Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 wardpilot

wardpilot

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 06 January 2010 - 08:31 PM

I've seen this in other posts. Everytime when either the computer automatically opens a program, or I open a program manually, I see the message, "Bad Image - The application or DLL c:\windows\system32 supilime.dll is not a valid image. Please check this against your installation diskette." Can someone help me get rid of this virus?



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason Ward at 20:05:58.49 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.118 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jason Ward\Desktop\Power Trio\CrystalCPUID40\CrystalCPUID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Config2500\Utility\Config2500.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Ward\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
uRun: [Power2GoExpress]
uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\jason ward\desktop\power trio\crystalcpuid40\CrystalCPUID.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: c:\windows\system32\supilime.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\supilime.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jasonw~1\applic~1\mozilla\firefox\profiles\ey5qryds.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-22 214664]
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-7-6 46744]
R2 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [2005-4-4 6080]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-22 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-22 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-22 34248]

=============== Created Last 30 ================

2010-01-07 01:47:28 0 d-----w- c:\program files\TrendMicro
2010-01-06 21:10:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-01-06 21:08:07 0 d-----w- c:\program files\Citrix
2010-01-06 21:07:27 61224 ----a-w- c:\documents and settings\jason ward\GoToAssistDownloadHelper.exe
2010-01-04 04:16:18 0 d-----w- c:\windows\system32\XPSViewer
2010-01-04 04:14:59 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-04 04:14:59 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-04 04:14:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-04 04:14:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-04 04:14:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-04 04:14:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-04 04:14:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-04 04:14:56 0 d-----w- C:\52ca100cec88686003ac67
2009-12-30 01:21:29 0 d-----w- c:\docume~1\jasonw~1\applic~1\Red Kawa
2009-12-29 23:59:06 0 d-----w- c:\program files\AviSynth 2.5
2009-12-29 23:58:17 0 d-----w- c:\program files\Red Kawa
2009-12-29 21:44:55 0 d-----w- C:\temp
2009-12-29 21:43:07 0 d-----w- c:\program files\PQDVD
2009-12-29 21:30:46 0 d-----w- c:\program files\MediaCoder
2009-12-28 18:56:15 0 d-----w- c:\docume~1\jasonw~1\applic~1\4Media Software Studio
2009-12-28 18:45:48 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-12-28 18:45:48 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-12-26 22:16:52 0 d-----w- C:\divx

==================== Find3M ====================

2009-11-20 03:17:30 27720 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2007-04-20 01:20:30 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-05-29 23:02:52 0 -csha-w- c:\windows\system32\junepoha.dll
2009-05-29 23:02:52 0 -csha-w- c:\windows\system32\nizedage.dll
2009-05-29 23:02:53 0 --sha-w- c:\windows\system32\supilime.dll
2008-09-12 18:26:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 20:09:49.99 ===============

Attached Files


Edited by wardpilot, 06 January 2010 - 09:25 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 AM

Posted 08 January 2010 - 09:05 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 wardpilot

wardpilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 10 January 2010 - 11:18 AM

Couldn't get the files to paste. So I attached them instead.

Attached Files



#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 AM

Posted 10 January 2010 - 11:25 AM

Hi,

It looks like Malwarebytes fixed it. How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 wardpilot

wardpilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 10 January 2010 - 02:01 PM

The message went away. Does that malware program clean the files for you and shred them or do I have to get another program to do that? I've heard this virus comes back if you don't shred it properly.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 AM

Posted 11 January 2010 - 01:31 AM

Yes, Malwarebytes deletes these. They won't come back. smile.gif
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 wardpilot

wardpilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 11 January 2010 - 01:02 PM

My computer is running much better now. Thank you so much for your help.

Jason Ward

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 AM

Posted 11 January 2010 - 01:04 PM

Glad I could help. smile.gif

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:06 AM

Posted 22 January 2010 - 08:50 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users