Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue security virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 jaseyjase

jaseyjase

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 February 2010 - 07:25 PM

I have a recurring rogue security virus on my computer. It comes back 1-2 per week, and I am usually able to stave it off temporarily by resetting my computer to a date in the past. The attacks are becoming more frequent and more invasive. Usually the computer locks up and I am inundated with fake security alerts and offers to download fake anti-virus programs. The virus also disables my security programs- Malwarebytes and Microsoft Security Essentials. When I run scans on both of these programs, no viruses are detected. Once in a while Security Essentials catches a virus file, but removing them doesn't seem to fix the problem. I'm trying to attach the DDS file, but I am not seeing the attach option on the bottom of this screen. Also, I attempted to run GMER three times, but it kept crashing my computer. Thanks so much for your assistance - Jason

BC AdBot (Login to Remove)

 


#2 jaseyjase

jaseyjase
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 11 February 2010 - 07:49 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2006 10:01:01 PM
System Uptime: 2/11/2010 5:54:03 PM (1 hours ago)

Motherboard: Intel Corporation | | D102GGC2
Processor: IntelŪ PentiumŪ 4 CPU 3.06GHz | | 3066/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 128.952 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 3.402 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP847: 11/13/2009 8:03:20 PM - Software Distribution Service 3.0
RP848: 11/14/2009 9:43:11 PM - Software Distribution Service 3.0
RP849: 11/15/2009 10:58:57 PM - System Checkpoint
RP850: 11/16/2009 7:06:02 AM - Software Distribution Service 3.0
RP851: 11/17/2009 11:18:52 PM - Software Distribution Service 3.0
RP852: 11/18/2009 11:31:26 PM - System Checkpoint
RP853: 11/19/2009 7:17:51 AM - Software Distribution Service 3.0
RP854: 11/20/2009 7:00:12 PM - Software Distribution Service 3.0
RP855: 11/22/2009 8:12:30 AM - Software Distribution Service 3.0
RP856: 11/23/2009 7:01:10 PM - Software Distribution Service 3.0
RP857: 11/24/2009 8:36:40 PM - Software Distribution Service 3.0
RP858: 11/25/2009 7:47:17 AM - Software Distribution Service 3.0
RP859: 11/26/2009 7:45:17 AM - Software Distribution Service 3.0
RP860: 11/27/2009 8:30:53 AM - Software Distribution Service 3.0
RP861: 11/28/2009 8:55:50 AM - Software Distribution Service 3.0
RP862: 11/29/2009 10:16:43 AM - System Checkpoint
RP863: 11/30/2009 8:14:50 PM - Software Distribution Service 3.0
RP864: 12/2/2009 7:37:01 AM - Software Distribution Service 3.0
RP865: 12/3/2009 6:29:50 PM - Software Distribution Service 3.0
RP866: 12/4/2009 8:00:13 PM - Software Distribution Service 3.0
RP867: 12/5/2009 9:10:28 PM - System Checkpoint
RP868: 12/5/2009 11:49:20 PM - Software Distribution Service 3.0
RP869: 12/7/2009 8:51:15 PM - System Checkpoint
RP870: 12/8/2009 11:10:13 PM - Software Distribution Service 3.0
RP871: 12/9/2009 12:24:01 AM - Software Distribution Service 3.0
RP872: 12/10/2009 12:57:28 AM - System Checkpoint
RP873: 12/10/2009 6:56:17 PM - Software Distribution Service 3.0
RP874: 12/11/2009 8:56:08 PM - Software Distribution Service 3.0
RP875: 12/12/2009 9:18:03 PM - System Checkpoint
RP876: 12/13/2009 2:06:37 AM - Software Distribution Service 3.0
RP877: 12/14/2009 8:12:24 PM - Software Distribution Service 3.0
RP878: 12/15/2009 11:17:13 PM - System Checkpoint
RP879: 12/16/2009 6:59:02 PM - Software Distribution Service 3.0
RP880: 12/17/2009 7:29:26 PM - Software Distribution Service 3.0
RP881: 12/18/2009 11:27:17 PM - Software Distribution Service 3.0
RP882: 12/20/2009 8:43:37 AM - Software Distribution Service 3.0
RP883: 12/21/2009 9:50:20 AM - System Checkpoint
RP884: 12/29/2009 2:25:03 PM - Software Distribution Service 3.0
RP885: 12/30/2009 7:28:30 PM - Software Distribution Service 3.0
RP886: 1/1/2010 7:03:01 AM - Software Distribution Service 3.0
RP887: 1/2/2010 7:35:56 AM - Software Distribution Service 3.0
RP888: 1/3/2010 8:38:39 AM - Software Distribution Service 3.0
RP889: 1/4/2010 7:46:26 PM - Software Distribution Service 3.0
RP890: 1/5/2010 8:02:38 PM - Software Distribution Service 3.0
RP891: 1/6/2010 8:27:18 PM - System Checkpoint
RP892: 1/7/2010 6:22:01 AM - Software Distribution Service 3.0
RP893: 1/8/2010 7:04:17 AM - System Checkpoint
RP894: 1/8/2010 11:20:46 PM - Microsoft Antimalware Checkpoint
RP895: 1/8/2010 11:44:50 PM - Restore Operation
RP896: 1/8/2010 11:59:52 PM - Software Distribution Service 3.0
RP897: 1/10/2010 8:02:35 AM - Software Distribution Service 3.0
RP898: 1/11/2010 7:36:44 PM - Software Distribution Service 3.0
RP899: 1/13/2010 12:15:27 AM - Software Distribution Service 3.0
RP900: 1/13/2010 3:00:20 AM - Software Distribution Service 3.0
RP901: 1/14/2010 7:31:56 AM - Software Distribution Service 3.0
RP902: 1/15/2010 8:05:00 PM - Software Distribution Service 3.0
RP903: 1/16/2010 9:31:43 PM - System Checkpoint
RP904: 1/17/2010 1:33:26 AM - Software Distribution Service 3.0
RP905: 1/17/2010 1:43:26 AM - Microsoft Antimalware Checkpoint
RP906: 1/17/2010 5:45:46 AM - Software Distribution Service 3.0
RP907: 1/18/2010 5:57:49 AM - System Checkpoint
RP908: 1/18/2010 8:01:54 AM - Software Distribution Service 3.0
RP909: 1/19/2010 9:19:58 PM - Software Distribution Service 3.0
RP910: 1/20/2010 7:35:00 AM - Software Distribution Service 3.0
RP911: 1/21/2010 7:45:02 AM - Software Distribution Service 3.0
RP912: 1/22/2010 4:09:54 AM - Software Distribution Service 3.0
RP913: 1/22/2010 7:56:32 PM - Software Distribution Service 3.0
RP914: 1/24/2010 7:31:49 AM - Software Distribution Service 3.0
RP915: 1/25/2010 7:23:17 PM - Software Distribution Service 3.0
RP916: 1/26/2010 10:37:52 PM - Software Distribution Service 3.0
RP917: 1/28/2010 7:14:02 AM - Software Distribution Service 3.0
RP918: 1/29/2010 7:24:55 AM - System Checkpoint
RP919: 1/29/2010 10:57:31 PM - Software Distribution Service 3.0
RP920: 1/31/2010 7:39:27 AM - Software Distribution Service 3.0
RP921: 1/31/2010 7:45:35 AM - Software Distribution Service 3.0
RP922: 2/1/2010 7:44:24 PM - Software Distribution Service 3.0
RP923: 2/2/2010 8:49:57 PM - System Checkpoint
RP924: 2/3/2010 7:01:02 AM - Software Distribution Service 3.0
RP925: 2/4/2010 7:27:11 AM - Software Distribution Service 3.0
RP926: 2/5/2010 8:52:06 AM - System Checkpoint
RP927: 2/6/2010 7:28:14 AM - Software Distribution Service 3.0
RP928: 2/6/2010 5:35:16 PM - Microsoft Antimalware Checkpoint
RP929: 2/7/2010 7:32:48 AM - Software Distribution Service 3.0
RP930: 2/8/2010 8:42:49 AM - System Checkpoint
RP931: 2/9/2010 2:30:23 AM - Software Distribution Service 3.0
RP932: 2/9/2010 12:20:06 PM - Microsoft Antimalware Checkpoint
RP933: 2/9/2010 12:26:42 PM - Restore Operation
RP934: 2/9/2010 12:41:27 PM - Software Distribution Service 3.0
RP935: 2/10/2010 5:46:43 PM - System Checkpoint
RP936: 2/10/2010 9:26:05 PM - Software Distribution Service 3.0
RP937: 2/11/2010 7:40:03 AM - Software Distribution Service 3.0
RP938: 2/11/2010 5:51:08 PM - Restore Operation
RP939: 2/11/2010 5:58:48 PM - Software Distribution Service 3.0
RP940: 2/11/2010 6:10:41 PM - Software Distribution Service 3.0

==== Installed Programs ======================


Adobe Flash Player 10 Plugin
Adobe Flash Player 9
Adobe Reader 7.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
Browser Address Error Redirector
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Desktop Doctor
Digital Media Reader
DVD Solution
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iTunes
J2SE Runtime Environment 5.0 Update 2
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office XP Standard for Students and Teachers
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Move Media Player
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
Napster Burn Engine
Netflix Movie Viewer
Octoshape add-in for Adobe Flash Player
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Soft Data Fax Modem with SmartCP
Sonic Encoders
TBS WMP Plug-in
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wvaiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
WebFldrs XP
Windows Genuine Advantage Validation Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/9/2010 12:29:01 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
2/7/2010 2:19:51 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147628135 User: JASON\Owner Name: Worm:Win32/Vundo.B ID: 2147628135 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.490.0, AS: 1.75.490.0 Engine Version: 1.1.5406.0
2/6/2010 4:26:52 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147628135 User: JASON\Owner Name: Worm:Win32/Vundo.B ID: 2147628135 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.75.477.0, AS: 1.75.477.0 Engine Version: 1.1.5406.0
2/5/2010 2:13:47 PM, error: Dhcp [1002] - The IP address lease 69.143.184.80 for the Network Card with network address 0019D10BC451 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
2/11/2010 6:10:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
2/11/2010 5:54:24 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

==== End Of File ===========================

Edited by Orange Blossom, 20 February 2010 - 03:49 PM.
Move to log forum. ~ OB


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:30 AM

Posted 20 February 2010 - 07:20 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run the DDS program again as you posted only the log that was not requested whistling.gif

Post both logs this time.


Please also run Gmer

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:30 AM

Posted 25 February 2010 - 07:38 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users