Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Desktop Security 2010


  • This topic is locked This topic is locked
7 replies to this topic

#1 fogde

fogde

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 16 April 2010 - 11:27 AM

Help i got infected with this and can not remove. i have tried running Malwarebytes and Windows Defender and they will not startup and Spybot can not find it.

Thanks

Edited by elise025, 16 April 2010 - 11:56 AM.
Since no logs are posted, I am moving this to the Am I Infected forum ~ Elise


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 16 April 2010 - 01:32 PM

Hello and welcome... please follow our Removal Guide here Remove Desktop Security 2010 (Uninstall Guide)
You will move to the Automated Removal Instructions :

After you completed that post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fogde

fogde
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 17 April 2010 - 10:31 PM

it's still not letting me load malwarebytes i have ran the rkill and iexplore numerous times and its not working

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 17 April 2010 - 10:40 PM

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run post the DDS log only.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 fogde

fogde
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 17 April 2010 - 11:17 PM

i getting microsoft visual c++ error message when i run dds

#6 mlangrick

mlangrick

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 18 April 2010 - 03:25 AM

I think I may have the same virus, I followed your instructions and I still appear to have the virus as I am unable to open programs on one user account. The log i recieved is shown below;

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x25252525, pid=7036, tid=4544
#
# Java VM: Java HotSpot™ Client VM (11.0-b16 mixed mode windows-x86)
# Problematic frame:
# C 0x25252525
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x0cb6c800): JavaThread "thread applet-Main.class-1" [_thread_in_native, id=4544, stack(0x0d460000,0x0d4b0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x25252525

Registers:
EAX=0x00000000, EBX=0x08e0d048, ECX=0x0cc01d70, EDX=0x00000000
ESP=0x0d4af8fc, EBP=0x41444444, ESI=0x08e0d048, EDI=0x0cb6c800
EIP=0x25252525, EFLAGS=0x00210246

Top of Stack: (sp=0x0d4af8fc)
0x0d4af8fc: 0cb55100 0d4af900 08e0d048 0d4af934
0x0d4af90c: 08e0d710 00000000 08e0d048 00000000
0x0d4af91c: 0d4af930 0d4af95c 025c2e83 00000000
0x0d4af92c: 025c8189 048c0200 048cc4f0 048cc4f0
0x0d4af93c: 0d4af93c 08e0cfa7 0d4af96c 08e0d710
0x0d4af94c: 00000000 08e0cfc8 0d4af930 0d4af968
0x0d4af95c: 0d4af990 025c2da1 048cf1e8 048c0200
0x0d4af96c: 048cc4f0 0d4af970 08e0c551 0d4af9a8

Instructions: (pc=0x25252525)
0x25252515:
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]

Stack: [0x0d460000,0x0d4b0000], sp=0x0d4af8fc, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x25252525

[error occurred during error reporting (printing native stack), id 0xc0000005]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
J Main.init()V
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0cb6cc00 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=8008, stack(0x0d4b0000,0x0d500000)]
0x0cb6d800 JavaThread "Thread-10" [_thread_blocked, id=5884, stack(0x0d620000,0x0d670000)]
0x0cb6d400 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=6028, stack(0x0d550000,0x0d5a0000)]
=>0x0cb6c800 JavaThread "thread applet-Main.class-1" [_thread_in_native, id=4544, stack(0x0d460000,0x0d4b0000)]
0x0cb6c000 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=3240, stack(0x0d3c0000,0x0d410000)]
0x0cb6bc00 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=5092, stack(0x0ce70000,0x0cec0000)]
0x0cb6b000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=7880, stack(0x0d280000,0x0d2d0000)]
0x0cb6ac00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=6892, stack(0x0d370000,0x0d3c0000)]
0x0cb6a400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=7840, stack(0x0d320000,0x0d370000)]
0x0cb59400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=1044, stack(0x0d2d0000,0x0d320000)]
0x0cb58400 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=7632, stack(0x0d230000,0x0d280000)]
0x0cb4fc00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=5316, stack(0x0d1e0000,0x0d230000)]
0x0cb4d800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=7812, stack(0x0d090000,0x0d0e0000)]
0x0cb4b000 JavaThread "AWT-Shutdown" [_thread_blocked, id=6512, stack(0x0cfc0000,0x0d010000)]
0x01c6fc00 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=7820, stack(0x0cf10000,0x0cf60000)]
0x0cb29800 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" [_thread_in_native, id=3756, stack(0x0cec0000,0x0cf10000)]
0x01c69800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=7780, stack(0x0ce20000,0x0ce70000)]
0x01c69400 JavaThread "Timer-0" [_thread_blocked, id=7752, stack(0x0cdb0000,0x0ce00000)]
0x01c24000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=6456, stack(0x0ca10000,0x0ca60000)]
0x01c1dc00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=4712, stack(0x0c9c0000,0x0ca10000)]
0x01c1d800 JavaThread "Attach Listener" daemon [_thread_blocked, id=2068, stack(0x02540000,0x02590000)]
0x01c12c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7680, stack(0x024f0000,0x02540000)]
0x01c00800 JavaThread "Finalizer" daemon [_thread_blocked, id=548, stack(0x02450000,0x024a0000)]
0x01bfc000 JavaThread "Reference Handler" daemon [_thread_blocked, id=7204, stack(0x02400000,0x02450000)]
0x025b9800 JavaThread "main" [_thread_blocked, id=7672, stack(0x00140000,0x00190000)]

Other Threads:
0x01bf7400 VMThread [stack: 0x01c70000,0x01cc0000] [id=7664]
0x01c25400 WatcherThread [stack: 0x0ca60000,0x0cab0000] [id=7716]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4544K, used 3141K [0x045c0000, 0x04aa0000, 0x04aa0000)
eden space 4096K, 76% used [0x045c0000, 0x048d17d8, 0x049c0000)
from space 448K, 0% used [0x04a30000, 0x04a30000, 0x04aa0000)
to space 448K, 0% used [0x049c0000, 0x049c0000, 0x04a30000)
tenured generation total 60544K, used 59952K [0x04aa0000, 0x085c0000, 0x085c0000)
the space 60544K, 99% used [0x04aa0000, 0x0852c038, 0x0852c200, 0x085c0000)
compacting perm gen total 12288K, used 8594K [0x085c0000, 0x091c0000, 0x0c5c0000)
the space 12288K, 69% used [0x085c0000, 0x08e24850, 0x08e24a00, 0x091c0000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x778d0000 - 0x779f7000 C:\Windows\system32\ntdll.dll
0x77690000 - 0x7776c000 C:\Windows\system32\kernel32.dll
0x775c0000 - 0x77686000 C:\Windows\system32\ADVAPI32.dll
0x760a0000 - 0x76163000 C:\Windows\system32\RPCRT4.dll
0x70300000 - 0x7031e000 C:\Windows\system32\ShimEng.dll
0x75db0000 - 0x75ddc000 C:\Windows\system32\apphelp.dll
0x6d720000 - 0x6d7a8000 C:\Windows\AppPatch\AcLayers.DLL
0x77440000 - 0x774dd000 C:\Windows\system32\USER32.dll
0x76f60000 - 0x76fab000 C:\Windows\system32\GDI32.dll
0x761b0000 - 0x76cc0000 C:\Windows\system32\SHELL32.dll
0x774e0000 - 0x7758a000 C:\Windows\system32\msvcrt.dll
0x773e0000 - 0x77439000 C:\Windows\system32\SHLWAPI.dll
0x77290000 - 0x773d5000 C:\Windows\system32\ole32.dll
0x76cc0000 - 0x76d4d000 C:\Windows\system32\OLEAUT32.dll
0x75e30000 - 0x75e4e000 C:\Windows\system32\USERENV.dll
0x75e10000 - 0x75e24000 C:\Windows\system32\Secur32.dll
0x72e80000 - 0x72ec2000 C:\Windows\system32\WINSPOOL.DRV
0x75890000 - 0x758a4000 C:\Windows\system32\MPR.dll
0x77770000 - 0x7778e000 C:\Windows\system32\IMM32.DLL
0x75fd0000 - 0x76098000 C:\Windows\system32\MSCTF.dll
0x761a0000 - 0x761a9000 C:\Windows\system32\LPK.DLL
0x76d50000 - 0x76dcd000 C:\Windows\system32\USP10.dll
0x75a10000 - 0x75bae000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
0x76170000 - 0x76199000 C:\Windows\system32\imagehlp.dll
0x76fb0000 - 0x77096000 C:\Windows\system32\WININET.dll
0x77a10000 - 0x77a13000 C:\Windows\system32\Normaliz.dll
0x77790000 - 0x778c3000 C:\Windows\system32\urlmon.dll
0x770a0000 - 0x77288000 C:\Windows\system32\iertutil.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x74b50000 - 0x74b82000 C:\Windows\system32\WINMM.dll
0x74b10000 - 0x74b4d000 C:\Windows\system32\OLEACC.dll
0x6d280000 - 0x6d288000 C:\Program Files\Java\jre6\bin\hpi.dll
0x75ee0000 - 0x75ee7000 C:\Windows\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x10000000 - 0x10006000 c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll
0x76dd0000 - 0x76f5a000 C:\Windows\system32\SETUPAPI.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1c0000 - 0x6d1d3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x75790000 - 0x75882000 C:\Windows\system32\CRYPT32.dll
0x758f0000 - 0x75902000 C:\Windows\system32\MSASN1.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x750e0000 - 0x750e8000 C:\Windows\system32\VERSION.dll
0x72060000 - 0x72287000 C:\Windows\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x77590000 - 0x775bd000 C:\Windows\system32\WS2_32.dll
0x77a00000 - 0x77a06000 C:\Windows\system32\NSI.dll
0x75400000 - 0x7543b000 C:\Windows\system32\mswsock.dll
0x75470000 - 0x75475000 C:\Windows\System32\wship6.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d138000 C:\Program Files\Java\jre6\bin\awt.dll
0x73b80000 - 0x73b8c000 C:\Windows\system32\DWMAPI.DLL
0x6d220000 - 0x6d274000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x75010000 - 0x75015000 C:\Windows\System32\wshtcpip.dll
0x74650000 - 0x7465f000 C:\Windows\system32\NLAapi.dll
0x756a0000 - 0x756b9000 C:\Windows\system32\IPHLPAPI.DLL
0x75660000 - 0x75695000 C:\Windows\system32\dhcpcsvc.DLL
0x75be0000 - 0x75c0c000 C:\Windows\system32\DNSAPI.dll
0x75bb0000 - 0x75bb7000 C:\Windows\system32\WINNSI.DLL
0x75600000 - 0x75622000 C:\Windows\system32\dhcpcsvc6.DLL
0x726e0000 - 0x726ef000 C:\Windows\system32\napinsp.dll
0x726c0000 - 0x726d2000 C:\Windows\system32\pnrpnsp.dll
0x726b0000 - 0x726b8000 C:\Windows\System32\winrnr.dll
0x75f80000 - 0x75fc9000 C:\Windows\system32\WLDAP32.dll
0x16080000 - 0x160a5000 C:\Program Files\Bonjour\mdnsNSP.dll
0x730c0000 - 0x730c6000 C:\Windows\system32\rasadhlp.dll
0x75200000 - 0x7523b000 C:\Windows\system32\rsaenh.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x74390000 - 0x74400000 C:\Windows\system32\DSOUND.dll
0x750f0000 - 0x7510a000 C:\Windows\system32\POWRPROF.dll
0x72370000 - 0x7239f000 C:\Windows\system32\wdmaud.drv
0x702b0000 - 0x702b4000 C:\Windows\system32\ksuser.dll
0x74ac0000 - 0x74ae8000 C:\Windows\system32\MMDevAPI.DLL
0x746f0000 - 0x746f7000 C:\Windows\system32\AVRT.dll
0x74660000 - 0x7468d000 C:\Windows\system32\WINTRUST.dll
0x745f0000 - 0x74611000 C:\Windows\system32\AUDIOSES.DLL
0x74320000 - 0x74386000 C:\Windows\system32\audioeng.dll
0x74e20000 - 0x74e29000 C:\Windows\system32\msacm32.drv
0x74e00000 - 0x74e14000 C:\Windows\system32\MSACM32.dll
0x74df0000 - 0x74df7000 C:\Windows\system32\midimap.dll

VM Arguments:
jvm_args: -D__jvm_launched=2662612895 -Xbootclasspath/a:C:\\PROGRA~1\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\plugin.jar -Dsun.plugin2.jvm.args=-D__jvm_launched=2662612895 "-Xbootclasspath/a:C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\classes" --
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid1260_pipe3,read_pipe_name=jpi2_pid1260_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
USERNAME=Martin L
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 10, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows Vista Build 6002 Service Pack 2

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 7 stepping 10, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 2097151k(1491328k free), swap 4194303k(4194303k free)

vm_info: Java HotSpot™ Client VM (11.0-b16) for windows-x86 JRE (1.6.0_11-b03), built on Nov 10 2008 02:15:12 by "java_re" with MS VC++ 7.1

time: Sat Apr 17 22:49:06 2010
elapsed time: 6 seconds

PLEASE HELP!!!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 18 April 2010 - 12:18 PM

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:33 AM

Posted 19 April 2010 - 09:20 PM

@ mlangrick,

Please start your own topic so you can receive assistance.

Hello fogde,

Now that you have posted a log here: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users