Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DL.Small.DTLZ and Worm.Leave.BD


  • Please log in to reply
2 replies to this topic

#1 buzzerman1

buzzerman1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 22 November 2010 - 03:54 PM

To the genius who reads this,

I have a recurring Trojan and Worm that I cannot get rid of. In addition, all my restore points have been removed so I can't go back to a previous state. I've seen various other things like "System Policies. Disable Registry Tools." I don't know what these are doing to my machine but would like help in removing them. I have used combofix in the past with much success but now I'm getting an error that I don't have a compatible operating system, although I am running XP. I tried to run DDS before posting so I could attach a log, but my system is not recognizing the file type so does not know which application to use to launch the file.

Please help. Thank you,
buzzerman

BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 01 December 2010 - 09:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 01 December 2010 - 04:26 PM

Attached are the files requested.

The main problem I'm having is that I have no system audio, no audio for imbedded video (i.e. You Tube), and no volume icon in the task bar. MP3's, MPG's, AVI's, etc. run fine from my hard drive (no audio problems.) The only problems I see in the device manager is with a device called Unimodem Half-duplex Audio Device wherein the "modem wave driver" says it is "enable but not working properly" and the "settings" tab has no functionality. Additionally in the device manager the play arrow for .wav files is grayed out. I noticed these problems at the same time Stopzilla first found the trojan and worm in the title of this thread. Stopzilla finds these every time it scans even though I remove them each time. I has also found Adware files called Vundo.A4 and swreg in various forms.

I don't know what other problems my PC has but hopefully the logs attached will assist in finding any.

Thanks in advance for your assistance. I am pasting a Belarc Advison log of my system stats rather than typing all the info here.

Computer Profile Summary
Computer Name: DB05G5C1 (in WORKGROUP)
Profile Date: Friday, November 26, 2010 1:37:49 PM
Advisor Version: 8.1p
Windows Logon: Dave


Plan for your next computer refresh...
click for Belarc's System Management products

Operating System System Model
Windows XP Media Center Edition Service Pack 3 (build 2600)
Install Language: English (United States)
System Locale: English (United States) Dell Inc. Dell DM061
System Service Tag: B05G5C1 (support for this PC)
Chassis Serial Number: B05G5C1
Enclosure Type: Mini-Tower
Processor a Main Circuit Board b
2.13 gigahertz Intel Core 2 Duo
64 kilobyte primary memory cache
2048 kilobyte secondary memory cache
64-bit ready
Multi-core (2 total)
Not hyper-threaded Board: Dell Inc. 0WG864
Serial Number: ..CN4811169200G9.
Bus Clock: 1066 megahertz
BIOS: Dell Inc. 2.3.2 03/30/2007
Drives Memory Modules c,d
154.95 Gigabytes Usable Hard Drive Capacity
81.92 Gigabytes Hard Drive Free Space

TSSTcorp DVD+-RW TS-H553A [Optical drive]
3.5" format removeable media [Floppy drive]

EPSON Storage USB Device [Hard drive] -- drive 1
SAMSUNG HD160JJ/P [Hard drive] (160.00 GB) -- drive 0, SMART Status: Healthy 3070 Megabytes Usable Installed Memory

Slot 'DIMM_1' has 1024 MB (serial number 00005218)
Slot 'DIMM_3' has 1024 MB (serial number 04008213)
Slot 'DIMM_2' has 1024 MB (serial number 00003217)
Slot 'DIMM_4' has 1024 MB (serial number 03004214)
Local Drive Volumes

c: (NTFS on drive 0) 154.95 GB 81.92 GB free

Network Drives
None discovered
Users (mouse over user name for details) Printers
local user accounts last logon
Administrator 11/28/2008 6:59:58 PM (admin)
Dave 11/26/2010 10:48:05 AM (admin)
Jacob 10/9/2010 8:20:02 AM
Sherry 11/20/2010 2:42:13 PM (admin)
local system accounts
ASPNET never
Guest never
HelpAssistant never
SUPPORT_388945a0 never


Marks a disabled account; Marks a locked account Adobe PDF Converter on My Documents\*.pdf
EPSON NX510 Series on USB004
HP OfficeJet K60 on DOT4_003
HP Photosmart A610 series on USB001
HP PSC 750 on DOT4_001
Microsoft Shared Fax Driver on SHRFAX:
Microsoft XPS Document Writer on XPSPort:
PDF995 Printer Driver on PDF995PORT

Controllers Display
Standard floppy disk controller NVIDIA GeForce 7300 LE [Display adapter]
DELL 1907FP [Monitor] (19.1"vis, s/n CJ3196AE0R2U, October 2006)
Bus Adapters Multimedia
Intel® ICH8R/DO/DH SATA RAID Controller
Intel® ICH8 Family USB Universal Host Controller - 2830
Intel® ICH8 Family USB Universal Host Controller - 2831
Intel® ICH8 Family USB Universal Host Controller - 2832
Intel® ICH8 Family USB Universal Host Controller - 2834
Intel® ICH8 Family USB Universal Host Controller - 2835
Intel® ICH8 Family USB2 Enhanced Host Controller - 2836
Intel® ICH8 Family USB2 Enhanced Host Controller - 283A SigmaTel High Definition Audio CODEC
Unimodem Half-Duplex Audio Device
Virus Protection [Back to Top] new Group Policies
Spyware Doctor with AntiVirus
Virus Definitions Version Up To Date
Realtime File Scanning Off
PC-cillin Internet Security - Virus Protection Version 14.60.1206
Virus Definitions Version Not Up To Date
Realtime File Scanning On
None discovered
Communications Other Devices
Conexant D850 56K V.9x DFVc Modem


Intel® 82562V 10/100 Network Connection
primary Auto IP Address: 173.26.110.126 / 21
Gateway: 173.26.104.1
Dhcp Server: 97.64.180.224
Physical Address: 00:16:76:B8:77:E9

Networking Dns Servers: 97.64.180.150
97.64.168.13
USB Human Interface Device (2x)
EPSON NX510/SX510/TX550
HID Keyboard Device
HID-compliant mouse
USB Composite Device
USB Mass Storage Device
USB Printing Support
USB Root Hub (7x)

See your entire network map...
click for Belarc's System Management products

new Network Map (mouse over IP address for physical address) [Back to Top]
IP Device Type Device Details Device Roles
173.26.110.0 Physical Address 00:0C:76:86:88:25
173.26.110.1 Physical Address 00:1C:DF:BC:0B:0E
173.26.110.2 System Asustek
173.26.110.126 Windows XP Workstation Db05g5c1 (in WORKGROUP)
173.26.110.193 Network Device Cisco Linksys
173.26.110.196 Physical Address 00:1E:68:2C:E6:95
173.26.110.197 Physical Address 00:14:2A:31:26:16


Find your security vulnerabilities...
click for Belarc's System Management products

Missing Microsoft Security Hotfixes [Back to Top]

All required security hotfixes (using the 11/09/2010 Microsoft Security Bulletin Summary) have been installed.



Manage all your software licenses...
click for Belarc's System Management products

Software Licenses [Back to Top]

Adobe Systems - Adobe Acrobat 9 Standard 1016-1605-3532-7601-6624-1106
Autodesk - DWG TrueView 2007 5001
Autodesk - DWG TrueView 2010 8001
Belarc - Advisor 73ad527c
Dell - CinePlayer CAWM7YJ45J9P7X96V
Hewlett-Packard - WebReg CN68V220SB04PD
Microsoft - Age of Empires 51160-442-1685215-79902
Microsoft - Internet Explorer 92318-600-0011903-00825
Microsoft - Office 2000 Professional 50083-270-4913891-02304
Microsoft - PowerShell 89383-100-0001260-04309
Microsoft - WebFldrs XP 12345-111-1111111-51585
Microsoft - Windows XP Media Center Edition 76487-OEM-0011903-00825 (Key: P8HY6-D3G46-RVF66-GP7VM-8CFT3)e
Microsoft - Works 77058-OEM-0400003-00000
Microsoft - Works 8.0 77058-OEM-0400003-00000
Roxio - DLA CATK4HY3DMQN7BT4T
Roxio - Express Labeler C8JW82KEJ2CBEGMEF
Roxio - MyDVD LE CEQPT9A75APNRN52J
Roxio - RecordNow Audio CQDKR2PD6YT5KBYHS
Roxio - RecordNow Copy CUY8FVJQ32XQJBRJB
Roxio - RecordNow Data CEEWK9329SNNFA84H
Sonic - DMX CAWM7YJ45J9P7X96V
Sonic - MyDVD CEQPT9A75APNRN52J
Sonic Solutions - Sonic Update Manager CRF49JRDW5B6FVEBH


Find unused software and reduce licensing costs...
click for Belarc's System Management products

new Software Versions & Usage (mouse over i for details, click i for location) [Back to Top]
i ABSOLUTE POKER mainclient Version 8, 5, 2, 0
i Acrobat.com
ı i AcroTray - Adobe Acrobat Distiller helper application. Version 9.4.0.195"
i Adobe Acrobat Version 9.4.0.195
i Adobe AIR 1.0.1 Version 1.0.1
ı i Adobe Reader and Acrobat Manager Version 1.4.7.0
ıııı i Adobe Reader Version 7.0.8.2006051600
i Adobe Systems Incorporated. - Acrobat Distiller for Windows Version 9.4.0.195
i Adobe Systems, Inc. - Bridge Version 2.0
i Adobe Systems, Inc. - Shockwave Flash Version 10,0,45,2
i AdpBrowser Application Version 1, 0, 0, 51
i Alexander Roshal - WinRAR Version 3.80.0.0
i America Online Version 10.0.20.1.US.1
i America Online Version 9.00.001
ı i America Online, Inc. - AOL Connectivity Service Version 2.0.20.1.US.1
i Analysis Tool
ı i Apple Inc. - iTunes Version 8.0.2.20
i Apple Inc. - QuickTime QuickTime 7.6.6 (1671)
ı i Apple Mobile Device Service Version 2.12.33.0
i Apple Software Update Version 2.1.1.116
i Autodesk - AutoCAD Version 18.0.55.0.0
i Autodesk Design Review Version 10.0.0.108
ıııı i Autodesk DWF Application Version 10.0.0.108
i Autodesk Hardcopy Subsystem Version 9.0.54.0
i Autodesk, Inc. - DWG TrueView R17.0.54.170
i Autodesk, Inc. - DWG TrueView R18.0.55.0.0
i Avi2Dvd
ı i Belarc, Inc. - Advisor Version 8.1p
i Bentley Systems Inc. - View Version 08.09.02.77
ıııı i Bethesda Softworks Oblivion Launcher Version 1, 0, 0, 1
i BFC - State ReInstaller Version 1.0.0.0
i BFC - TaxCut 2006 Uninstaller Version 1.0.0.0
i Blizzard Entertainment - Diablo II Uninstaller Version 1.05
i Blizzard Entertainment Diablo Version 96, 12, 26, 3
i Blizzard North Diablo II Version 1, 0, 0, 1
i Borland IDAPI Version 3.59
i Burn CDs & DVDs Version 1.0.0
i Channel Plan Editor
i Cinematronics - 3D Pinball Version 5.1.2600.5512
i Claria GameConsoleExe Version 1, 0, 0, 4
i Corel Photo Downloader Version 1,0,0,20060808.17
i Corel, Inc. - Snapfire Version 1,0,0,20060728.00
i Data Center
i Dell Inc. - Driver Reset Version 1.0
i Dell, Inc. - Express Service Code Version 2.1
i Diablo Uninstaller
i Disable HP Product Improvement Data Collection
i Eastman Kodak Company - Kodak EasyShare printer Version 5.0.0.087
i Easy Chef's Million Recipes
ıııı i EnDisService Application Version 5, 3, 0, 0
ıııı i Firaxis Games - Sid Meier's Civilization 4 Version 1, 0, 9, 1722, (41735)
i Firmware Upgrade
i FreeUndelete Application Version 1, 0, 0, 1
i Frontier Technologies - WAVE-VIEW Version 1.42
i Games, Music, & Photos Launcher Version 1.0.2312.24319
i Google Desktop Version 5.0.610.1586
ı i Google Earth Version 5.2.1.1588
ı i Google Update Version 1.2.131.7
i Google Updater Version 2.4.1441.4352.beta
i GoogleToolbarNotifier Version 2, 0, 301, 1654
i Graph Tool
i GTek Technologies Ltd. - GTCoach Version 3, 0, 0, 1
i Gteko Ltd. - Dell Support Version 1, 0, 0, 2
i Gteko Ltd. - Dell Support Version 2, 0, 0, 181
i Gteko Ltd. - Dell Support Version 2, 1, 3, 176
i H&R Block - TaxCut Business Version 2006.04.0034
i H&R Block - TaxCut Version 2004.1.0.0
i H&R Block - TaxCut Version 2007.2.0.8102
ıııı i H&R Block - TaxCut Version 2008.2.0.7101
i Haali Muxer
i Hewlett-Packard - HP Installer Version 7,0,0,71
i Hewlett-Packard - HP Software Update Client Version 4, 0, 10, 1
ıı i Hewlett-Packard - HpqPhUnl Version 7.0.0.229
i Hewlett-Packard Co. - hp digital imaging - hp all-in-one series Version 070.000.170.001
i Hewlett-Packard Company - HP Solution Center Version 070.000.128.000
i Hewlett-Packard Development Company L.P. - Shop for HP Supplies Version 2.3.0.0000
i Hewlett-Packard Development Company, L.P. - hp digital imaging Version 070.000.170.000
i Hewlett-Packard, Co. - HP PhotoSmart Essential Version 1.12.0.46
ı i HP PML Version 10, 1, 1, 6
ı i Intel Corporation - RAID Monitor Version 6.0.1.1002
i Intel® Corporation - Uninstset Installation Utility Version 0, 0, 0, 0
i Intel® Matrix Storage Console Version 6.0.1.1002
ı i Intel® Quick Resume Technology Version 1.2.1.1004
ı i iS3, Inc. - STOPzilla Version 5.0.0.0 ı i KODAK EasyShare Software Version 6, 0, 1, 20
ı i Lavasoft - Ad-Aware Service Version 7,1,0,12
i Lavasoft AB - Ad-Aware Version 7.1.0.9
i Lavasoft AB - Update Manager Version 1.0.0.0
i Lavasoft ThreatWork Version 7.1
ıııı i LimeWire PRO 4.12.3
i Location Editor
i Macromedia, Inc. - Shockwave Flash Version 7,0,14,0
i Macrovision Corporation - InstallShield ® Version 11.00
i Macrovision Europe Ltd. - FLEXnet Publisher (32 bit) Version 11.5.0.0
ı i Malwarebytes' Anti-Malware Version 1.46.0001
i MediaInfo
ı i Microsoft ® Windows Script Host Version 5.7.0.18066
i Microsoft Clip Gallery Version 5.1.00.1221
i Microsoft Corporation - Age of Empires II Version 2.0a
ı i Microsoft Corporation - Internet Explorer Version 8.00.6001.18702
ıııı i Microsoft Corporation - Messenger Version 4.7.3001
i Microsoft Corporation - Plus! Photo Story 2 LE Version 1.1.0.3463
ı i Microsoft Corporation - Windows Installer - Unicode Version 3.1.4001.5512
i Microsoft Corporation - Windows Movie Maker Version 2.1.4028.0
i Microsoft Corporation - Windows® NetMeeting® Version 3.01
i Microsoft Corporation - Zone.com Version 1.2.626.1
i Microsoft Data Access Components Version 3.525.1132.0
ı i Microsoft Office 2000 Version 9.0.2719
i Microsoft Office 2003 Version 11.0.8305
i Microsoft Outlook Version 9.0.2416
ı i Microsoft PowerPoint for Windows Version 9.0.2716
i Microsoft® .NET Framework Version 2.0.50727.3053
i Microsoft® .NET Framework Version 3.0.6920.1427
i Microsoft® .NET Framework Version 4.0.40305.0
i Microsoft® Access Version 9.0.2719
i Microsoft® Fax Server Version 5.2.1776.0
ı i Microsoft® Visual Studio .NET Version 7.00.9466
ı i Microsoft® Windows® Operating System Version 11.0.5721.5145
i Microsoft® Works 8 Version 8.05.0822.0
i MicroVision Development, Inc. - Express Labeler Version 2.1
i Modem Helper
i MONOGRAM GraphStudio Version 0.3.2.0
i MONOGRAM Multimedia, s.r.o. - DSConfig Version 1.0.0.1
i MPC-HC Team - Media Player Classic - Home Cinema Version 1, 4, 2689, 0
i NetWaiting
ı i NVIDIA Driver Helper Service, Version 82.68 Version 6.14.10.8268
i Online Media Technologies LTD. - AVS Update Manager Version 1.0
i PC Tools - ThreatFire Version 4.0.0.15
i PC Tools GUI Application Version 6.0
i pdfEdit995 Application Version 1, 0, 0, 1
ıııı i RegCure Application Version 1, 5, 0, 1
i Safer Networking Limited - Secure Shredder Version 1.9.0.0
i Safer Networking Limited - Spybot - Search & Destroy Version 1, 5, 2, 0
ı i Safer Networking Limited - Spybot - Search & Destroy Version 1, 6, 0, 0
ııı i Safer Networking Limited - Spybot - Search & Destroy Version 1.6.0.3
i Safer Networking Limited - SpyBot-S&D Version 1, 6, 2, 0
i SEIKO EPSON CORPORATION - EPSON Driver Update Version 3, 0, 2, 0
i SEIKO EPSON CORPORATION - Epson Printer Driver Setup Version 7.00
ı i SEIKO EPSON CORPORATION - EPSON Status Monitor 3 Version 5.05
ı i Setup/Uninstall
i skinupdate.exe
i Sonic MyDVD Version 6.1.1.0
i Sonic Solutions - Dell Media Experience Version 3.1.0001
i Spadester
i SpywareBlaster Version 4.01
i StatsReader Version 2, 1, 0, 0
i StealthWare Menu
ı i Sun Microsystems, Inc. - Java™ Platform SE 6 U20 Version 6.0.200.2
ı i Sun Microsystems, Inc. - Java™ Platform SE Auto Updater 2 0 Version 2.0.2.1
i SuperAdBlocker.com - BootSafe Application Version 2, 0, 0, 1000
i SUPERAntiSpyware Alternate Start
ı i SUPERAntiSpyware Version 4, 22, 0, 1014
i SupportSoft Container Version 6.9.2258.0
ı i SupportSoft sprtsvc Version 7.0.940.0
ı i the VideoLAN Team - VLC media player Version 1.0.5.0
ı i TomTom HOME Version 2.7.2.1825
i Trend Micro Inc. - HijackThis Version 2.00.0002
ı i Trend Micro Internet Security Version 14.60.0
ı i Trend Micro Network Security Components 2.1 Version 2.1.0
i Video Test
i VobSubStrip
ıııı i WildTangent, Inc. - Game Console Version 2.5.0.2082
i WildTangent, Inc. - GameConsole Version 1.0.0.1
i Wizards to adjust .NET Framework security, assign trust to assemblies, and fix broken .NET applications. Version 1.0.5000.0
i wrapper Application Version 1.1
i Xfire Version 13133
i Yahoo! Music Jukebox Version 2.2.2.058 (Build 058)

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users