Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JV/Selac, Exploit-ByteVerify


  • This topic is locked This topic is locked
2 replies to this topic

#1 janblack

janblack

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 21 January 2010 - 08:06 AM

Hello, a few days ago both Firefox and IE started crashing immediately after every time I tried to open them. Fortunately, Google Chrome still works (though with frequent error messages), and that's the browser I'm using now. I ran a virus scan with McAfee and it found three instances of JV/Selac and one of Exploit-ByteVerify. The program quarantined the files and I've since deleted them, but the problem persists. However, when I run another scan with McAfee it doesn't detect anything. I've scanned with AdAware and SpyBot, as well, and they don't detect anything either.

The reason I'm assuming I still have a malware problem is because when I run my computer on Safe Mode (as I am now), Firefox and IE do open, but when I click on Google search result links I get rerouted to different spam-like websites.

Any help would be appreciated. Thank you.

(By the way, I tried to enable my firewall, but it won't let me do it in Safe Mode)


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by los at 6:27:24.94 on Thu 01/21/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.2322 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\los\Documents\Downloads\HijackThis.exe
C:\Users\los\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\los\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\notepad.exe
C:\Users\los\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\los\AppData\Local\Google\Chrome\Application\chrome.exe
C:\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081230
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6]
uRun: [Google Update] "c:\users\los\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\los\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-26 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664]
S2 gupdate1c992dbd07cd607;Google Update Service (gupdate1c992dbd07cd607);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-23 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-23 144704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-21 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-11 24652]
S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-30 30192]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-30 111616]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-23 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-23 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-23 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-23 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-23 40552]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk60x86l.sys [2009-9-22 61952]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk60x86v.sys [2009-8-27 20992]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-29 73728]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

=============== Created Last 30 ================

2010-01-21 12:23:34 524288 ----a-w- C:\dds.scr
2010-01-21 12:01:05 0 d-----w- c:\windows\pss
2010-01-21 11:47:22 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-21 07:53:34 0 d-----w- c:\programdata\Sun
2010-01-21 07:53:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 06:41:30 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-21 06:41:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-21 04:04:06 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 04:02:01 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-21 04:02:01 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 22:49:16 0 d-----w- c:\windows\system32\URTTEMP
2010-01-19 22:29:10 152621 ----a-w- c:\users\los\bookmarks-2010-01-15.json
2010-01-19 22:29:10 150510 ----a-w- c:\users\los\bookmarks-2010-01-16.json
2010-01-19 22:29:09 152533 ----a-w- c:\users\los\bookmarks-2010-01-14.json
2010-01-19 22:29:09 150535 ----a-w- c:\users\los\bookmarks-2010-01-12.json
2010-01-19 22:29:09 150510 ----a-w- c:\users\los\bookmarks-2010-01-18.json
2010-01-19 20:40:24 6284 ----a-w- c:\users\los\bookmarks.html
2010-01-19 18:01:08 916480 ----a-w- c:\windows\system32\wininet(159).dll
2010-01-19 18:01:07 1985536 ----a-w- c:\windows\system32\iertutil(116).dll
2010-01-19 18:01:07 1208832 ----a-w- c:\windows\system32\urlmon(152).dll
2010-01-19 07:21:50 0 d-----w- c:\programdata\WindowsSearch
2010-01-11 02:29:42 35328 ---ha-w- c:\windows\system32\dialader.dll

==================== Find3M ====================

2010-01-19 17:49:16 8653312 ----a-w- c:\users\los\appdata\roaming\DataSafeDotNet.exe
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-28 04:26:58 130 ----a-w- c:\users\los\appdata\roaming\wklnhst.dat
2009-11-26 06:59:50 174 --sha-w- c:\program files\desktop.ini
2009-11-23 11:34:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-23 11:34:20 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-23 11:34:19 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-23 11:34:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-23 11:34:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-19 23:36:59 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-03 21:43:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-10-31 07:29:32 364544 ----a-w- c:\windows\system32\yk60x86.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11:14 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 14:11:14 834048 ----a-w- c:\windows\system32\wininet(296).dll
2009-10-27 14:11:02 1176064 ----a-w- c:\windows\system32\urlmon(287).dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-27 16:11:37 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-01-27 16:11:37 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-01-27 16:11:37 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-12-30 07:27:18 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 6:28:54.01 ===============


BC AdBot (Login to Remove)

 


#2 janblack

janblack
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 January 2010 - 02:56 AM

Problem has been resolved. No need to check into it anymore. Thank you.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:39 AM

Posted 26 January 2010 - 06:29 AM

Since the issue seems to be resolved, this topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users