Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse BackDoor.SmallX.VX


  • This topic is locked This topic is locked
2 replies to this topic

#1 Olivia d'India

Olivia d'India

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 20 November 2009 - 04:29 AM

Dear all,

Not sure what is going wrong in my system. I've been trying to follow as much as I can your guide. Please do let me know if I got infected by some malwares.
Thanks for your kind assistance.

Olivia


DDS (Ver_09-10-26.01) - NTFSx86
Run by Olivia Godeluck at 14:35:25,73 on 20/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2046.1423 [GMT 5,5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\olivia godeluck\local settings\application data\vmemdsjb.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Olivia Godeluck\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1080410
uSearch Page = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
uDefault_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1080410
uSearch Bar = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
mDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1080410
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [vmemdsjb] "c:\documents and settings\olivia godeluck\local settings\application data\vmemdsjb.exe" vmemdsjb
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Easy PDF Creator] c:\program files\adobe\easy pdf creator\EasyPDFCreator.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [CameraFixer] c:\windows\CameraFixer.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8A961FBD-18C1-11DA-9552-00D0B78FD999} - hxxps://corporate.hdfcbank.com/snkl_otl/sr_otl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\olivia~1\applic~1\mozilla\firefox\profiles\1c0m8lt3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-4-29 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-4-29 108552]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [2007-8-16 19200]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 297752]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-4 14336]
S2 vtigercrm504;vtigercrm504;c:\program files\vtigercrm5\apache\bin\Apache.exe [2009-2-4 20541]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2009-2-10 24448]

=============== Created Last 30 ================

2009-11-20 08:56:11 0 d-----w- c:\windows\system32\AGEIA
2009-11-20 08:55:58 0 d-----w- c:\program files\fichiers communs\Wise Installation Wizard
2009-11-20 08:54:52 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-20 08:35:34 0 d-----w- C:\NVIDIA
2009-11-20 08:34:03 405504 ----a-w- c:\windows\stsystra.exe
2009-11-20 08:34:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-11-20 08:33:40 146944 ----a-w- c:\windows\system32\st325602.dll
2009-11-20 08:32:12 0 d-----w- C:\Intel
2009-11-20 08:21:47 143360 ----a-w- c:\windows\system32\bcmwlapi.dll
2009-11-20 06:58:06 0 d-sh--r- C:\cmdcons
2009-11-20 06:58:00 0 d-----w- c:\windows\setup.pss
2009-11-20 06:57:13 0 d-----w- c:\windows\setupupd
2009-11-19 07:41:21 0 d-----w- c:\windows\system32\NtmsData
2009-11-10 18:36:22 14 ----a-w- c:\windows\system32\systeminfo.dll
2009-11-10 18:36:20 0 d-----w- c:\docume~1\alluse~1\applic~1\DVD X Studios
2009-11-10 18:36:08 363520 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-10 18:36:08 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-11-10 18:36:07 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2009-11-10 18:36:07 56832 ----a-w- c:\windows\system32\dllcache\msdvbnp.ax
2009-11-10 18:36:07 33280 ----a-w- c:\windows\system32\psisrndr.ax
2009-11-10 18:36:07 33280 ----a-w- c:\windows\system32\dllcache\psisrndr.ax
2009-11-10 18:36:01 0 d-----w- c:\program files\DVD X Studios
2009-11-10 18:29:23 0 d-----w- C:\Nouveau dossier 2
2009-11-10 18:29:23 0 d-----w- C:\Nouveau dossier 1
2009-11-08 12:48:14 0 d-----w- c:\program files\fichiers communs\DivX Shared
2009-11-08 12:48:13 0 d-----w- c:\program files\DivX

==================== Find3M ====================

2009-11-20 08:34:08 86712 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-20 08:34:08 515286 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-17 13:04:34 53497 ----a-w- c:\windows\system32\nvModes.dat
2009-10-20 00:07:10 3084288 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-18 09:56:10 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-09-11 14:12:20 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:12:20 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:46:35 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:46:35 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 05:10:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 08:15:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:15:37 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2008-04-28 05:40:20 15397 ----a-w- c:\program files\settings.dat

============= FINISH: 14:37:30,32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 27 November 2009 - 10:52 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 02 December 2009 - 10:21 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users