Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Tool


  • This topic is locked This topic is locked
2 replies to this topic

#1 RubRabbit

RubRabbit

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 04 October 2009 - 04:31 PM

This machine has been afflicted with Security Tool by some sort of infection. Among the symptoms I noticed: Aggressive pop-up notifications; pop-ups in Firefox; google url redirecting when clicking links to security website; the desktop contains no icons and right-clicking does not bring up the menu; upon installing Malwarebytes' Anti-Malware the program executable itself was deleted, although I did manage a "successful" install eventually, possibly due to changing the name of the install folder.

Thanks in advance!

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Administrator at 21:58:44.29 on Sun 10/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1815 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {f62757cd-18a1-4996-adab-c61f06e88ef0} - jemopihu.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [0796664399] c:\docume~1\admini~1\applic~1\079666~1\0796664399.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\frog\mbam.exe" /runcleanupscript
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowHelp = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: zuwomebo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Notification Packages = scecli gahehani.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jsrluloi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aimzones.aol.com/homepage
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-3 108552]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-9-5 15656]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-3 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-3 27784]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-3 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-3 297752]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-9-5 2789672]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-15 24652]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-2-16 1057024]

=============== Created Last 30 ================

2009-10-04 21:17 <DIR> --d----- c:\program files\frog
2009-10-04 21:02 <DIR> --d----- c:\windows\system32\xircom
2009-10-04 21:02 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-10-04 21:02 <DIR> --d----- c:\windows\system32\restore
2009-10-04 21:02 <DIR> --d----- c:\windows\system32\oobe
2009-10-04 21:02 <DIR> --d----- c:\windows\srchasst
2009-10-04 21:02 <DIR> --d----- c:\program files\msn gaming zone
2009-10-04 21:00 <DIR> a-dshr-- C:\cmdcons
2009-10-04 20:58 229,888 a------- c:\windows\PEV.exe
2009-10-04 20:58 161,792 a------- c:\windows\SWREG.exe
2009-10-04 20:58 98,816 a------- c:\windows\sed.exe
2009-10-04 20:49 <DIR> --d----- C:\VundoFix Backups
2009-10-04 20:36 <DIR> --d----- c:\docume~1\admini~1\applic~1\0796664399
2009-10-04 20:29 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 20:29 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-04 19:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-04 19:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-04 19:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-04 19:28 <DIR> --d----- c:\windows\pss
2009-10-04 19:18 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-03 17:22 <DIR> --d----- C:\$AVG8.VAULT$
2009-10-03 17:16 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-03 17:16 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-03 17:16 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-03 17:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-03 17:16 <DIR> --d----- c:\program files\AVG
2009-10-03 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-10-03 17:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVG8
2009-09-17 13:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-09-15 22:25 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-09-15 22:24 <DIR> --d----- c:\program files\AIM Toolbar
2009-09-15 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-09-15 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-09-15 22:24 <DIR> --d----- c:\program files\Viewpoint
2009-09-15 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-09-15 22:24 <DIR> --d----- c:\program files\common files\AOL
2009-09-15 22:24 <DIR> --d----- c:\program files\AIM6
2009-09-15 22:24 457 a---h--- C:\IPH.PH
2009-09-15 15:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-09-15 14:16 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-09-15 14:11 <DIR> --d----- c:\program files\World of Warcraft
2009-09-14 21:18 <DIR> --d----- C:\Autodesk
2009-09-14 21:17 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-09-14 21:17 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-09-14 21:17 <DIR> --d----- c:\windows\system32\DirectX
2009-09-14 21:17 <DIR> --d----- c:\windows\Logs
2009-09-14 17:49 1,746 a------- c:\windows\Language_trs.ini
2009-09-14 17:39 <DIR> --d----- c:\program files\VIA
2009-09-14 17:39 331,184 -------- c:\windows\system32\difxapi.dll
2009-09-14 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-09-14 16:54 <DIR> --d----- c:\windows\PCHEALTH
2009-09-14 16:26 <DIR> --d----- c:\windows\system32\AGEIA
2009-09-14 16:26 194,909 a------- c:\windows\system32\nvapps.xml
2009-09-14 16:25 446,464 a------- c:\windows\system32\nvudisp.exe
2009-09-14 16:25 18,335 a------- c:\windows\system32\nvdisp.nvu
2009-09-14 16:25 <DIR> --d----- c:\windows\nview
2009-09-14 16:25 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-09-14 16:20 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-14 16:20 <DIR> --d----- c:\program files\Ventrilo
2009-09-14 16:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-14 16:11 115,328 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-09-14 16:11 9,728 a------- c:\windows\system32\RtNicProp32.dll
2009-09-14 16:11 <DIR> --d----- c:\windows\OPTIONS
2009-09-14 16:11 <DIR> --d----- c:\program files\Realtek
2009-09-13 20:59 9 a------- c:\windows\waitforme.tmp
2009-09-06 13:14 <DIR> --d----- c:\program files\Western Digital
2009-09-05 14:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\WTablet
2009-09-05 14:26 <DIR> --d----- c:\program files\Tablet
2009-09-05 12:36 306,688 a------- c:\windows\IsUninst.exe

==================== Find3M ====================

2009-09-04 18:31 62,633 a------- c:\windows\prio197uninstall.exe
2009-09-04 18:24 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-04 04:43 49,152 a--sh--- c:\windows\system32\jemopihu.dll

============= FINISH: 21:58:51.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RubRabbit

RubRabbit
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 13 October 2009 - 06:37 PM

Please lock thread, decided to reformat.

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 22 October 2009 - 12:47 PM

Hi,

Thanks for letting us know :(

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users