Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Beware of Spam with Fake Invoices Pushing Hermes 2.1 Ransomware and AZORult

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Unknown Infection

Started by Vgolfmaster , Sep 02 2009 12:28 AM

This topic is locked

2 replies to this topic

#1 Vgolfmaster

Members
6 posts
OFFLINE

Local time:12:53 PM

Posted 02 September 2009 - 12:28 AM

Hi, I started here,

http://www.bleepingcomputer.com/forums/ind...p;#entry1409427

and was requested to post a new topic on this thread.

I corrected redirection issues and blocked program updates with trojan remover, but now have some programs that will start, and then get shut down in process. Once they are killed, if I attempt to reopen them, I get an error that states:

"Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access the item."

I can reinstall the program in order to run it again, but this behavior repeats and I cannot finish malware scans, ect. MalwareBytes showed the same behavior and I was unable to produce a lo, as did hijack this and Spybot S&D.

I did get a rootrepeal log from the previous thread suggestion, but only for drive c 'drivers'. I am now unable to run it again, as it shows the same behavior as described above. I was asked there also to try the DDS script, and it produced no output.

Here is the rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 23:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4CBE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB864C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2AD8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xB8460000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB4A8E000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

Any help would be greatly appreciated.

NOTE!!!: AVG just posted this file as quarantined:

Name: Trojan horse generic14.EY
Path: C:\windows\system32\wingenocx.dll

Edited by Vgolfmaster, 02 September 2009 - 12:43 AM.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Vgolfmaster

Topic Starter

Members
6 posts
OFFLINE

Local time:12:53 PM

Posted 02 September 2009 - 02:48 PM

Hi,

Please disregard and close this thread, I am in the process of reformating my hard drive and reinstalling windows.

Vg

Back to top

#3 Orange Blossom

OBleepin Investigator

Moderator
36,963 posts
ONLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:01:53 PM

Posted 02 September 2009 - 05:58 PM

Hello

Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and best solution. Since you have decided to reformat, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom