Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

won´t install AVIRA nor connect to windows update page


  • This topic is locked This topic is locked
2 replies to this topic

#1 asdora

asdora

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 26 September 2009 - 06:05 PM

Hi,
and thanks for helping out.

This is what happened, and is happening:

---I´ve formated my computer (Windows XP).
---Downloaded and Installed SP2 thru Windows Update.
---Downloaded and Installed Ad-Aware.
---Downloaded AVIRA and tried to install it, the following message came up:

"A secure internet connection is required to activate the product (ssl encrypted). This could not be established. Please address the following issues and repeat the product activation.

- ensure the internet can be accessed
- ensure the system date is correct
- if in use, check your modem connection
- ensure the application fact.exe can access the internet and is not blocked by a firewall

---I noticed that my browser no longer opens http://windowsupdate.microsoft.com/
---I ran Ad-Aware and it found severall files and registry entries, including:

Win32Backdoor.SdBot
C:\WINDOW/Sytem32\22.scr
C:\WINDOW/Sytem32\33.scr , 52.scr, 68.scr , 74.scr

...


My DDS file:


DDS (Ver_09-09-24.01) - NTFSx86
Run by Antonio at 19:21:46,25 on s b 26/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.760 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antonio\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Windows System Monitor] c:\windows\system\winrsc.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\antonio\menu iniciar\programas\inicializar\Reboot.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253918569250

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-25 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S2 fscbc;Helper Manager;c:\windows\system32\svchost.exe -k netsvcs [2003-4-8 14336]
S3 sysdrv32;Play Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys --> c:\windows\system32\drivers\sysdrv32.sys [?]

=============== Created Last 30 ================

2009-09-26 17:32 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-26 16:44 33,961,728 a------- c:\arquivos de programas\avira_antivir_personal_en.exe
2009-09-25 22:13 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-25 21:58 <DIR> -cd-h--- c:\docume~1\alluse~1\dadosd~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-25 21:58 <DIR> --d----- c:\arquivos de programas\Lavasoft
2009-09-25 21:57 60,857,536 a------- c:\arquivos de programas\Ad-AwareAE.exe
2009-09-25 21:36 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-09-25 21:10 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-25 21:09 <DIR> --d----- c:\windows\provisioning
2009-09-25 21:09 <DIR> --d----- c:\windows\peernet
2009-09-25 21:08 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-25 21:03 <DIR> --d----- c:\windows\EHome
2009-09-25 20:29 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-09-25 20:29 11,776 -------- c:\windows\system32\spnpinst.exe
2009-09-25 20:29 7,208 -------- c:\windows\system32\secupd.sig
2009-09-25 20:29 4,569 -------- c:\windows\system32\secupd.dat
2009-09-25 19:55 <DIR> --d----- c:\windows\system32\PreInstall
2009-09-25 19:55 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-09-25 19:55 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-25 19:55 <DIR> --d----- c:\windows\system32\bits
2009-09-25 19:54 351,232 a------- c:\windows\system32\winhttp.dll
2009-09-25 19:54 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-09-25 19:54 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-09-25 19:54 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-09-25 19:44 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-09-25 19:44 18,968 a------- c:\windows\system32\wuaueng.dll.mui
2009-09-25 19:44 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-09-25 19:44 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-09-25 19:44 27,672 a------- c:\windows\system32\wuapi.dll.mui
2009-09-25 19:43 64 a------- c:\windows\system32\o
2009-09-24 19:20 <DIR> --ds---- c:\documents and settings\antonio\UserData
2009-09-24 19:19 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-24 19:19 106,496 a------- c:\windows\SiSUSBrg.exe
2009-09-24 19:19 32,768 a------- c:\windows\SIS_LIB.DLL
2009-09-24 19:19 3,583 a------- c:\windows\SiSport.sys
2009-09-24 19:19 36,992 a----r-- c:\windows\system32\drivers\SISAGPX.SYS
2009-09-24 19:19 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-09-24 19:18 305,664 a------- c:\windows\IsUn0416.exe
2009-09-24 19:18 <DIR> --d----- c:\documents and settings\antonio\WINDOWS
2009-09-24 19:18 106,496 -------- c:\windows\system32\TVMode.dll
2009-09-24 19:18 176,128 -------- c:\windows\system32\SiSApCom.dll
2009-09-24 19:17 <DIR> --d----- c:\arquivos de programas\SiS VGA Utilities V3.59
2009-09-24 19:16 103,037 a------- c:\windows\system32\VGAunistlog.ini
2009-09-24 19:15 <DIR> --d----- c:\windows\system32\Tools
2009-09-24 19:15 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield
2009-09-24 19:13 13,646 a------- c:\windows\system32\wpa.bak
2009-09-24 19:12 15,360 a----r-- c:\windows\system32\drivers\NetMotCM.sys
2009-09-24 19:10 <DIR> --dsh--- c:\windows\Installer
2009-09-24 19:10 <DIR> --d-hr-- c:\documents and settings\antonio\Dados de aplicativos
2009-09-24 19:10 <DIR> --d-h--- c:\documents and settings\antonio\Modelos
2009-09-24 19:10 <DIR> --d-h--- c:\documents and settings\antonio\Configurações locais
2009-09-24 19:10 <DIR> --d-h--- c:\documents and settings\antonio\Ambiente de rede
2009-09-24 19:10 <DIR> --d-h--- c:\documents and settings\antonio\Ambiente de impressão
2009-09-24 19:10 <DIR> --d--r-- c:\documents and settings\antonio\Meus documentos
2009-09-24 19:10 <DIR> --d--r-- c:\documents and settings\antonio\Menu Iniciar
2009-09-24 19:10 <DIR> --d--r-- c:\documents and settings\antonio\Favoritos
2009-09-24 19:10 <DIR> --d----- c:\documents and settings\Antonio
2009-09-24 18:42 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-24 18:41 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-09-24 18:41 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-09-24 18:41 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-09-24 18:41 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-09-24 18:41 69,120 ac------ c:\windows\system32\dllcache\wingb.ime
2009-09-24 18:41 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-09-24 18:41 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-09-24 18:41 31,488 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-09-24 18:41 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2009-09-24 18:39 471,102 ac------ c:\windows\system32\dllcache\imskdic.dll
2009-09-24 18:38 96,256 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-09-24 18:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-24 18:37 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-09-24 18:37 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-24 18:37 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-09-24 18:37 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-09-24 18:37 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-09-24 18:37 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-09-24 18:37 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-09-24 18:37 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-09-24 18:37 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-09-24 18:37 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-09-24 18:37 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-09-24 18:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços
2009-09-24 18:36 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap
2009-09-24 18:35 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate
2009-09-24 18:35 <DIR> --d----- c:\arquivos de programas\Serviços on-line
2009-09-24 18:34 <DIR> --d----- c:\arquivos de programas\Messenger
2009-09-24 18:34 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone
2009-09-24 18:34 <DIR> --d----- c:\arquivos de programas\Windows NT
2009-09-24 17:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC
2009-09-24 17:51 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines
2009-09-24 17:50 <DIR> --d-h--- c:\documents and settings\all users\Modelos
2009-09-24 17:50 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar
2009-09-24 17:50 <DIR> --d--r-- c:\documents and settings\all users\Documentos
2009-09-24 17:50 <DIR> --d----- c:\documents and settings\all users\Favoritos
2009-09-24 17:50 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

==================== Find3M ====================

2009-09-26 16:28 344,380 a------- c:\windows\system32\perfh016.dat
2009-09-26 16:28 48,628 a------- c:\windows\system32\perfc016.dat
2009-09-25 21:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-24 18:35 21,844 a------- c:\windows\system32\emptyregdb.dat
2004-08-04 04:45 1,243,920 a--shr-- c:\windows\system32\natra.dll

============= FINISH: 19:22:00,56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 PM

Posted 13 October 2009 - 11:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:43 PM

Posted 24 October 2009 - 02:56 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users