Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just-in-Time Debugging/Google Result Link Redirect/Start-Up Check for Consistency


  • This topic is locked This topic is locked
27 replies to this topic

#1 ChessieGirl

ChessieGirl

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 April 2010 - 09:52 AM

About 3 weeks ago, we caught the XP Security Center virus. I was able to remove it with Malwarebytes Anti-Malware, but right after (like the same day) the removal a couple of other things started happening that I don't know how to fix. On start-up, I get a blue screen telling me the computer needs to check my F drive (external hard drive) for consistency. Also, I keep getting a pop-up for Just-In-Time Debugging (I have not knowingly downloaded Visual Basic or Download Accelerator Plus). Finally, Google results links are redirecting to other sites. I can copy and past the website addres into the address bar and get to the correct website, but the hyperlink will redirect. You may need to know that upon successful removal of the XP Security Center virus, I got rid of my MacAfee security and downloaded AVG security.

Yesterday, I decided to post to your forum and noticed that the original virus was back (now showing as Antivirus Security Center), and all of the other problems were continuing. I posted to the "Am I Infected? What do I do" arena. Boopme helped me get rid of the original virus, but I am still having the problems with start-up, Just-In-Time Debugging, and Google results link redirect. Boopme suggested I follow steps 6-9 of the Preparation Guide and post here.


Here is the DDS.txt log. I am also attaching the Attach.txt log and Ark.txt log.

Thank you in advance for your assistance.

DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 9:37:11.79 on Mon 04/05/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.441 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://baltimore.orioles.mlb.com/index.jsp?c_id=bal
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228869111531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-16 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-16 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-16 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-16 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-16 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-16 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-16 5888008]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-8-14 98304]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-16 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-16 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-16 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-16 26120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1ca6dfae51b8ae;Google Update Service (gupdate1ca6dfae51b8ae);c:\program files\google\update\GoogleUpdate.exe [2009-11-25 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-16 30104]

=============== Created Last 30 ================

2010-04-05 13:33:24 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-04-04 22:26:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-04 22:26:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-04 22:26:28 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-04-04 21:08:38 0 d-----w- c:\program files\Lisa
2010-03-19 11:30:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 02:20:45 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
2010-03-18 22:50:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-18 01:10:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 01:10:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 01:10:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 01:02:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 00:33:28 0 d--h--w- C:\$AVG
2010-03-17 00:33:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-17 00:33:13 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-17 00:33:12 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 00:33:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 00:32:51 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-17 00:32:16 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-17 00:32:16 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-17 00:32:16 0 d-----w- c:\program files\AVG
2010-03-17 00:32:06 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-16 23:02:57 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-03-16 23:02:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 23:34:35 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-14 22:21:27 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cac3c4b0298d80.mof
2010-03-13 23:50:43 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-11 00:51:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Nevosoft
2010-03-10 04:33:38 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll

==================== Find3M ====================

2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 9:38:26.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:26 PM

Posted 05 April 2010 - 01:23 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *
  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#3 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 April 2010 - 02:59 PM

Well, I have good news and bad news. CF gave me a fit to run....it rebooted me twice. No log automatically popped up. The only thing I can find is copied below. I don't know if this is correct or not.

My Google results no longer seem to be redirected.

I haven't seen Just-In-Time Debugging...yet.

My computer is still trying to check my external hard drive for consistency on start-up.


CF Results:

ComboFix 10-04-04.01 - Administrator 04/05/2010 15:31:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.563 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Riley.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:26 PM

Posted 05 April 2010 - 05:59 PM

I'm not too worried about the consistency check as I don't recognize it as a malware issue as such. If the PC looks clean then i'll get somebody techy to look at this problem.

Go here and click the Download EXE button at the top and save the file to your Desktop - the file is randomly named to try to sidestep the actions of certain malicious files.
Double click the file to begin:
  • If you get a pop-up regarding rootkit activity and are asked if you want to scan, click No.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for
    • Sections
    • IAT/EAT
    • Show All
    • All drives except your main one, which is usually C:\.
  • Click the Scan button on the right and OK any pop-up that you may see regarding rootkit activity.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Save... button and again save the log with any name to a handy location.
Post the contents of the log(s) into your next reply. The Preview option on the forum may show the whole log(s) being posted, but they sometimes get cut down when the actual post is made, so please check the post once it is completed.

So long, and thanks for all the fish.

 

 


#5 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 April 2010 - 06:57 PM

Here is the log...it's pretty short:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 19:55:32
Windows 5.1.2600 Service Pack 3
Running: 0ji3g8cj.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aweyrkow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA8152670]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA596320]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA81527C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8152860]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----


#6 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 April 2010 - 06:58 PM

Is it possible that the system check is related to the AVG AV program?

And I haven't seen Just-In-Time Debugging since CF ran!

#7 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 April 2010 - 09:09 PM

I will check back in tomorrow evening.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:26 PM

Posted 06 April 2010 - 01:28 PM

Good evening. smile.gif

QUOTE
Is it possible that the system check is related to the AVG AV program?

I've not come across the issue before so it could be AVG, but then again it might not be - i've really no idea at this stage. (Not very reassuring, but honest whistling.gif )

The infection that GMER highlighted appears to have been successfully dealt with which is a good start. I'd like you to run an online scan as a second opinion on the general state of your system as the CF log was incomplete.

Pay a visit to the ESET Online Scanner.
  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you uncheck the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

I would also like a fresh DDS log as well.

So long, and thanks for all the fish.

 

 


#9 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 April 2010 - 03:02 PM

Will do so as soon as I get home. At work now.

#10 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 April 2010 - 06:23 PM

Here are the logs. I attached the DDS and Attach text logs:

ESET:

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.VM trojan

____________________________________________________________________________________________

Attached Files



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:26 PM

Posted 07 April 2010 - 01:53 PM

Good evening. smile.gif

I don't see anything to be concerned about in your logs, the ESET detection being something that ComboFix removed and quarantined, so i'm inclined to think that your machine is clean.
With regard to the consistency check, do you own an external hard drive and have you let Windows run the check?

So long, and thanks for all the fish.

 

 


#12 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 07 April 2010 - 02:16 PM

Yes, I own an external hard drive (a WD Passport I just bought last year) and that is the drive that is being checked consistency.

I did let it run once and it mentioned something about replacing a corrupt file regarding Medal of Honor Modern Warfare, which I had downloaded to the external HD to save space on the C drive. Once it finished with that, it wanted to run a scan of something else (I can't remember what). I didn't let that run for 2 reasons: 1. the first scan took a while and 2) this started right when the original virus I had started and I was actually afraid it was the virus causing the message and trying spread itself....stupid I know. I haven't let the scan run since for the same reason.

Thank you so much for your assistance in cleaning up my computer! I really appreciate it.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:26 PM

Posted 07 April 2010 - 02:39 PM

OK, connect you external drive to your PC and scan it with both your resident anti-virus program and MBAM - select the Perform full scan option.
I'd like to know what AVG finds, if anything, and also see the the log that MBAM produces.

So long, and thanks for all the fish.

 

 


#14 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 07 April 2010 - 02:51 PM

I always keep it connected to the PC...should I not do that?

When I get home I will peform both an AVG scan and a MBAM scan of the F drive only and let you know what is found.

Also, any ideas as to how to prevent the viruses from coming back now that the computer is clean? I only ask because the Security Center has come back once already (originally presented as XP Security Center which was removed and then came back a few weeks later as Antivirus Security Center).

#15 ChessieGirl

ChessieGirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 07 April 2010 - 05:50 PM

Both scans were clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users