Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Elenore Exploit and S.Vundo.2?

  • Please log in to reply
No replies to this topic

#1 MML


  • Members
  • 244 posts
  • Local time:09:13 AM

Posted 15 July 2010 - 11:07 AM

I'm a total newbie, as one can tell from my post over at the "Is My Computer Infected" forum last week :thumbsup:

To sum my situation up: a week ago, I made the mistake of visiting a website for video game cheats - I think I picked up some malware or (gulp) a rootkit during my time there. Especially distressing, because I tend to make surfing in paranoid mode an art form.

Shortly afterwards, my PC would keep running for minutes on end. When I tried to shut it off, I got a small windows system pop up that popped away so quickly I couldn't read it. Shortly afterward, I noticed that the process 604BC32A-9680-40D1-9AC6-E06B23A1BA4C was running, and sucking down up to 2-3 gigabytes a run. I've terminated it, and since got back over ten GB of storage, and no further drains. I then ran a defrag, which temporarily sped up the computer. I noticed afterward that my Instant Messenger software was missing my buddy icon until I logged on, and some of my permissions were gone (I chalked that up to the defrag and running ATF cleaner on my father's advice). Next time I logged on, everything was as it should have been. The computer became severely slow after running SuperAntiSpyware, Malware Bytes and two Norton scans in a row, but this is typical of the unit. Otherwise, no problems, except when I typed there occasionally a slight drag. It runs for a rather long time when it comes out of sleep mode.

Apres that, the deluge: I began getting a series of audio and video errors:

On youtube and streaming video sites, the video quality has suddenly become very poor, increasingly so. My Windows Media player tells me "Windows Media Player cannot play this DVD because there is a problem with digital copy protection between your DVD drive, decoder, and video card. Try installing an updated driver for your video card", or it displays such odd behaviors as jumping ahead if I leave a CD paused in the drive. My Norton Internet Seccurity icon briefly looked strange/altered in the system tray, and my Chrome history began to autorefresh. My HP Advisor popped up in docking repeatedly with a "Windows Not Responding" error.

After all of this, I took the computer to Staples to be checked out. Let's just say that their services were less-than-helpful; I should've guessed that they'd be useless when they suggested the reason I was infected was because I was running Spybot, Malwarebytes, SuperAntiSpyware and Norton on the same system. I apparently had 88 processes running. They said they would do a clean reinstall of my computer, but I have a sneaking suspicion they just ticked back the clock on my computer to the last clean date I had on my PC; the memory drain returned, and yesterday I skipped ahead on a DVD and it made a horrendous noise and blackscreened. While browsing for a solution to this problem online, I got a warning from Norton that something was trying to download an HTTP Elenore Executable download onto my computer. I'm guessing from this I have an Elenore Exploit Pack somewhere on that thing and that's the root of my problem? Norton also made a community report about S.Vundo.2.

I have a lot of ATI driver errors and CCC.exe errors, and some with the WndProc - Source handler. The most common one is:

0000000006: 2010-07-08 10:34:04:806 Could not find Type [ATI.ACE.CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DB_TutorialInfoCentre] from [CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard] in assembly [CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard] Error Called by: ATI.ACE.LOG.Foundation.Services::LoadAssembly processID:03220 threadID:(CCCThreadNew:Dashboard) domainName:(CCC.exe ) assemblyName:(LOG.Foundation, Version=2.0.3218.28664, Culture=neutral, PublicKeyToken=90ba9c70f846762e) ------------------------------------------------.

Computer logs show that something has modified several of my Norton definitons and the route base of it as well. They don't show anything unusual when it comes to entrances, and my Norton Firewall shows no intrusion attempts; I can update both it and Windows successfully. No browser hijacks or anything, no fake AV, either.

I've been having a bit of a problem with my audio to go along with this; it's making a soft sound in the left ear that it usually makes whenever my computer's about to shut off (A soft plink or tinging noise) after I play music or listen to online audio.

Malwarebytes, SpyBot, Norton, and SuperAntiSpyware all come up clean, except for various tracking cookies.

That's everything that's been going on with my comp. Help would be so much appreciated, and I appologize for my earlier foolishness/newbishness :flowers:

Edited by Budapest, 15 July 2010 - 06:00 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users