Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google updater error


  • This topic is locked This topic is locked
2 replies to this topic

#1 thalonewolf

thalonewolf

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:08:22 PM

Posted 19 August 2009 - 08:15 PM

The other day i was getting a windows message saying google updater encountered a problem and it would pop up every 20 minutes or so. So i tried running Mbam but would not open, so i looked it up and saw that renaming would work which it did. i cleaned out most of the infection but im not sure if im still infected. Mbam does not find anything but rootrepeal finds two hidden services. Any help would be greatly appreciated!

Heres a rootrepeal log.





ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/19 17:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA59F4000 Size: 872448 File Visible: No Signed: -
Status: -

Name: kbbtnzub.sys
Image Path: kbbtnzub.sys
Address: 0xF75F7000 Size: 61440 File Visible: No Signed: -
Status: -

Name: PCI_PNP2102
Image Path: \Driver\PCI_PNP2102
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA1FD3000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splu.sys
Image Path: splu.sys
Address: 0xF7435000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xBA732000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\internet logs\rei_v.ldb
Status: Size mismatch (API: 1609728, Raw: 1607680)

Path: c:\windows\internet logs\zalog.txt
Status: Size mismatch (API: 16465711, Raw: 16465470)

Path: c:\documents and settings\ohee\local settings\temp\etilqs_vwt8r9gwj9dbhnurwnja
Status: Allocation size mismatch (API: 32768, Raw: 0)


Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACabgrvtlrpa.sys

Service Name: vsfocewswvjygm
Image Path: C:\WINDOWS\system32\drivers\vsfocedhjgufub.sys

==EOF==

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 August 2009 - 03:13 PM

Hi,

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please give them a link to this topic.

Good luck. :thumbsup:

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 26 August 2009 - 10:54 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/252763/i-was-told-i-had-a-deep-infection/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users