Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NewMalware.bx


  • This topic is locked This topic is locked
1 reply to this topic

#1 ghoul

ghoul

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 06 February 2010 - 07:46 AM

hello

my virus scanner discovered two files which were marked as Trojan Horse (NewMalware.bx). Virus scanner placed both files in the quarantine folder.
files are: kcskamifb.exe and A0149780.exe.
Computer running normally.
1. Is my computer infected? If no; can I leave the files in the quarantine folder?
2. If yes: What should I do to get rid of the virus?

please find below dds logs and gmer log.

Grtz


DDS (Ver_09-12-01.01) - NTFSx86
Run by zuiderlingen at 13:00:33,28 on za 06-02-2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.274 [GMT 1:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\Program Files\Bonjour\mDNSResponder.exe
F:\Network Associates\Common Framework\FrameworkService.exe
F:\Network Associates\VirusScan\Mcshield.exe
F:\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Network Associates\VirusScan\SHSTAT.EXE
F:\Network Associates\Common Framework\UpdaterUI.exe
F:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
F:\xampp\apache\bin\apache.exe
C:\Microsoft Office\Office\1043\msoffice.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\ASCOMP Software\BackUp Maker\bkmaker.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Network Associates\VirusScan\scan32.exe
F:\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ShStatEXE] "f:\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "f:\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [ZoneAlarm Client] "f:\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\backup~1.lnk - f:\ascomp software\backup maker\bkmaker.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\microsoft office\office\OSA9.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Ontvang alle bestanden door Net Transport - f:\nettransport 2\NTAddList.html
IE: Ontvangst door Net Transport - f:\nettransport 2\NTAddLink.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zuider~1\applic~1\mozilla\firefox\profiles\txo50mrp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\documents and settings\zuiderlingen\application data\mozilla\firefox\profiles\txo50mrp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: f:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: f:\divx\divx web player\npdivx32.dll
FF - plugin: f:\divx\divx web player\npdivx32.dll
FF - plugin: f:\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\quicktime\plugins\npqtplugin5.dll
FF - plugin: f:\quicktime\plugins\npqtplugin6.dll
FF - plugin: f:\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-12 353672]
R2 McAfeeFramework;McAfee Framework Service;f:\network associates\common framework\FrameworkService.exe [2006-5-15 102463]
R2 McShield;Network Associates McShield;f:\network associates\virusscan\Mcshield.exe [2003-10-15 237657]
R2 McTaskManager;Network Associates Task Manager;f:\network associates\virusscan\VsTskMgr.exe [2003-10-15 69706]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-10-15 83008]
S2 Apache2.2;Apache2.2;f:\xampp\apache\bin\apache.exe [2008-6-14 17408]
S2 gupdate1c99408235dfd42;Google Updateservice (gupdate1c99408235dfd42);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-4 30192]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2007-7-4 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2007-9-8 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2007-9-8 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2007-9-8 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2007-9-8 86368]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]

=============== Created Last 30 ================

2010-02-06 12:00:28 0 d-----w- c:\temp\B7.tmp
2010-02-06 10:20:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-06 10:15:07 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-06 10:15:07 1409 ----a-w- c:\windows\QTFont.for
2010-02-06 10:12:26 1241092 ----a-w- c:\temp\uninst.exe
2010-02-06 10:09:48 0 d-----w- c:\temp\~nsu.tmp
2010-02-06 10:09:40 134624 ----a-w- c:\temp\GLB1A2B.EXE
2010-02-06 10:09:38 153056 ----a-w- c:\temp\unwise.exe
2010-02-06 09:44:12 0 d-----w- c:\docume~1\zuider~1\applic~1\ASCOMP Software
2010-02-06 09:44:08 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-02-06 09:26:06 16384 ----atw- c:\temp\Perflib_Perfdata_860.dat
2010-02-05 15:52:46 0 d-----w- c:\temp\hsperfdata_zuiderlingen
2010-02-05 10:46:32 16384 ----atw- c:\temp\Perflib_Perfdata_117c.dat
2010-02-04 16:51:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 16:51:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 14:47:24 0 d-----w- c:\temp\Google Gadget Cache
2010-02-04 14:08:33 0 d-----w- c:\temp\Adobe
2010-02-04 12:17:03 0 d-----w- c:\temp\VBE
2010-02-03 20:15:42 0 d--h--r- c:\documents and settings\zuiderlingen\Onlangs geopend
2010-01-21 11:47:06 6736 ----a-w- c:\windows\system32\Wingdib.drv
2010-01-21 11:47:06 5024 ----a-w- c:\windows\system32\Wingpal.wnd
2010-01-21 11:47:05 92208 ----a-w- c:\windows\system32\Wing.dll
2010-01-21 11:47:05 385100 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-01-21 11:47:05 188960 ----a-w- c:\windows\system32\Wingde.dll
2010-01-21 11:47:05 129748 ----a-w- c:\windows\system32\MSVCRT.DBG
2010-01-21 11:47:05 12800 ----a-w- c:\windows\system32\Wing32.dll
2010-01-21 11:47:04 5195 ----a-w- c:\windows\system32\Dva.386
2010-01-21 11:47:04 444928 ----a-w- c:\windows\system32\MSVCR40D.DLL
2010-01-21 11:46:19 38 ------w- c:\windows\TopModel.ini
2010-01-21 11:46:19 237 ----a-w- c:\windows\dmi.ini

==================== Find3M ====================

2010-01-14 10:12:06 181120 -c----w- c:\windows\system32\MpSigStub.exe
2009-12-31 15:34:54 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:34:54 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 --s-a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-09 19:47:01 67794 ----a-w- c:\windows\system32\perfc013.dat
2009-12-09 19:47:01 437324 ----a-w- c:\windows\system32\perfh013.dat
2009-11-21 16:03:19 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2006-05-17 19:51:58 88 -csh--r- c:\windows\system32\E466937696.sys
2007-02-04 09:37:54 3610 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-07-16 17:15:57 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008071620080717\index.dat
2009-06-06 20:39:37 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:01:30,39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:47 AM

Posted 09 February 2010 - 10:00 AM

I see that you are already being helped here:

http://hijackthis.nl/forum/viewtopic.php?f=4&t=25809

I have therefore closed this topic.

THanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users