Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Malware: TR/Crypt EPACKGen 2 removal


  • This topic is locked This topic is locked
3 replies to this topic

#1 Renatem

Renatem

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 AM

Posted 24 November 2010 - 11:36 AM

I am running Windows XP SP2.
I am using Avira as Virus protection, and it found a virus called TR/Crypt EPACKGen 2. When prompted, I asked hat it should be removed. I then ran a full scan, but then more and more problems turned up, and in more and more files, e.g. 'TR/Dropper.Gen' [trojan], 'TR/Crypt.ZPACK.Gen' [trojan], BDS/Backdoor.Gen' [backdoor], TR/Crypt.ZPACK.Gen [trojan], TR/Crypt.ZPACK.Gen' [trojan], 'HIDDENEXT/Crypted [heuristic]', BDS/Backdoor.Gen [backdoor]', TR/Dldr Bagle BV2, etc.
After removal and reboot the same viruses/malware turn up in other places.
I then ran Malware Bytes Anti-Malware tool in full scan mode, but the computer then hung. When I ran it in quick scan mode, it found 16 infections which were removed.
But then Avira reported the same malware again and again - seems that the viruses are multiplying more and more.
I have now followed the Bleeping Computer guide, and hereby submit the results of the scan.
Thanks in advance for any help.
Below is the DDS.txt file.
Renate

=========================


DDS (Ver_10-11-10.01) - NTFSx86
Run by Renate at 6:51:09.60 on 2010-11-24
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.413 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\ABCD\Apache2.2\bin\httpd.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ABCD\Apache2.2\bin\httpd.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySQL\MySQL Server 5.4\bin\mysqld.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Softland\Backup4all 3\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Recorda\Recorda.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\ABCD\www\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://localhost:9090/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - ZILLAbar Browser Helper Object
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - c:\progra~1\ue_too~1\UE_TOO~1.DLL
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\renate\application data\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: UltraEdit Toolbar: {4e7bd74f-2b8d-469e-85aa-fd60bb9aae22} - c:\progra~1\ue_too~1\UE_TOO~1.DLL
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
uRun: [Backup4all 3 OTB Agent] c:\program files\softland\backup4all 3\B4aOTB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\renate\startm~1\programs\startup\apache~1.lnk - c:\abcd\apache2.2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\renate\startm~1\programs\startup\herrnh~1.lnk - c:\program files\combib\herrnhuter losungen\Herrnhuter Losungen.exe
StartupFolder: c:\docume~1\renate\startm~1\programs\startup\itstime.lnk - c:\itstime\ITSTIME.EXE
StartupFolder: c:\docume~1\renate\startm~1\programs\startup\recorda.lnk - c:\program files\recorda\Recorda.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
IE: Download all by FlashGet3 - c:\documents and settings\renate\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\renate\application data\flashgetbho\GetUrl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.blueprintonline.co.za/public/BPOServicing/ScriptX.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232041845796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\renate\applic~1\mozilla\firefox\profiles\pwkn9l9p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1133554&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - htp://localhost:9090
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\renate\application data\mozilla\firefox\profiles\pwkn9l9p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\renate\application data\mozilla\firefox\profiles\pwkn9l9p.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - component: c:\documents and settings\renate\application data\mozilla\firefox\profiles\pwkn9l9p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\renate\application data\mozilla\firefox\profiles\pwkn9l9p.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\renate\application data\mozilla\firefox\profiles\pwkn9l9p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\renate\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-23 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-2 566560]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-23 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-23 267944]
R2 Apache 2.2;Apache 2.2;c:\abcd\apache2.2\bin\httpd.exe -k runservice --> c:\abcd\apache2.2\bin\httpd.exe -k runservice [?]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-7 61960]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-24 312152]
R3 PCIRadio;PCIRadio Device;c:\windows\system32\drivers\Pciradio.sys [2008-5-10 37552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S2 Apache2.2;Apache2.2;c:\abcd\apache2.2\bin\httpd.exe [2008-12-10 24636]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 bsaspi32;bsaspi32; [x]
S2 gupdate1c9f55b20677550;Google Update Service (gupdate1c9f55b20677550);c:\program files\google\update\GoogleUpdate.exe [2009-6-25 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2008-5-10 129535]
S3 Tomcat6;Apache Tomcat 6;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2010-7-19 61440]
S4 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2009-1-11 140800]
S4 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2009-1-11 5504]

=============== File Associations ===============

.reg=
.txt=IdaEdit.Document

=============== Created Last 30 ================

2010-11-24 04:15:34 196096 ----a-w- c:\windows\Hdyxua.exe
2010-11-23 20:25:07 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-11-20 10:12:46 -------- d-----w- c:\program files\iPod
2010-11-08 04:45:52 -------- d-----w- c:\docume~1\renate\applic~1\Avira
2010-11-06 09:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 09:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-27 08:46:57 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-27 08:46:56 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

==================== Find3M ====================

2010-09-25 16:08:16 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-09-25 16:07:46 88 --sh--r- c:\docume~1\alluse~1\applic~1\79BFE49166.sys
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2004-10-01 13:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 6:53:29.10 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:46 AM

Posted 24 November 2010 - 03:51 PM

Good evening. :)

BDS/Backdoor.Gen' [backdoor] is a detection that means that somebody in a remote location can access your PC as if they were sat in front of it, and this poses a number of problems.
There is no way of knowing how many malicious files may have been dropped on your hard drive, legitimate files patched or replaced, and if security settings have been lowered to make your PC easier to infect in the future.
This makes the most sensible course of action backing up any important files and then reformating and reinstalling your operating system.

You should also be aware that if you use the computer for online banking or shopping that card and login details could have been compromised and you should use another PC to change what you can and monitor any accounts and cards that you have access/used to make sure that nothing is amiss.

Sorry it isn't better news. If you have any questions, feel free to ask and i'll answer as best I can.

So long, and thanks for all the fish.

 

 


#3 Renatem

Renatem
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:46 AM

Posted 24 November 2010 - 11:22 PM

I created a Hijack scan log file. Please see whether there are still any unwanted processes running.
Thanks
Renate

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:46 AM

Posted 25 November 2010 - 02:42 PM

Good evening. :)

Due to the nature of the infection that your PC picked up and the limitations of HijackThis, I don't see that there is any benefit in looking at the log. The fact is that your PC has/had a backdoor infection and the best advice I can offer is to reformat and reinstall Windows.
Should you wish not to do so, that is your choice, but it is still in my opinion the only sensible course of action.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users