Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infections, Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Mike1162

Mike1162

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 01 January 2010 - 07:28 PM

Last week we discoveredwe had a Olmarik Trojan virus that could not be removed by our (then) current PC Speed Scan Pro, that is without sendinding them more money. I heard an ad on KNBR radio about "ESET". Downloaded their free ESET NOD32 Antivirus software, and found you guys in the process. After reading through SEVERAL threads and trying various diffrent manual removal steps, I found the followingfrom a link on your site to Wilders Security: ESET has a new standalone remover for Win32/Olmarik, located at http://download.eset.com/special/EOlmarikRemover.exe. Please try using it to remove the infestation. Regards, Aryeh Goretsky. Who apparantly is an ESET moderator. Anyway, after re-running a Full System Scan with ESET NOD32 Antivirus software I had 1 virus which ESET deleted. I still have function problems, such as not being able to use Microsoft Help (offline)(tried to get pc to restore, Help won't open, Can't use SEARCH, some browser or webpages are blank such my face book home page. Hope this helps.
OH BY THE WAY! the following may be important: I originaly started with Grinler's prep guide dated 11-10-05. I was able to do all steps except #6 the DDS Log. When the DOS style window did open, but it quickly closed with out scanning or creating a report. Tried several times to no avail. I have HiJackThis on my PC and will run a scan to stay ahead if you need the report or need to re-direct me. don't know how to use it though, so a scan is all that I will do.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/01 15:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBADA5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BF1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF4E29000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x834a08a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8349fcb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x834a00d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x834a06d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x834a04f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8349fee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x834a0310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x836b18e0]
Process: System Address: 0x8349e930 Size: 1000

==EOF==

BC AdBot (Login to Remove)

 


#2 Mike1162

Mike1162
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 03 January 2010 - 11:59 AM

FYI- To all reading my original thread. I've decided to Restore the PC from scratch.

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:20 PM

Posted 03 January 2010 - 10:55 PM

Good luck to you and have a good day
Topic closed
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users