Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dsNcService.exe has exited unexpectedly


  • This topic is locked This topic is locked
2 replies to this topic

#1 somanchi

somanchi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 16 September 2010 - 03:25 AM

My system is infected. I have tried Malaware bytes & SUPERAntiSpyware. they don't help.

I tired the online kaspersky scanner that show the infected files. I am stuck there. I need help removing it.

Here are the logs


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 16, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 15, 2010 20:54:11
Records in database: 4215433
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 205392
Threats found: 31
Infected objects found: 74
Suspicious objects found: 0
Scan duration: 06:01:45


File name / Threat / Threats count
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ific.exe Infected: Trojan-Spy.Win32.Zbot.akms 1
C:\Documents and Settings\McAfeeMVSUser\Start Menu\Programs\Startup\neutmy.exe Infected: Trojan-Spy.Win32.Zbot.akms 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-385253ba Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\13\59fb2e4d-12a406c6 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\13\59fb2e4d-12a406c6 Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\13\59fb2e4d-12a406c6 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\31\750e7edf-65c24a52 Infected: Exploit.Java.Agent.z 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\31\750e7edf-65c24a52 Infected: Trojan-Downloader.Java.Agent.et 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\31\750e7edf-65c24a52 Infected: Trojan-Downloader.Java.Agent.eu 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\35\e1d9b63-1407f94e Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\35\e1d9b63-1407f94e Infected: Trojan-Downloader.Java.Agent.as 2
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\41\6aa23129-4a9bb416 Infected: Exploit.Java.Agent.a 1
C:\Documents and Settings\sriram\Application Data\Sun\Java\Deployment\cache\6.0\41\6aa23129-4a9bb416 Infected: Exploit.Java.CVE-2009-3867.a 1
C:\Documents and Settings\sriram\Yugma\4.1\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\sriram\Yugma\4.1\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\0\1b692c00-23ebe913 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\0\1b692c00-23ebe913 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\0\1b692c00-23ebe913 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\0\6804d000-1df65131 Infected: Exploit.Java.Agent.bu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\1\2f310681-539f559b Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\1\2f310681-539f559b Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\1\2f310681-539f559b Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\1\30502701-46d831ed Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\12\601d500c-1641f20e Infected: Exploit.Java.Agent.cb 3
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\14\bcf490e-2d3c407f Infected: Exploit.Java.Agent.bu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\17\13f62491-3b7780ba Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\2\2ccbb382-44e65d33 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\2\2ccbb382-44e65d33 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\2\2ccbb382-44e65d33 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\26\299961a-5294689e Infected: Trojan-Downloader.Java.Agent.en 3
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\26\3a5b5f9a-61ca08db Infected: Exploit.Java.Agent.cc 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\26\6973d79a-398a4ef5 Infected: Trojan-Downloader.Java.Agent.gr 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\26\6973d79a-398a4ef5 Infected: Trojan-Downloader.Java.Agent.gs 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\26\6973d79a-398a4ef5 Infected: Trojan-Downloader.Java.Agent.gt 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\3\3c1d7d83-4751c046 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\3\3c1d7d83-4751c046 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\3\3c1d7d83-4751c046 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\37\716041e5-7dd791a2 Infected: Exploit.Java.Agent.ar 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\37\716041e5-7dd791a2 Infected: Exploit.Java.Agent.as 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\40\6e7bf668-28014d25 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\40\6e7bf668-28014d25 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\40\6e7bf668-28014d25 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\43\2f82d16b-70fefa98 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\43\2f82d16b-70fefa98 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\43\2f82d16b-70fefa98 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\53\66f20c75-5063ec90 Infected: Exploit.Java.Agent.bu 2
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\53\b2b4eb5-1282205b Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\53\b2b4eb5-1282205b Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\sriram somanchi\Application Data\Sun\Java\Deployment\cache\6.0\53\b2b4eb5-1282205b Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\sriram somanchi\Local Settings\Temp\jar_cache1701438419757203539.tmp Infected: Exploit.Java.CVE-2009-3867.d 1
C:\Documents and Settings\sriram somanchi\Local Settings\Temp\plugtmp-13\plugin-yqub.pdf Infected: Exploit.JS.Pdfka.csr 1
C:\Documents and Settings\sriram somanchi\Yugma\4.1\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1
C:\Documents and Settings\sriram somanchi\Yugma\4.1\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1
C:\Documents and Settings\ssomanchi\Local Settings\Temp\jar_cache2802751306482233802.tmp Infected: Trojan-Downloader.Java.Agent.gh 2
C:\Documents and Settings\ssomanchi\Local Settings\Temp\jar_cache4677678083649450876.tmp Infected: Trojan-Downloader.Java.Agent.gh 2
C:\WINDOWS\Temp\jar_cache2659589933273469921.tmp Infected: Exploit.Java.CVE-2009-3867.d 1
C:\WINDOWS\Temp\jar_cache4293846381227210093.tmp Infected: Trojan-Downloader.JS.Agent.fni 1
C:\WINDOWS\Temp\jar_cache4293846381227210093.tmp Infected: Trojan-Downloader.JS.Agent.fns 1
C:\WINDOWS\Temp\jar_cache4293846381227210093.tmp Infected: Trojan-Downloader.JS.Agent.fno 1
C:\WINDOWS\Temp\jar_cache5822515190253139538.tmp Infected: Exploit.Java.CVE-2009-3867.d 1
C:\WINDOWS\Temp\jar_cache841421050363128406.tmp Infected: Exploit.Java.CVE-2009-3867.d 1
C:\WINDOWS\Temp\jar_cache8685331521052213551.tmp Infected: Exploit.Java.CVE-2009-3867.d 1

Selected area has been scanned.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:20 AM

Posted 23 September 2010 - 06:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:20 AM

Posted 28 September 2010 - 06:50 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users