Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gff6.exe - file with virus sdbot


  • This topic is locked This topic is locked
2 replies to this topic

#1 Amit Vaidya

Amit Vaidya

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 20 July 2010 - 11:04 PM

Hi,
I'm harassed with a virus which starts troubling me only if I connect to internet. My AV conpany (Bitdefender) is also working to find the solution to it. If somebody can help me here..........
Few days back I formatted my C drive and installed new XP on it. I started installing the required software along with AV. After I installed AV and connected to internet, my AV popped up a screen saying that it had blocked a virus named Generic.Sdbot.B9503259 and file used by program ftp is gff6.exe in sys32 folder. AV said it has deleted the file. But after that till date every time I connect to internet, my AV pop up the screen informed about the gff6.exe and the virus.
The main problem is after some time, say 10-15 mins, my internet stops responding. Then I could neither disconnect the internet nor could reconnect it. Most of time I'm even unable to switch off the Laptop as well. I have to power it off to close the windows. The DDS data in attached here.

Some one please help me.

-Amit


DDS (Ver_10-03-17.01) - NTFSx86
Run by Amit at 15:11:04.92 on Tue 07/20/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.583 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Serv_SpUsb.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Alwact\Bin\Alwact.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\system32\wscntfy.exe
F:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/support/installer/?hl=en-IN&errorcode=0x80040801&extracode1=0x00000000&extracode2=0&app=%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D&guver=1.2.183.23&ismachine=0&os=5.1&sp=Service%20Pack%202&iid=%7B4F3C139E-851B-AA54-14FB-2A95353D8CD7%7D&brand=&source=updatecheck
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [Alwact.exe] c:\program files\alwact\bin\Alwact.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278421020578
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2009-3-24 6144]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
R2 MSO_SpUsb_Service;SAGEM MorphoSmart Service Provider Usb Server;c:\windows\system32\Serv_SpUsb.exe [2007-2-7 90112]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 152456]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-10-19 110984]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-7-6 312152]
S2 Sentry;Sentry;c:\windows\system32\sentry.sys [2010-7-6 9180]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 UsbSagemComm;Sagem MorphoSmart Usb Driver;c:\windows\system32\drivers\UsbSagMso.sys [2010-7-9 47360]

=============== Created Last 30 ================

2010-07-16 14:26:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-07-16 13:02:17 80 ----a-w- c:\windows\system32\asr_flqcdo
2010-07-13 12:50:26 47 ----a-w- c:\windows\wininit.ini
2010-07-12 12:58:02 0 d-----w- c:\docume~1\amit\applic~1\QuickScan
2010-07-09 13:46:25 0 d-----w- c:\windows\system32\PreInstall
2010-07-09 13:46:23 0 d--h--w- c:\windows\$hf_mig$
2010-07-09 12:28:55 18432 ----a-r- c:\windows\system32\MsoCoInstaller.dll
2010-07-09 12:28:55 110592 ----a-r- c:\windows\system32\MsoPropertyPage.dll
2010-07-09 12:28:54 47360 ----a-r- c:\windows\system32\drivers\UsbSagMso.sys
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\wsbl.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_white.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_spoof.sig
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_sign.slf
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_fuzzy.sig
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ph_black.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\pcwords.dat
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\pc_sign.slf
2010-07-06 13:28:42 0 ----a-w- c:\windows\system32\ab_sbl.sig
2010-07-06 12:59:08 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-07-06 12:59:08 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-07-06 12:59:08 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-07-06 12:59:08 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-07-06 12:59:08 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-07-06 12:18:38 0 d-s---w- c:\documents and settings\amit\UserData
2010-07-06 11:48:42 0 d-----w- c:\program files\wyse biometrics systems pvt ltd
2010-07-06 11:48:41 0 d-----w- c:\program files\common files\Business Objects
2010-07-06 11:36:19 0 d-----w- c:\program files\Sagem DS
2010-07-06 11:35:28 9180 ------w- c:\windows\system32\sentry.sys
2010-07-06 11:35:21 16832 ----a-w- c:\windows\system32\drivers\Sentrusb.sys
2010-07-06 11:30:17 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-06 11:29:59 0 d-----w- c:\program files\Microsoft SQL Server
2010-07-06 11:27:43 0 d-----w- c:\windows\system32\URTTemp
2010-07-06 11:27:03 0 d-----w- C:\tmpnet
2010-07-06 11:25:05 0 d-----w- c:\program files\BioSentry ETH
2010-07-06 09:52:00 116 ----a-w- c:\windows\NeroDigital.ini
2010-07-06 09:50:28 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-06 09:41:40 0 d-----w- c:\docume~1\amit\applic~1\TeamViewer
2010-07-06 09:23:27 0 d-----w- c:\program files\TeamViewer
2010-07-06 09:22:33 0 d-----w- c:\program files\PNotes
2010-07-06 08:45:46 0 d-----w- c:\program files\CPU Thermometer
2010-07-06 07:34:50 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-06 07:34:44 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-07-06 07:34:44 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-07-06 07:34:43 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-07-06 07:34:43 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-07-06 07:34:40 155648 ------w- c:\windows\system32\NeroCheck.exe
2010-07-06 06:59:15 449 ----a-w- c:\windows\ODBC.INI
2010-07-06 06:59:08 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-07-06 06:58:02 0 d-----w- c:\program files\Microsoft ActiveSync
2010-07-06 06:57:01 0 d-----w- c:\windows\SHELLNEW
2010-07-06 05:51:00 440 --sha-r- c:\documents and settings\amit\ntuser.pol
2010-07-06 05:48:15 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-06 05:00:02 0 d-----w- c:\documents and settings\amit\temp
2010-07-06 04:52:09 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-06 04:52:09 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 04:35:35 0 d--h--w- c:\program files\Zenographics
2010-07-06 04:13:18 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-07-06 04:11:30 0 d-----w- c:\program files\IObit
2010-07-06 04:11:30 0 d-----w- c:\docume~1\amit\applic~1\IObit
2010-07-06 04:10:24 0 d-----w- c:\program files\Alwact
2010-07-06 03:35:33 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-07-06 03:35:33 16 ----a-w- c:\windows\system32\asdict.dat
2010-07-06 03:35:33 0 ----a-w- c:\windows\system32\ab_bl.sig
2010-07-06 03:29:00 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-07-05 18:42:03 0 d-----w- c:\program files\common files\ODBC
2010-07-05 18:42:00 0 d-----w- c:\program files\common files\SpeechEngines
2010-07-05 18:41:33 0 d-----r- c:\documents and settings\all users\Documents
2010-07-05 16:38:39 0 d-----w- c:\program files\BitDefender
2010-07-05 16:38:39 0 d-----w- c:\docume~1\amit\applic~1\BitDefender
2010-07-05 16:38:39 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-07-05 16:36:29 0 d-----w- c:\program files\common files\BitDefender
2010-07-05 16:26:54 0 d-----w- c:\program files\CONEXANT
2010-07-05 16:14:53 0 d-----w- c:\program files\Broadcom
2010-07-05 13:26:30 0 d-sh--w- c:\documents and settings\all users\DRM
2010-07-05 13:26:08 0 d--h--w- c:\program files\WindowsUpdate
2010-07-05 13:25:12 0 d-----w- c:\program files\common files\MSSoap
2010-07-05 13:23:42 0 d-----w- c:\program files\Online Services
2010-07-05 13:23:35 0 d-----w- c:\program files\Messenger
2010-07-05 13:23:31 0 d-----w- c:\program files\MSN Gaming Zone
2010-07-05 13:22:54 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-07-05 13:24:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 15:11:22.34 ===============

Attached Files


Edited by Amit Vaidya, 20 July 2010 - 11:09 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:52 PM

Posted 27 July 2010 - 04:27 PM

Hello Amit Vaidya ,



Sorry for the delay. sad.gif If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:52 PM

Posted 09 August 2010 - 11:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users