Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan horse dropper.generic.avjt


  • Please log in to reply
1 reply to this topic

#1 Naphtali

Naphtali

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 24 August 2009 - 06:52 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by conrad at 16:34:48.67 on Mon 08/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3007.2349 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\conrad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
StartupFolder: c:\docume~1\conrad\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201096549765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\conrad\applic~1\mozilla\firefox\profiles\ubpbnmhi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\conrad\application data\mozilla\firefox\profiles\ubpbnmhi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\conrad\application data\mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-22 12552]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2008-11-5 6097]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-22 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-22 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-22 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-22 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-22 297752]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-4-10 1373480]
S0 kyhi;kyhi;c:\windows\system32\drivers\utuva.sys --> c:\windows\system32\drivers\utuva.sys [?]
S2 Mudbox CLM License Server;Mudbox CLM License Server;"c:\program files\mudbox\mudbox 1.0\clmd.exe" -v -v -v -f c:\program files\mudbox\mudbox 1.0\config.dat --> c:\program files\mudbox\mudbox 1.0\clmd.exe [?]
S2 ppsbl;Task System;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 spydetector;spydetector;\??\c:\program files\spyware process detector\spydetector.sys --> c:\program files\spyware process detector\spydetector.sys [?]
S2 WindowsTelephony;Windows Telephony;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-24 12672]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-2-2 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-2-2 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-2-2 23680]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2008-11-5 299923]
S3 uwjjunt;uwjjunt;\??\c:\windows\system32\036.tmp --> c:\windows\system32\036.tmp [?]
S4 VMwareService;VMwareService;"c:\windows\system\vmwareservice.exe" --> c:\windows\system\VMwareService.exe [?]

=============== Created Last 30 ================

2009-08-24 15:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-24 15:41 1,409 a------- c:\windows\QTFont.for
2009-08-24 15:14 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-08-24 15:14 53,248 a------- c:\windows\system32\wdmioctl.dll
2009-08-24 15:14 49,152 a------- c:\windows\system32\DSndUp.exe
2009-08-24 15:14 45,056 a------- c:\windows\system32\CleanUp.exe
2009-08-24 15:14 <DIR> --d----- c:\program files\Analog Devices
2009-08-24 14:59 765,952 a------- c:\windows\system\crlds3d.dll
2009-08-24 14:59 392,960 a------- c:\windows\system32\drivers\senfilt.sys
2009-08-24 14:59 304,640 a------- c:\windows\system32\drivers\ADIHdAud.sys
2009-08-24 14:59 94,848 a------- c:\windows\system32\drivers\aeaudio.sys
2009-08-24 14:59 28,160 a------- c:\windows\system32\PostProc.dll
2009-08-24 14:53 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-08-24 14:53 <DIR> --d----- c:\program files\CPUID
2009-08-24 11:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-23 19:18 114,688 ---shr-- c:\windows\usb_drv.exe
2009-08-23 08:41 102,912 ---shr-- c:\windows\usb_magr.exe
2009-08-22 15:34 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-22 15:27 229,376 a------- c:\windows\PEV.exe

==================== Find3M ====================

2009-08-05 01:21 77,512 a------- c:\windows\War3Unin.dat
2009-08-01 10:20 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-01 10:20 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2008-03-09 08:25 236 a---h--- c:\program files\common files\dx.reg
2007-10-31 11:52 1,044,173 a------- c:\documents and settings\conrad\testmh240.exe
2007-06-18 13:45 942,891 a------- c:\documents and settings\conrad\error-repair.exe
2006-06-23 14:48 32,768 a------- c:\windows\inf\UpdateUSB.exe
2009-03-24 06:35 56,238,368 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 16:34:57.68 ===============

When I restart my computer, AVG will notify me of things running with the svchost.exe. One such notification was this "swecam.se/images/b.exe" and then under that line was this "trojan horse dropper.generic.avjt". Also my sound will cut out and I will get a message saying "there are no mixers available" then if i adjust my volume of sound, instead of hearing a beep from the speakers the beep will come from within the computer. If I leave this for long enough my internet will stop working.

I'm not sure if this is related but I was looking in the msconfig and under the "startup" tab I saw 2 programs that I don't remember installing one was called "usb_drv.exe" and the other was "usb_magr.exe", they looked slightly suspicious so i disabled them and my internet seems to be fine... for now. Under the services tab I found "##Id_String1.6844F930_1628_4223_B5CC_B5B94B879762##" I disabled this as well as the manufacturer was Unknown.

Anyway thats about it for now, thanks for your time.

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:28 PM

Posted 06 September 2009 - 05:58 AM

hi Naphtali,

Sorry for delay, no shortage of posters. Your log is several days old, if you still need help with malware reply to my post.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users