Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Malware Part 2


  • Please log in to reply
No replies to this topic

#1 goomba2

goomba2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 April 2010 - 11:28 AM

Hello!
Thanks for taking your time to help me.
I posted in August last year in this thread and thought my problem was solved. (btw, the help that I received here was great). However, as a sort of spur of the moment kind of thing, I decided to search and see if I still had the problem, and I did.

The file which I have been using to tell if I have this malware is jesterss.dll. There is a program called Everything, which is a lightning fast search freeware program, which can be found here. I've been using this to detect all traces of this malware, and by using this program, I can quickly and efficiently tell where all parts of it are hiding. I'm here because I deleted all traces of this terrible malware with FileASSASSIN, except for one pesky folder which won't delete.
When I use FileASSASSIN, I can delete the one file in the folder (folder called "spool" located in C:\WINDOWS\system32\spool); file called srgb color space profile.icm, located in the spool folder. I unlock the modules in this file with FileASSASSIN, then delete it, and then try to delete the folder. Whenever I try to delete the folder, it tells me "Access denied, file is in use by another person or program" and a new srgb color space profile.icm is created. I was wondering how I could delete this pesky file, and finally be done with this malware once and for all.
There is also a folder called "dllcache" located in C:\WINDOWS\system32 which isn't even visible to me, even when I show hidden files. It's only visible on "Everything."

I kept notice of the malware and its locations, and wrote them down. Here's all the malware I could find, and deleted:

filterpipelineprintproc.dll (Which is found in...)

C:\WINDOWS\Driver Cache\i386
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86
C:\WINDOWS\system32\spool\prtprocs\x64


printfilterpipelinesvc.exe (Which is found in...)

C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86

srgb color space profile.icm (Which is found in...)

C:\WINDOWS\system32\spool\drivers\color

srgb.icm (Which is found in...)

C:\WINDOWS\system32\dllcache

sRGB.pf (Which is found in...)
C:\Program Files\Java\j2re1.4.2\lib\cmm

Any help is greatly appreciated. Thank you!

EDIT: During this time I use Microsoft Security Essentials and Windows XP. Thanks!


EDIT: Moved from XP to Am I Infected...please read/follow all admin instructions in the AII forum from this point on ~ Hamluis.

Edited by hamluis, 05 April 2010 - 11:45 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users