Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run virus fix programs or restore to factory settings


  • Please log in to reply
3 replies to this topic

#1 mistyblue120

mistyblue120

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 July 2010 - 12:28 AM

Running Vista Home Basic on an Acer laptop - I know I have nasty trojan virus bad-news and I can't get rid of it. The programs I downloaded (RKill, MBAM, Hijack This and a few others) will install, but as soon as you try to run it, it just disappears. Sometimes the shortcut turns into a basic icon or altogether disappears when I go to try and run it a second time. At this point, I was ready to just use the Acer eRecovery program, but even that does the same thing - it'll take me as far as the prompt to select 'yes' on taking the C drive back to it's factory settings - but then the program just disappears and my computer automatically reboots.

I've also just lost the function to right click, which means I also can't run programs as an administrator.

I'm at the mercy of someone to coach me though this - all I've been able to get a log from is the BitDefender online quick scan, which follows:

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Tue Jul 06 00:24:21 2010
Machine ID: 10996666



Found 21 infected files!
------------------------

C:\Windows\system32\tahuhabu.dll --> Gen:Variant.TDss.20

C:\Windows\system32\lasipuna.dll --> Gen:Variant.NSAnti.1

C:\Windows\system32\disolada.dll --> Gen:Variant.TDss.20

C:\Windows\system32\kobivusa.dll --> Gen:Variant.TDss.20

C:\Windows\system32\jobazujo.dll --> Gen:Variant.TDss.20

C:\Windows\system32\makobuja.dll --> Gen:Variant.TDss.20

C:\Windows\system32\fajabami.dll --> Gen:Variant.TDss.20

C:\Windows\system32\jebifivu.dll --> Trojan.Generic.3236834

C:\Windows\system32\susevida.dll.tmp --> Gen:Heur.Krypt.14

C:\Windows\system32\duvidoyo.dll --> Trojan.Vundo.GRU

C:\Windows\system32\titunela.dll.tmp --> Gen:Heur.Krypt.14

C:\Windows\system32\vajifuvi.exe --> Trojan.Generic.3988115

C:\Windows\system32\haburubo.dll.tmp --> Gen:Heur.Krypt.14

C:\Windows\system32\raliyavi.dll --> Gen:Variant.TDss.20

C:\Windows\system32\lazejada.dll --> Gen:Variant.TDss.20

C:\Windows\system32\xxxxfujogeyu.dll --> Gen:Variant.TDss.20

C:\Windows\system32\liyagili.dll --> Gen:Variant.TDss.20

C:\Windows\system32\debomoba.dll --> Gen:Variant.TDss.20

C:\Windows\system32\layitomo.exe --> Trojan.Generic.3988115

C:\Windows\system32\feripoma.dll --> Trojan.Generic.3236834

C:\Windows\system32\tebiteno.dll --> Gen:Variant.TDss.20



Processes
---------
<verified> AOL Connectivity Service 3772 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
<verified> AOL Service Libraries 2784 C:\Program Files\Common Files\AOL\1274498414\ee\aolsoftware.exe
<verified> Firefox 2132 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> iTunes 2776 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Microsoft® Windows® Operating System 2452 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2388 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 3016 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 3264 C:\Windows\system32\wbem\unsecapp.exe


Network activity
----------------
Process firefox.exe (2132) connected on port 80 (HTTP) --> a96-17-204-20.deploy.akamaitechnologies.com
Process firefox.exe (2132) connected on port 80 (HTTP) --> yo-in-f113.1e100.net
Process firefox.exe (2132) connected on port 80 (HTTP) --> a96-17-197-115.deploy.akamaitechnologies.com
Process firefox.exe (2132) connected on port 80 (HTTP) --> dc2.122.2o7.net



Autoruns and critical files
---------------------------
<verified> AOL Service Libraries C:\Program Files\Common Files\AOL\1274498414\ee\aolsoftware.exe
<verified> Intel® Common User Interface C:\Windows\System32\igfxdev.dll
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> eDStoolbar Module c:\windows\system32\edstoolbar.dll
<unsigned> MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

<verified> AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\1wql4hvy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\1wql4hvy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: C:\Windows\system32\__c002533A.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002533A\"DllName"

File not found: C:\Windows\system32\__c002A990.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002A990\"DllName"

File not found: C:\Windows\system32\__c00309B9.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00309B9\"DllName"

File not found: C:\Windows\system32\__c0034A23.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0034A23\"DllName"

File not found: C:\Windows\system32\__c004E494.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004E494\"DllName"

File not found: C:\Windows\system32\__c004E842.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004E842\"DllName"

File not found: C:\Windows\system32\__c00509FA.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00509FA\"DllName"

File not found: C:\Windows\system32\__c0053CA9.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0053CA9\"DllName"

File not found: C:\Windows\system32\__c0057079.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0057079\"DllName"

File not found: C:\Windows\system32\__c005CA38.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c005CA38\"DllName"

File not found: C:\Windows\system32\__c005EE1E.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c005EE1E\"DllName"

File not found: C:\Windows\system32\__c0064698.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0064698\"DllName"

File not found: C:\Windows\system32\__c006E03.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006E03\"DllName"

File not found: C:\Windows\system32\__c006EE59.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006EE59\"DllName"

File not found: C:\Windows\system32\__c00742BE.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00742BE\"DllName"

File not found: C:\Windows\system32\__c0074E2E.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0074E2E\"DllName"

File not found: C:\Windows\system32\__c0077357.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0077357\"DllName"

File not found: C:\Windows\system32\__c0077959.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0077959\"DllName"

File not found: C:\Windows\system32\__c007AA40.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007AA40\"DllName"

File not found: C:\Windows\system32\__c007C138.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007C138\"DllName"

File not found: C:\Windows\system32\__c00805F4.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00805F4\"DllName"

File not found: C:\Windows\system32\__c008F0D8.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008F0D8\"DllName"

File not found: C:\Windows\system32\__c0091649.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0091649\"DllName"

File not found: C:\Windows\system32\__c0092835.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0092835\"DllName"

File not found: C:\Windows\system32\__c0093B4A.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0093B4A\"DllName"

File not found: C:\Windows\system32\__c0095DA2.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0095DA2\"DllName"

File not found: C:\Windows\system32\__c0095DA6.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0095DA6\"DllName"

File not found: C:\Windows\system32\__c009EDB0.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009EDB0\"DllName"

File not found: C:\Windows\system32\__c00A8BE9.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00A8BE9\"DllName"

File not found: C:\Windows\system32\__c00AC63A.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00AC63A\"DllName"

File not found: C:\Windows\system32\__c00B0FE1.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B0FE1\"DllName"

File not found: C:\Windows\system32\__c00C4AA0.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00C4AA0\"DllName"

File not found: C:\Windows\system32\__c00CADEC.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00CADEC\"DllName"

File not found: C:\Windows\system32\__c00D07C4.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D07C4\"DllName"

File not found: C:\Windows\system32\__c00D76EA.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D76EA\"DllName"

File not found: C:\Windows\system32\__c00E401A.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E401A\"DllName"

File not found: C:\Windows\system32\__c00E5B95.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E5B95\"DllName"

File not found: C:\Windows\system32\__c00E8790.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E8790\"DllName"

File not found: C:\Windows\system32\__c00F7A90.dat
referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F7A90\"DllName"

File not found: pililape.dll
referenced in: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

File not found: 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"捁牥吠畯⁲敒業摮牥"


Scan
----
<unsigned> MD5: 7a9e8c1be235d0b0ca784a13fc960b6a C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
<unsigned> MD5: b462c73b8b9498a8f0f895b757733698 C:\Acer\Empowering Technology\eNet\eNet Service.exe
<unsigned> MD5: d4dbd5df926a2a16f6f148559e006075 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
<unsigned> MD5: 448e6defa9dfb76207a529fc0fb64069 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
<unsigned> MD5: 247bd99d52950ea6b761fa07d87e59ed C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
<unsigned> MD5: 7dabc3f712e3d9c6acbe9a9cdc5b3d30 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
<unsigned> MD5: f7ca67bf5bfe5988ca021723d45397d5 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
<unsigned> MD5: 2856c172401b665fb7451b4b4cc5d657 C:\Program Files\Common Files\AOL\1274498414\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll
<unsigned> MD5: 71fbd78da12b4bfb1f916453c8a08d27 C:\Program Files\Common Files\AOL\1274498414\ee\services\authentication\ver6_1_8_1\authentication.dll
<unsigned> MD5: 40dccdae78237af1f20acbbaf474a2a3 C:\Program Files\Common Files\AOL\1274498414\ee\services\basics\ver8_0_4_1\basics.dll
<unsigned> MD5: e2820f3d10c1621a683f29a083fe603d C:\Program Files\Common Files\AOL\1274498414\ee\services\localStorage\ver7_1_5_2\clsSvc.dll
<unsigned> MD5: 502f30577e6fdece1ca6f0f3da1f1b32 C:\Program Files\Common Files\AOL\1274498414\ee\services\metrics\ver3_6_15_1\cmls.dll
<unsigned> MD5: da8cff2e849bb7c09bf4a6e170615e35 C:\Program Files\Common Files\AOL\1274498414\ee\services\notification\ver6_2_6_1\Notify.dll
<unsigned> MD5: d84b39c5b3e6578af9ec9d9ca4965c14 C:\Program Files\Common Files\AOL\1274498414\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
<unsigned> MD5: f6c4a32176e848aa714c5e03d574f83a C:\Program Files\Common Files\AOL\1274498414\ee\xprt5.dll
<unsigned> MD5: 628c28f3b0f227266573efd19faa9eb6 C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
<unsigned> MD5: d2c8d5fe8749d65e326c55b51d615d89 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
<unsigned> MD5: 3608232aa691b72b1f696acb9852ee3f C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> MD5: 5eaacbb733c8c360247239f6874b14b4 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
<unsigned> MD5: 8fe93079a7c053dafe9a0e5753e3d698 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: 1d6ad35413dbc6ea914b46526da3f58e C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 77b7a36fa02a7a318fb9314c651174db C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
<unsigned> MD5: f6035cb1d71b32bd75dd949222c5c06d C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
<unsigned> MD5: e0964f13d10262bc1fe82aadfccb145f C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: d9e934c94ba4325372e79fb4eb3035db C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: b12afda4fd2e8540e43fe9b98a3d4250 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 50dea1081f75636ed829d4847ceba6d2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 2cda67c1309ca966d8efee4ee0d6ca92 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MD5: 43656b763880b734fb1a6927e955009b C:\Windows\system32\dalekisi.dll
<unsigned> MD5: 47dac71792dc334023419d55396de360 C:\Windows\system32\debomoba.dll
<unsigned> MD5: 135d772bf84f9688b245c723600c766d C:\Windows\system32\disolada.dll
<unsigned> MD5: 43656b763880b734fb1a6927e955009b C:\Windows\system32\duvidoyo.dll
<unsigned> MD5: a8390152301959b28a103033edaf5061 c:\windows\system32\edstoolbar.dll
<unsigned> MD5: 61f9fd3249edc5c894dc6ff471e53bdb C:\Windows\system32\fajabami.dll
<unsigned> MD5: 36927e84d1fb514b08245c08d3fdbcdd C:\Windows\system32\feripoma.dll
<unsigned> MD5: e5e1e692de3e85ed8d07f8109163a8cd C:\Windows\system32\haburubo.dll.tmp
<unsigned> MD5: fb94811f9da3a18711f58a628c34601f C:\Windows\system32\honirige.exe
<unsigned> MD5: 36927e84d1fb514b08245c08d3fdbcdd C:\Windows\system32\jebifivu.dll
<unsigned> MD5: 203ce9af7e77885587f414ce0fcccf82 C:\Windows\system32\jobazujo.dll
<unsigned> MD5: 92bdc1e51ff6a630e208c825404b1fe9 C:\Windows\system32\kobivusa.dll
<unsigned> MD5: 4fd38a34ecdf7bedefefb2a82294505d C:\Windows\system32\lasipuna.dll
<unsigned> MD5: 81ee34ede8ae9381513f6be8ff086aaa C:\Windows\system32\layitomo.exe
<unsigned> MD5: e6df72687d7e15f9cd596713bcfc0b43 C:\Windows\system32\lazejada.dll
<unsigned> MD5: afb7b3813a0ee2f07ed96aa7568c59ca C:\Windows\system32\liyagili.dll
<unsigned> MD5: dc6330b76b7b86a6311e491660fb2494 C:\Windows\system32\lokoyimi.dll
<unsigned> MD5: fd9202cc4ae27e27ada54a60d5682609 C:\Windows\system32\makobuja.dll
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Windows\System32\msvcp71.dll
<unsigned> MD5: 726ff2486c82bdd1a7906973de650ce7 C:\Windows\system32\raliyavi.dll
<unsigned> MD5: dc6330b76b7b86a6311e491660fb2494 C:\Windows\system32\rowugopu.dll
<unsigned> MD5: e5e1e692de3e85ed8d07f8109163a8cd C:\Windows\system32\susevida.dll.tmp
<unsigned> MD5: 232abda5dfca55c4bd96b952be117214 C:\Windows\system32\tahuhabu.dll
<unsigned> MD5: 97a3ec18f74c88d425e4523630f5c985 C:\Windows\system32\tebiteno.dll
<unsigned> MD5: e5e1e692de3e85ed8d07f8109163a8cd C:\Windows\system32\titunela.dll.tmp
<unsigned> MD5: 81ee34ede8ae9381513f6be8ff086aaa C:\Windows\system32\vajifuvi.exe
<unsigned> MD5: fd52104fe32d897d3f964bf569e0beb2 C:\Windows\system32\vakisuwi.dll
<unsigned> MD5: fd52104fe32d897d3f964bf569e0beb2 C:\Windows\system32\vidosizi.dll
<unsigned> MD5: fb94811f9da3a18711f58a628c34601f C:\Windows\system32\woguravo.exe
<unsigned> MD5: a2db24611717e58b64d62cbb2688d842 C:\Windows\system32\xxxxfujogeyu.dll
<unsigned> MD5: 43656b763880b734fb1a6927e955009b C:\Windows\system32\xxxxpililape.dll
<unsigned> MD5: 43656b763880b734fb1a6927e955009b C:\Windows\system32\yanuduti.dll

The following file(s) must be uploaded for server-side scanning:
C:\Windows\system32\duvidoyo.dll
C:\Windows\system32\yanuduti.dll
C:\Windows\system32\xxxxpililape.dll
C:\Windows\system32\dalekisi.dll

Upload started - 4 file(s)
duvidoyo.dll (53248)
Upload speed - 2 KB/s
Upload finished - 4 uploaded, 0 failed

Scan finished - communication took 54 sec
Total traffic - 0.12 MB sent, 7.64 KB recvd
Scanned 993 files and modules - 102 seconds

==============================================================================

Edited by Blade Zephon, 06 July 2010 - 01:45 AM.
Moved from Vista to AII. ~BZ


BC AdBot (Login to Remove)

 


#2 mistyblue120

mistyblue120
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 06 July 2010 - 09:25 AM

Too tough for this forum, I suppose....thanks anyway.

#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:02:28 PM

Posted 06 July 2010 - 09:18 PM

No ... stay on it! Someone will be around soon. I think you should try one more online scan. Go to www.eset.com/onlinescan and run that scanner. Make sure that your realtime protection of your antivirus is disabled as some online scanners will refuse to cooperate. Make sure that remove threats, scan archives, and scan for potentially unwanted and potentially unsafe applications are checked. Hope this helps. And oh yeah, don't forget to post back the log from the scan found at c:\program files\eset\eset online scanner\log.txt.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 PM

Posted 06 July 2010 - 09:40 PM

Hello this machine is ,oaded with rootkit files..

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users