:\WINDOWS\system32\taskmgr.exe

============== Pseudo HJT Report ===============

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator.scan1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190063086765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190063182312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.sca\applic~1\mozilla\firefox\profiles\runi8517.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npampx3.0.84.2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Kf650a;Kf650a;c:\windows\system32\drivers\Kf650a2k.sys [2007-9-18 16405]
R0 KofaxIO;KofaxIO;c:\windows\system32\drivers\KofaxIO.sys [2007-9-18 41976]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-5-22 3968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-6 811008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\tclegg.ids\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tclegg.ids\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVENG.SYS [2009-7-20 87888]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVEX15.SYS [2009-7-20 875728]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2007-9-18 11520]
S4 gupdate1c98613dbb2aa4;Google Update Service (gupdate1c98613dbb2aa4);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S4 PORTMON;PORTMON;\??\c:\windows\system32\portmsys.sys --> c:\windows\system32\PORTMSYS.SYS [?]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-07-24 08:18 <DIR> --dshr-- C:\cmdcons
2009-07-24 08:18 <DIR> --d----- c:\windows\setup.pss
2009-07-23 10:44 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-23 10:03 219,648 a------- c:\windows\PEV.exe
2009-07-23 10:03 161,792 a------- c:\windows\SWREG.exe
2009-07-23 10:03 98,816 a------- c:\windows\sed.exe
2009-07-22 08:25 4 a------- c:\windows\system32\ESQULzcounter
2009-07-22 08:24 <DIR> --d----- c:\docume~1\admini~1.sca\applic~1\pridl
2009-07-21 17:19 <DIR> --d----- c:\docume~1\admini~1.sca\applic~1\Malwarebytes
2009-07-21 17:17 <DIR> --dsh--- c:\documents and settings\administrator.scan1\IETldCache
2009-07-21 15:59 2,886,424 a------- C:\mbam-rules.exe
2009-07-21 15:59 812,344 a------- C:\HJTInstall.exe
2009-07-17 09:11 <DIR> --d----- c:\program files\Comical
2009-07-13 15:02 548,864 a------- c:\windows\system32\MSWord9.olb
2009-07-13 15:02 141,312 a------- c:\windows\system32\MSCMCFR.dll
2009-07-13 15:02 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-07-13 15:02 114,688 a------- c:\windows\system32\DWPROP.DLL
2009-07-13 15:02 32,768 a------- c:\windows\system32\CMDLGFR.dll
2009-07-13 15:02 59,904 a------- c:\windows\system32\MSCC2FR.dll
2009-07-13 15:02 40,960 a------- c:\windows\system32\FLXGDFR.dll
2009-07-13 15:02 <DIR> --d----- c:\program files\Catalogue
2009-07-13 12:11 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-07-13 12:11 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-07-13 12:10 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-07-13 12:10 <DIR> --d----- c:\windows\Logs
2009-07-09 12:27 <DIR> --d----- c:\program files\common files\xing shared
2009-07-07 10:09 0 a------- c:\windows\system32\eFax_4_4_Port
2009-07-07 10:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.4 Output
2009-07-07 10:08 <DIR> --d----- c:\program files\eFax Messenger 4.4
2009-07-02 10:59 77,368 a---h--- c:\windows\system32\mlfcache.dat
2009-07-02 09:21 <DIR> --d----- c:\windows\Performance
2009-06-30 09:00 <DIR> --d----- c:\program files\Wireshark

==================== Find3M ====================

2009-07-23 16:54 227,840 a------- c:\windows\system32\wbem\wmiprvse.exe
2009-07-23 16:54 359,424 a------- c:\windows\system32\wbem\wmic.exe
2009-07-23 16:54 126,464 a------- c:\windows\system32\wbem\wmiapsrv.exe
2009-07-23 16:54 196,608 a------- c:\windows\system32\wbem\wmiadap.exe
2009-07-23 16:54 13,312 a------- c:\windows\system32\wbem\winmgmt.exe
2009-07-23 16:54 116,736 a------- c:\windows\system32\wbem\wbemtest.exe
2009-07-23 16:54 17,408 a------- c:\windows\system32\wbem\unsecapp.exe
2009-07-23 16:54 36,352 a------- c:\windows\system32\wbem\scrcons.exe
2009-07-23 16:54 16,384 a------- c:\windows\system32\wbem\mofcomp.exe
2009-07-23 16:37 8,192 a------- c:\windows\system32\winhlp32.exe
2009-07-23 16:36 16,896 a------- c:\windows\system32\tsshutdn.exe
2009-07-23 16:35 58,368 a------- c:\windows\system32\spoolsv.exe
2009-07-23 16:34 16,896 a------- c:\windows\system32\runas.exe
2009-07-23 16:33 84,480 a------- c:\windows\system32\pintool.exe
2009-07-23 16:32 155,648 a------- c:\windows\system32\nvepclnt.exe
2009-07-23 16:32 1,339,392 a------- c:\windows\system32\nvdspsch.exe
2009-07-23 16:32 798,720 a------- c:\windows\system32\nvcplui.exe
2009-07-23 16:32 151,552 a------- c:\windows\system32\nvcolor.exe
2009-07-23 16:32 442,368 a------- c:\windows\system32\nvappbar.exe
2009-07-23 16:32 421,376 a------- c:\windows\system32\ntvdm.exe
2009-07-23 16:32 32,256 a------- c:\windows\system32\ntsd.exe
2009-07-23 16:32 1,201,152 a------- c:\windows\system32\ntbackup.exe
2009-07-23 16:32 77,312 a------- c:\windows\system32\nslookup.exe
2009-07-23 16:32 69,120 a------- c:\windows\system32\notepad.exe
2009-07-23 16:32 36,864 a------- c:\windows\system32\netstat.exe
2009-07-23 16:32 86,016 a------- c:\windows\system32\netsh.exe
2009-07-23 16:32 331,776 a------- c:\windows\system32\netsetup.exe
2009-07-23 16:30 45,568 a------- c:\windows\system32\mshta.exe
2009-07-23 16:29 51,712 a------- c:\windows\system32\migpwd.exe
2009-07-23 16:28 23,552 a------- c:\windows\system32\ipxroute.exe
2009-07-23 16:28 53,760 a------- c:\windows\system32\ipv6.exe
2009-07-23 16:28 44,032 a------- c:\windows\system32\ipsec6.exe
2009-07-23 16:28 55,808 a------- c:\windows\system32\ipconfig.exe
2009-07-23 16:28 150,528 a------- c:\windows\system32\imapi.exe
2009-07-23 16:28 115,200 a------- c:\windows\system32\iexpress.exe
2009-07-23 16:28 7,680 a------- c:\windows\system32\hostname.exe
2009-07-23 16:28 15,872 a------- c:\windows\system32\help.exe
2009-07-23 16:26 28,160 a------- c:\windows\system32\conime.exe
2009-07-23 16:03 151,040 a------- c:\windows\pchealth\uploadlb\binaries\uploadm.exe
2009-07-23 16:02 35,840 a------- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-07-23 16:02 169,984 a------- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-07-23 16:02 18,944 a------- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-07-23 16:02 744,960 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-07-23 16:01 99,840 a------- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-07-23 16:01 769,536 a------- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-07-22 21:37 284,160 a------- c:\windows\winhlp32.exe
2009-07-22 21:37 86,016 a------- c:\windows\unvise32.exe
2009-07-22 21:37 40,960 a------- c:\windows\UninstOP.exe
2009-07-22 21:37 25,600 a------- c:\windows\TWUNK_32.EXE
2009-07-22 21:37 15,360 a------- c:\windows\TASKMAN.EXE
2009-07-22 21:37 385,024 a------- c:\windows\SynCor.exe
2009-07-22 21:37 36,864 a------- c:\windows\slrundll.exe
2009-07-22 21:37 146,944 a------- c:\windows\regedit.exe
2009-07-22 21:37 69,632 a------- c:\windows\notepad.exe
2009-07-22 21:37 307,200 a------- c:\windows\IsUninst.exe
2009-07-22 21:37 11,264 a------- c:\windows\hh.exe
2009-07-22 18:19 1,033,728 a------- c:\windows\explorer.exe
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 10:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-10 12:17 115 a------- C:\office.cmd
2009-06-10 11:56 115 a------- C:\office.bat
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-02 21:25 93,160 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 08:43 203,776 a------- c:\windows\system32\clrviddc.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\localspl.dll
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 10:23:24.51 ===============

Attached Files


Edited by castmodean, 24 July 2009 - 12:07 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 25 July 2009 - 11:16 AM

The computer has Virut right? There's no recovery from it.. A quote from malware expert (sUBs)

Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.


full reformat means, format on ALL partitions..


I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files...


Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users