Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newbie soI'm not sure the name of virus or malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 joapepchi

joapepchi

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 25 June 2010 - 12:51 PM

Running Windows Vista 32 bit. Began a couple days ago when I began receiving pop-ups from AV Security suite which I believe I inadvertently hit the "cancel" button on the pop-up which probably installed something. I downloaded and ran Malwarebytes and Ad-Aware. Malwarebytes caught: rogue.antivirus suite.gen, trojan.fraudpack and adware.closetmaid. I am still seeing Mozilla browser redirects from searches even though I deleted what appeared to be a proxy server setup from my browser settings. Not able to run windows update. Also it appears that sometimes my main toolbar looks a different color? Another issue might be a file that runs in my processes: csrss.exe. I find it odd because when I right-click to open the file location it doens't open any folder, though there is a csrss.exe in my system32 folder. Some internet searches have noted that that might be some sort of virus. It currently uses 1412k of memory.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2009 4:35:24 PM
System Uptime: 6/25/2010 8:53:12 AM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 366 GiB total, 107.011 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.843 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 899.973 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.44 beta
AC3Filter (remove only)
Active@ ISO Burner
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe Shockwave Player 11
AIO_Scan
AnswerWorks 5.0 English Runtime
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AV
Bonjour
BufferChm
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
ccCommon
CDDRV_Installer
Centra Client
Compatibility Pack for the 2007 Office system
Copy
Creative ALchemy
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative System Information
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVDneXtCOPY iTurns 1.5.4.2
EPSON Artisan 810 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
erLT
F4100
F4100_doccd
F4100_Help
ffdshow [rev 1723] [2007-12-24]
Free HD Converter V 1.2
Haali Media Splitter
HD Writer AE 1.0 for HDC
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Deskjet All-In-One Software 9.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP Smart Web Printing
HP Total Care Advisor
HP Update
iTunes
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
mBackup
MCE Tunes Pro
MediaInfo 0.7.8
Microsoft .NET Framework 3.5 SP1
Microsoft Halo
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.4)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyNetflix
NETGEAR GA311 Gigabit Adapter
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OcxSetup
OGA Notifier 2.0.0048.0
OpenAL
PDF-XChange 3
PVSonyDll
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
Roxio Backup MyPC
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Seagat

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:45 PM

Posted 30 June 2010 - 03:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:45 PM

Posted 04 July 2010 - 01:52 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:45 PM

Posted 05 July 2010 - 11:41 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:45 PM

Posted 10 July 2010 - 05:30 AM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:45 PM

Posted 13 July 2010 - 11:26 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users