Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Security Alerts


  • This topic is locked This topic is locked
3 replies to this topic

#1 Killheart7

Killheart7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 July 2009 - 04:11 PM

Hello. I'm experiencing a lot of erractic behavior. This infection happened on one of my other computers first. I used an external hard drive to save my image/sound/video files before doing a format and reinstall of Windows. Now, having used the external hard drive on this laptop, I am experiencing the same infection here. I need to clean this laptop as well as the external hard drive.

I'm getting false Windows Security Center alerts, pop-up bubble warning that say things like "Danger! There are some serious security threats detected on you computer: viruses, trojans, keyloggers, exploits, etc." Occasionally, on start-up, I will have new icons on the desktop linking to porn sites. Occasionally, random audio, such as advertisements, will begin playing even though my computer is not in use. A couple of times I watched as the background on my desktop was replaced with a picture containing binary and a large text block warning me that I was infected and that I needed to buy anti-virus software. I've also experienced interferance in my internet browsing, mostly in the form of being routed to unrelated websites upon clicking links.

In order to be able to get online and post this log, I've had to run Malware Bytes and Ad-Aware several times. This log will reflect my computer after having run Malware Bytes on this boot. Although running those programs has apparently kept some of the behaviors from happening, there are obviously some files that are either reinstalling themselves or not being caught by the scans.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:55 PM, on 7/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\do_not_delete.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\do_not_delete.exe
C:\WINDOWS\system32\do_not_delete.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\THEWEA~2\Desktop\DesktopWeather.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\do_not_delete.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: (no name) - {C528A556-BDED-464C-8EF5-2A0F48EF82EE} - C:\WINDOWS\system32\tuvuSIYp.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mware.exe.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~2\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKLM\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKCU\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKUS\S-1-5-18\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://standard.gpsinsight.com
O15 - Trusted Zone: *.networkcar.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: wbsys.dll,c:\windows\system32\ulmxalyn.dll,ebgxpg.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11311 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 28 July 2009 - 04:24 PM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\system32\do_not_delete.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\svchost.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by fenzodahl512, 28 July 2009 - 04:25 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Killheart7

Killheart7
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 July 2009 - 06:42 PM

Hello. Virscan. com would not let me paste in the scan box, so I scanned them individually. The results are below. Thank you for your help.

VirSCAN.org Scanned Report :
Scanned time : 2009/07/28 18:15:53 (CDT)
Scanner results: 76% Scanner(28/37) found malware!
File Name : do_not_delete.exe
File Size : 68608 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 7a1bd6b76dc64497ae57c977f1dbf962
SHA1 : 2184a886bf6f025d3318aae35691b12a42250f35
Online report : http://virscan.org/report/87a34272c80fbd7c...ce97f97145.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090728220216 2009-07-28 0.52 -
AhnLab V3 2009.07.28.02 2009.07.28 2009-07-28 0.74 Win32/Virut.E
AntiVir 8.2.0.234 7.1.5.41 2009-07-28 0.10 W32/Virut.Gen
Antiy 2.0.18 20090728.2650168 2009-07-28 0.12 -
Arcavir 2009 200907281732 2009-07-28 0.04 Heur.W32
Authentium 5.1.1 200907281853 2009-07-28 1.15 W32/Virut.AI!Generic (Possible)
AVAST! 4.7.4 090728-0 2009-07-28 0.01 Win32:Preald-J [Drp]
AVG 8.5.288 270.13.35/2269 2009-07-29 0.31 Packed.Monder
BitDefender 7.81008.3869287 7.26865 2009-07-29 3.34 Win32.Virtob.Gen.12
CA (VET) 9.0.0.143 31.6.6642 2009-07-28 7.02 Win32/Virut.17408 virus.
ClamAV 0.95.2 9626 2009-07-29 0.02 -
Comodo 3.10 1798 2009-07-28 0.99 -
CP Secure 1.1.0.715 2009.07.28 2009-07-28 11.55 -
Dr.Web 4.44.0.9170 2009.07.28 2009-07-28 4.96 Win32.Virut.56
F-Prot 4.4.4.56 20090728 2009-07-28 1.20 W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 4.57 Virus.Win32.Virut.ce [AVP]
Fortinet 2.81-3.120 10.655 2009-07-28 0.20 -
GData 19.6751/19.416 20090729 2009-07-29 4.81 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20090728 2009.07.28 2009-07-28 0.41 -
Ikarus T3.1.01.64 2009.07.28.73119 2009-07-28 4.39 -
JiangMin 11.0.800 2009.07.28 2009-07-28 6.23 Win32/Virut.bn
Kaspersky 5.5.10 2009.07.28 2009-07-28 0.06 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.7.28.21 2009-07-28 0.53 Win32.Virut.ce.53248
McAfee 5.3.00 5691 2009-07-28 3.08 W32/Virut.n.gen
Microsoft 1.4903 2009.07.29 2009-07-29 5.08 Virus:Win32/Virut.BM
Norman 6.01.09 6.01.00 2009-07-28 4.00 W32/Virut.CP
Panda 9.05.01 2009.07.28 2009-07-28 2.33 W32/Sality.AO
Trend Micro 8.700-1004 6.326.07 2009-07-28 0.03 PE_VIRUX.J-1
Quick Heal 10.00 2009.07.28 2009-07-28 1.30 W32.Virut.G
Rising 20.0 21.40.14.00 2009-07-28 1.03 Win32.Virut.bm
Sophos 2.88.0 4.43 2009-07-29 3.02 W32/Scribble-B
Sunbelt 5293 5293 2009-07-28 1.06 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20090728.007 2009-07-28 0.10 W32.Virut.CF
nProtect 20090728.01 4951926 2009-07-28 6.59 Virus/W32.Virut.F
The Hacker 6.3.4.3 v00376 2009-07-28 0.67 -
VBA32 3.12.10.9 20090727.1245 2009-07-27 1.81 Virus.Win32.Virut.X5
VirusBuster 4.5.11.10 10.109.15/1826006 2009-07-28 2.47 Win32.Virut.Y.Gen


VirSCAN.org Scanned Report :
Scanned time : 2009/07/28 18:30:26 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : lsass.exe
File Size : 13312 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : bf2466b3e18e970d8a976fb95fc1ca85
SHA1 : de5a73cbb5f51f64c53fb4277ef2c23e70db123f
Online report : http://virscan.org/report/ca9e0c48ee097669...6973d10879.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090728220216 2009-07-28 0.34 -
AhnLab V3 2009.07.28.02 2009.07.28 2009-07-28 0.76 -
AntiVir 8.2.0.234 7.1.5.41 2009-07-28 0.28 -
Antiy 2.0.18 20090728.2650168 2009-07-28 0.00 -
Arcavir 2009 200907281732 2009-07-28 0.00 -
Authentium 5.1.1 200907281853 2009-07-28 0.00 -
AVAST! 4.7.4 090728-0 2009-07-28 0.00 -
AVG 8.5.288 270.13.35/2269 2009-07-29 0.00 -
BitDefender 7.81008.3869287 7.26865 2009-07-29 0.00 -
CA (VET) 9.0.0.143 31.6.6642 2009-07-28 0.00 -
ClamAV 0.95.2 9626 2009-07-29 0.00 -
Comodo 3.10 1798 2009-07-28 0.00 -
CP Secure 1.1.0.715 2009.07.28 2009-07-28 0.00 -
Dr.Web 4.44.0.9170 2009.07.28 2009-07-28 0.00 -
F-Prot 4.4.4.56 20090728 2009-07-28 0.00 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 0.00 -
Fortinet 2.81-3.120 10.655 2009-07-28 0.00 -
GData 19.6751/19.416 20090729 2009-07-29 0.00 -
ViRobot 20090728 2009.07.28 2009-07-28 0.00 -
Ikarus T3.1.01.64 2009.07.28.73119 2009-07-28 0.00 -
JiangMin 11.0.800 2009.07.28 2009-07-28 0.00 -
Kaspersky 5.5.10 2009.07.28 2009-07-28 0.00 -
KingSoft 2009.2.5.15 2009.7.28.21 2009-07-28 0.00 -
McAfee 5.3.00 5691 2009-07-28 0.00 -
Microsoft 1.4903 2009.07.29 2009-07-29 0.00 -
Norman 6.01.09 6.01.00 2009-07-28 0.00 -
Panda 9.05.01 2009.07.28 2009-07-28 0.00 -
Trend Micro 8.700-1004 6.326.07 2009-07-28 0.00 -
Quick Heal 10.00 2009.07.28 2009-07-28 0.00 -
Rising 20.0 21.40.14.00 2009-07-28 0.00 -
Sophos 2.88.0 4.43 2009-07-29 0.00 -
Sunbelt 5293 5293 2009-07-28 0.00 -
Symantec 1.3.0.24 20090728.007 2009-07-28 0.00 -
nProtect 20090728.01 4951926 2009-07-28 0.00 -
The Hacker 6.3.4.3 v00376 2009-07-28 0.00 -
VBA32 3.12.10.9 20090727.1245 2009-07-27 0.00 -
VirusBuster 4.5.11.10 10.109.15/1826006 2009-07-28 0.00 -



VirSCAN.org Scanned Report :
Scanned time : 2009/07/28 18:33:21 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : services.exe
File Size : 110592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 65df52f5b8b6e9bbd183505225c37315
SHA1 : de3701d2c03d9ae29b2d87eccafbbcadf1bfb7e3
Online report : http://virscan.org/report/1af2f8c314af1458...bd502438bd.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090728220216 2009-07-28 0.35 -
AhnLab V3 2009.07.28.02 2009.07.28 2009-07-28 0.75 -
AntiVir 8.2.0.234 7.1.5.41 2009-07-28 0.27 -
Antiy 2.0.18 20090728.2650168 2009-07-28 0.12 -
Arcavir 2009 200907281732 2009-07-28 0.05 -
Authentium 5.1.1 200907281853 2009-07-28 1.41 -
AVAST! 4.7.4 090728-0 2009-07-28 0.01 -
AVG 8.5.288 270.13.35/2269 2009-07-29 0.34 -
BitDefender 7.81008.3869287 7.26865 2009-07-29 3.36 -
CA (VET) 9.0.0.143 31.6.6642 2009-07-28 7.44 -
ClamAV 0.95.2 9626 2009-07-29 0.03 -
Comodo 3.10 1798 2009-07-28 0.71 -
CP Secure 1.1.0.715 2009.07.28 2009-07-28 11.35 -
Dr.Web 4.44.0.9170 2009.07.28 2009-07-28 5.06 -
F-Prot 4.4.4.56 20090728 2009-07-28 1.39 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 7.57 -
Fortinet 2.81-3.120 10.655 2009-07-28 0.22 -
GData 19.6751/19.416 20090729 2009-07-29 4.62 -
ViRobot 20090728 2009.07.28 2009-07-28 0.41 -
Ikarus T3.1.01.64 2009.07.28.73119 2009-07-28 3.93 -
JiangMin 11.0.800 2009.07.28 2009-07-28 4.00 -
Kaspersky 5.5.10 2009.07.28 2009-07-28 0.06 -
KingSoft 2009.2.5.15 2009.7.28.21 2009-07-28 0.49 -
McAfee 5.3.00 5691 2009-07-28 3.00 -
Microsoft 1.4903 2009.07.29 2009-07-29 4.93 -
Norman 6.01.09 6.01.00 2009-07-28 4.01 -
Panda 9.05.01 2009.07.28 2009-07-28 1.78 -
Trend Micro 8.700-1004 6.326.07 2009-07-28 0.03 -
Quick Heal 10.00 2009.07.28 2009-07-28 1.05 -
Rising 20.0 21.40.14.00 2009-07-28 0.82 -
Sophos 2.88.0 4.43 2009-07-29 3.00 -
Sunbelt 5293 5293 2009-07-28 0.98 -
Symantec 1.3.0.24 20090728.007 2009-07-28 0.05 -
nProtect 20090728.01 4951926 2009-07-28 6.03 -
The Hacker 6.3.4.3 v00376 2009-07-28 0.67 -
VBA32 3.12.10.9 20090727.1245 2009-07-27 1.91 -
VirusBuster 4.5.11.10 10.109.15/1826006 2009-07-28 2.23 -



VirSCAN.org Scanned Report :
Scanned time : 2009/07/28 18:32:39 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : winlogon.exe
File Size : 507904 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ed0ef0a136dec83df69f04118870003e
SHA1 : f77a7cd78877527023ebfb35e83b75ef59d3df07
Online report : http://virscan.org/report/7172ba8b06d8db7c...1d9c26b4e5.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090728220216 2009-07-28 0.49 -
AhnLab V3 2009.07.28.02 2009.07.28 2009-07-28 0.81 -
AntiVir 8.2.0.234 7.1.5.41 2009-07-28 0.07 -
Antiy 2.0.18 20090728.2650168 2009-07-28 0.12 -
Arcavir 2009 200907281732 2009-07-28 0.10 -
Authentium 5.1.1 200907281853 2009-07-28 1.16 -
AVAST! 4.7.4 090728-0 2009-07-28 0.03 -
AVG 8.5.288 270.13.35/2269 2009-07-29 0.31 -
BitDefender 7.81008.3869287 7.26865 2009-07-29 3.37 -
CA (VET) 9.0.0.143 31.6.6642 2009-07-28 5.86 -
ClamAV 0.95.2 9626 2009-07-29 0.09 -
Comodo 3.10 1798 2009-07-28 0.74 -
CP Secure 1.1.0.715 2009.07.28 2009-07-28 11.43 -
Dr.Web 4.44.0.9170 2009.07.28 2009-07-28 4.96 -
F-Prot 4.4.4.56 20090728 2009-07-28 1.13 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 0.06 -
Fortinet 2.81-3.120 10.655 2009-07-28 0.29 -
GData 19.6751/19.416 20090729 2009-07-29 4.49 -
ViRobot 20090728 2009.07.28 2009-07-28 0.41 -
Ikarus T3.1.01.64 2009.07.28.73119 2009-07-28 3.99 -
JiangMin 11.0.800 2009.07.28 2009-07-28 3.98 -
Kaspersky 5.5.10 2009.07.28 2009-07-28 0.09 -
KingSoft 2009.2.5.15 2009.7.28.21 2009-07-28 0.47 -
McAfee 5.3.00 5691 2009-07-28 2.97 -
Microsoft 1.4903 2009.07.29 2009-07-29 4.90 -
Norman 6.01.09 6.01.00 2009-07-28 4.00 -
Panda 9.05.01 2009.07.28 2009-07-28 2.02 -
Trend Micro 8.700-1004 6.326.07 2009-07-28 0.03 -
Quick Heal 10.00 2009.07.28 2009-07-28 1.20 -
Rising 20.0 21.40.14.00 2009-07-28 0.83 -
Sophos 2.88.0 4.43 2009-07-29 3.01 -
Sunbelt 5293 5293 2009-07-28 0.99 -
Symantec 1.3.0.24 20090728.007 2009-07-28 0.06 -
nProtect 20090728.01 4951926 2009-07-28 6.34 -
The Hacker 6.3.4.3 v00376 2009-07-28 0.66 -
VBA32 3.12.10.9 20090727.1245 2009-07-27 1.89 -
VirusBuster 4.5.11.10 10.109.15/1826006 2009-07-28 2.31 -



VirSCAN.org Scanned Report :
Scanned time : 2009/07/28 18:38:05 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/0c70b09bc88ceb07...1d3d05247b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090728220216 2009-07-28 0.34 -
AhnLab V3 2009.07.28.02 2009.07.28 2009-07-28 0.87 -
AntiVir 8.2.0.234 7.1.5.41 2009-07-28 0.44 -
Antiy 2.0.18 20090728.2650168 2009-07-28 0.12 -
Arcavir 2009 200907281732 2009-07-28 0.03 -
Authentium 5.1.1 200907281853 2009-07-28 1.14 -
AVAST! 4.7.4 090728-0 2009-07-28 0.00 -
AVG 8.5.288 270.13.35/2269 2009-07-29 0.31 -
BitDefender 7.81008.3869287 7.26865 2009-07-29 3.34 -
CA (VET) 9.0.0.143 31.6.6642 2009-07-28 6.67 -
ClamAV 0.95.2 9626 2009-07-29 0.01 -
Comodo 3.10 1798 2009-07-28 0.70 -
CP Secure 1.1.0.715 2009.07.28 2009-07-28 11.44 -
Dr.Web 4.44.0.9170 2009.07.28 2009-07-28 4.99 -
F-Prot 4.4.4.56 20090728 2009-07-28 1.14 -
F-Secure 7.02.73807 2009.07.24.08 2009-07-24 0.03 -
Fortinet 2.81-3.120 10.655 2009-07-28 0.20 -
GData 19.6751/19.416 20090729 2009-07-29 4.47 -
ViRobot 20090728 2009.07.28 2009-07-28 0.42 -
Ikarus T3.1.01.64 2009.07.28.73119 2009-07-28 3.92 -
JiangMin 11.0.800 2009.07.28 2009-07-28 3.59 -
Kaspersky 5.5.10 2009.07.28 2009-07-28 0.06 -
KingSoft 2009.2.5.15 2009.7.28.21 2009-07-28 0.46 -
McAfee 5.3.00 5691 2009-07-28 2.96 -
Microsoft 1.4903 2009.07.29 2009-07-29 5.04 -
Norman 6.01.09 6.01.00 2009-07-28 4.00 -
Panda 9.05.01 2009.07.28 2009-07-28 1.99 -
Trend Micro 8.700-1004 6.326.07 2009-07-28 0.03 -
Quick Heal 10.00 2009.07.28 2009-07-28 1.03 -
Rising 20.0 21.40.14.00 2009-07-28 0.79 -
Sophos 2.88.0 4.43 2009-07-29 3.13 -
Sunbelt 5293 5293 2009-07-28 1.02 -
Symantec 1.3.0.24 20090728.007 2009-07-28 0.05 -
nProtect 20090728.01 4951926 2009-07-28 6.37 -
The Hacker 6.3.4.3 v00376 2009-07-28 0.67 -
VBA32 3.12.10.9 20090727.1245 2009-07-27 1.78 -
VirusBuster 4.5.11.10 10.109.15/1826006 2009-07-28 2.19 -

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 29 July 2009 - 01:33 AM

Hello, unfortunately the computer is infected with Virut.. There's no recovery from it.. A quote from an expert (sUBs)

Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.


full reformat means, format on ALL partitions.


Looking at the result, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files...

Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users