Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 alexscg

alexscg

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 September 2010 - 05:37 PM

Hello,
long time admirer first time poster smile.gif

One of computers I support is infected with a virus I can't clean with anything I've tried so far.
I can't determine where the virus came from, but there is a strong possibility that user might have visited some less then reputable sites.

Computer is Dell Studio XPS 435T (pretty much stock)
OS - Windows 7 64-bit (fully updated)
Antivirus - ESET Smart Security v4.0.467.0 (vir. sig. 5443)

A scan shows the following infections, not sure if this is a root kit or not:

C:\Windows\System32\wininit.exe - Win32/Bamital.DX trojan - unable to clean
C:\Windows\SysWOW64\wininit.exe - Win32/Bamital.DX trojan - unable to clean

Tried running MBAM, it detects but doesnt clean.
Tried CamboFix, won't run on a 64-bit Win7 at all.
Tried Sophos Anti-Rootkit, detects but will not clean.
Tried GMER, runs with errors and missing files warnings, doesn't detect.

I need help at this point. What complicates matters is that I can access that computer only remotely, so I can't boot into Safe Mode. If this is a must then I will have to ask to ship this box to me and then play with it.

Here is the last scan log from ESET:
<!--
Scan Log
Version of virus signature database: 5441 (20100910)
Date: 9/10/2010 Time: 4:43:41 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\uninstall.exe NSIS - archive damaged - the file could not be extracted.
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.log - error opening [4]
C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe ZIP META-INF/ - archive damaged
C:\ProgramData\eFax Messenger 4.4 Output\Edward Sklyaroff\~Running.ping - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Audio/Clav.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Audio/Click1.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Audio/High1.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/autorun.cdd - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Buttons/8_1030.btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Docs/Eset Login Viewer v1.4.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Docs/NodEnabler.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Docs/NodLogin.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Docs/Portable MiNODLogin.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Docs/TNODUP.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Icons/Wall_E.ico - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Images/Eset nod32-wallpaper01.jpg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP AutoPlay/Images/Thumbs.db - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP autorun.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\ESET Keys Finder V5.4.exe ZIP Wall_E.ico - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Back.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Boop.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Claps.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Clav.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Click1.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Click2.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Cling.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Cut.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Eighties.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Express.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Fake.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Glass.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Gnome.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Guero.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Hack.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Metallic.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Note.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Pop.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Popler.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Trancer.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Trend.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Triangle.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Audio/Zipa.ogg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/autorun.cdd - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/10_1961.btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/16.Btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/7_1644.btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/grey_pill.btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/grey_rounded.btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Buttons/Kapat-12.Btn - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/Doors.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/Doors_samp.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/Enter.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/Enter_1.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/globe.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/indigo_clouds.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/indigo_i.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Flash/Untitled.swf - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Icons/Icon Entry_30001.ico - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/010FB10.png - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/022FC10.png - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/033GV00.png - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/630B1240.jpg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/630B2747.jpg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/bg_Agreement.jpg - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/Bitmap_14354.bmp - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP AutoPlay/Images/polaroid.png - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP autorun.exe - error - password-protected file
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRKKLNMM\ESET_Smart_Security_4.0.467_64bits_RETAIL[1].rar RAR ESET Smart Security 4.0.467 64bits RETAIL\Eset Special Key Finder V.1.exe ZIP Icon Entry_30001.ico - error - password-protected file
C:\Users\All Users\eFax Messenger 4.4 Output\Edward Sklyaroff\~Running.ping - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\Edward Sklyaroff\NTUSER.DAT - error opening [4]
C:\Users\Edward Sklyaroff\ntuser.dat.LOG1 - error opening [4]
C:\Users\Edward Sklyaroff\ntuser.dat.LOG2 - error opening [4]
C:\Users\Edward Sklyaroff\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Edward Sklyaroff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Edward Sklyaroff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Edward Sklyaroff\AppData\Local\Mozilla\Firefox\Profiles\uhym78zw.default\Cache\C6A52928d01 INNO - unsupported option
C:\Users\Edward Sklyaroff\AppData\Local\Temp\jar_cache3606735043549728874.tmp ZIP META-INF/ - archive damaged
C:\Users\Edward Sklyaroff\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe NSIS puninstc.exe NSIS uninstall.exe - archive damaged - the file could not be extracted.
C:\Users\Edward Sklyaroff\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe NSIS puninstt.exe NSIS uninstall.exe - archive damaged - the file could not be extracted.
C:\Users\Edward Sklyaroff\AppData\Local\Temp\Logitech_Webcam_2.01.1025.0\PUninst\puninstc.exe NSIS uninstall.exe - archive damaged - the file could not be extracted.
C:\Users\Edward Sklyaroff\AppData\Local\Temp\Logitech_Webcam_2.01.1025.0\PUninst\puninstt.exe NSIS uninstall.exe - archive damaged - the file could not be extracted.
C:\WinCSI\UT09\Updates\data\8CCF4592-2233-40FF-AD7C-8C4D579A72AD.act - error opening [4]
C:\Windows\Installer\49e3a85.msi MSI Feature2.cab CAB FILE_00002 ZIP META-INF/ - archive damaged
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\wininit.exe - Win32/Bamital.DX trojan - action selection postponed until scan completion
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\SysWOW64\wininit.exe - Win32/Bamital.DX trojan - action selection postponed until scan completion
C:\Windows\System32\wininit.exe - Win32/Bamital.DX trojan - unable to clean
C:\Windows\SysWOW64\wininit.exe - Win32/Bamital.DX trojan - unable to clean
Number of scanned objects: 511419
Number of threats found: 2
Number of cleaned objects: 0
Time of completion: 5:18:15 PM Total scanning time: 2074 sec (00:34:34)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

--!>

Your help and time is very much appreciated!

Alex

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:20 AM

Posted 16 September 2010 - 04:19 PM

Hi alexscg, and welcome to Bleeping Computer.

QUOTE
C:\Windows\System32\wininit.exe - Win32/Bamital.DX trojan - unable to clean
C:\Windows\SysWOW64\wininit.exe - Win32/Bamital.DX trojan - unable to clean

This is a false detection - only a copy in the SysWOW64 folder is infected... Basically, it needs to be (manually) replaced with a clean copy... Do you need help with that (as it seems you're a computer technician)??.. It's not a simple copy & paste, though...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 alexscg

alexscg
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 17 September 2010 - 09:53 AM

Hi snemelk, thank you for your response.

I do have some experience with fixing computers but have not worked much with Windows 7, so if you don't mind please post the steps required to replace that file correctly. Also, I presume the Win version matters? (Home, Pro, Ult).

Thanks again,

Alex

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:20 AM

Posted 19 September 2010 - 04:00 PM

Hi again alexscg!!.. smile.gif

QUOTE(alexscg @ Sep 17 2010, 04:53 PM) View Post
Hi snemelk, thank you for your response.

No problem!

QUOTE
Also, I presume the Win version matters? (Home, Pro, Ult).

Actually, no... Only a 64bit platform matters here...

We need to find a replacement copy first...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    wininit.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:20 AM

Posted 03 October 2010 - 02:47 PM

Still with us, alexscg??..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:20 AM

Posted 18 October 2010 - 01:31 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users