Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

microsoft security essentials malware


  • Please log in to reply
8 replies to this topic

#1 sil3nthill

sil3nthill

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 27 November 2010 - 09:32 AM

Hi guys,

OK this one finally has me. It's the microsoft security essentials malware.

In the past i've had decent success at removing these things, but this one is just too good.
Its used task scheduler, reg, startup, internet spyware downloading (silent) and some other methods. It Disables my regedit, system restore via group policy, and reg key.
The worst part is even when i managed to get those parts working, system restore lost all my old save points.

I've tried combinations of malware, safe mode, removing items from startup, disabling my task scheduler. But somehow it comes back.
I suspect it has infected iexplore.exe as there are aways multiple processes of this running. As soon as i connect to the internet i am infected within minutes even when malware and other tools say im safe.

I am posting from another pc.

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:10 AM

Posted 27 November 2010 - 11:22 AM

OK this one finally has me. It's the microsoft security essentials malware.

Have a look at the removal guide linked below. Is this what you have on your system?

Remove Security Essentials 2011 (Uninstall Guide)

The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please post the log and let us know how the system is running now.

Edit: ... and, :welcome: to the BC forums.

Edited by AustrAlien, 27 November 2010 - 11:25 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 sil3nthill

sil3nthill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 27 November 2010 - 07:28 PM

Hi,

No, it's this one.
http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

However, i have followed this procedure and it didnt work. This is what I mean by the malware being too good.
Ran rkill
update MBAM
removed what it found
rebooted
ran it again.

MBAM said i was clean, but 30 mins later it appeared again.

Repeated process.

This time the malware appeared almost as soon as windows XP sp3 loaded.

Thats when i noticed it was using task scheduler, disabled my system restore via group policy+regedit etc.


Anyway, I have ust updated MBAM and ran a full scan.
Here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5203

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2010 11:08:46 AM
mbam-log-2010-11-28 (11-08-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 191368
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However here are screens of my task manager and msconfig. After running MBAM.
Posted Image
Posted Image

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 27 November 2010 - 09:09 PM

Hello, I am going to kelp you a bit here.
In the startup list,kill the uvllqfj.exe

cftmon.exe Ctfmon is the Microsoft process that controls Alternative User Input and the Office Language bar. Itís how you can control the computer via speech or a pen tablet, or using the onscreen keyboard inputs for asian languages.
If you use any of those leave it alone. If not Disable it.

Search for these files,if found delete.
%UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\defender.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Local Settings\Temp\kjkkklklj.bat


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sil3nthill

sil3nthill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 28 November 2010 - 01:50 AM

Unfortunately, nothing has changed.

Reboot into windows shows even more malware items in msconfig.
Iexplore trying to access the internet which firewall has blocked for now.
Bunch of items in processes which shouldnt be there.

Just fyi ill put up the rkill log which i needed to use to reboot my system into safe mode.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Gary on 11/28/2010 at 17:00:41.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\Gary\LOCALS~1\Temp\weaxskt.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\Kck.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\Gary\LOCALS~1\Temp\hexdump.exe
U:\uSeRiNiT.exe


Now for the SUPER log. Also the final iexplorer process seems to be the big issue. No matter what, when i reboot i have rogue iexplore processes running.
cheers


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2010 at 05:26 PM

Application Version : 4.46.1000

Core Rules Database Version : 5916
Trace Rules Database Version: 3728

Scan type : Complete Scan
Total Scan Time : 00:18:33

Memory items scanned : 231
Memory threats detected : 1
Registry items scanned : 6079
Registry threats detected : 16
File items scanned : 15721
File threats detected : 22

Trojan.Agent/Gen-FakeAlert[HotFix]
C:\DOCUMENTS AND SETTINGS\GARY\APPLICATION DATA\HOTFIX.EXE
C:\DOCUMENTS AND SETTINGS\GARY\APPLICATION DATA\HOTFIX.EXE

Trojan.Agent/Gen
[HNUkOXRqTd] C:\DOCUME~1\GARY\LOCALS~1\TEMP\P02TWL.EXE
C:\DOCUME~1\GARY\LOCALS~1\TEMP\P02TWL.EXE
[uPc+MV0NYSXCxl] C:\WINDOWS\SYSTEM32\R0B1YO2A.DLL
C:\WINDOWS\SYSTEM32\R0B1YO2A.DLL
[HNUkOXRqTd] C:\DOCUME~1\GARY\LOCALS~1\TEMP\P02TWL.EXE
[uPc+MV0NYSXCxl] C:\WINDOWS\SYSTEM32\R0B1YO2A.DLL
C:\DOCUMENTS AND SETTINGS\GARY\LOCAL SETTINGS\TEMP\P02TWL.EXE
C:\WINDOWS\SYSTEM32\REPE7.DLL

Trojan.Agent/Gen-Backdoor[FakeAlert]
[HNUkOXRpZ] C:\DOCUME~1\GARY\LOCALS~1\TEMP\MDM.EXE
C:\DOCUME~1\GARY\LOCALS~1\TEMP\MDM.EXE
[HNUkOXRpZ] C:\DOCUME~1\GARY\LOCALS~1\TEMP\MDM.EXE
C:\DOCUMENTS AND SETTINGS\GARY\LOCAL SETTINGS\TEMP\MDM.EXE

Trojan.Dropper/Win-NV
[MKeuf] C:\WINDOWS\SPOOLSV.EXE
C:\WINDOWS\SPOOLSV.EXE
[MKeuf] C:\WINDOWS\SPOOLSV.EXE

Trojan.Agent/Gen-FakeAlert
[HNUkOXRotc] C:\DOCUME~1\GARY\LOCALS~1\TEMP\HEXDUMP.EXE
C:\DOCUME~1\GARY\LOCALS~1\TEMP\HEXDUMP.EXE
[HNUkOXRotc] C:\DOCUME~1\GARY\LOCALS~1\TEMP\HEXDUMP.EXE
C:\DOCUMENTS AND SETTINGS\GARY\LOCAL SETTINGS\TEMP\HEXDUMP.EXE

Trojan.Dropper/Gen-NV
[MKZSc] C:\WINDOWS\AVP32.EXE
C:\WINDOWS\AVP32.EXE
[MKZSc] C:\WINDOWS\AVP32.EXE

Malware.Trace
HKU\S-1-5-21-1220945662-583907252-725345543-1003\SOFTWARE\XML
HKU\S-1-5-21-1220945662-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#winid [ 1CB8EBF77EE306C ]
HKU\S-1-5-21-1220945662-583907252-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER#NOFOLDEROPTIONS
HKU\S-1-5-21-1220945662-583907252-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
www.naiadsystems.com [ C:\Documents and Settings\Gary\Application Data\Macromedia\Flash Player\#SharedObjects\ATPWZYKY ]
.doubleclick.net [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.ero-advertising.com [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]
.toplist.cz [ C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\45ovj3f3.default\cookies.sqlite ]

Trojan.Unclassified/IExplorer-Fake
C:\DOCUMENTS AND SETTINGS\GARY\LOCAL SETTINGS\TEMP\IEXPLORER.EXE

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 28 November 2010 - 09:38 AM

Hello, While in Normal mode clear the temps again.
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sil3nthill

sil3nthill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 29 November 2010 - 04:26 AM

Still no good.

Ran SUPER
reboot
ran TFC
reboot
ran TDSS
reboot

I was uable to update Malware Bytes, even in safe mode with networking. I kept getting bsod from the C:\WINDOWS\system32\drivers\uergz.sys

ran TDSS and deleted the above file.
Reboot

updated Mbam and ran a full scan
reboot

Unfortunately the rogue iexplore process is still there. So it's probably only a mater of time till it re-appears. It should also be mentioned that whenever i end task this process, it either creates another instantly, or within a few mins.

I ran Mbam again anyway, and it says my system is clean.



2010/11/29 19:44:22.0359 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/11/29 19:44:22.0359 ================================================================================
2010/11/29 19:44:22.0359 SystemInfo:
2010/11/29 19:44:22.0359
2010/11/29 19:44:22.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/29 19:44:22.0359 Product type: Workstation
2010/11/29 19:44:22.0359 ComputerName: ZAIBATSU
2010/11/29 19:44:22.0359 UserName: Gary
2010/11/29 19:44:22.0359 Windows directory: C:\WINDOWS
2010/11/29 19:44:22.0359 System windows directory: C:\WINDOWS
2010/11/29 19:44:22.0359 Processor architecture: Intel x86
2010/11/29 19:44:22.0359 Number of processors: 1
2010/11/29 19:44:22.0359 Page size: 0x1000
2010/11/29 19:44:22.0359 Boot type: Normal boot
2010/11/29 19:44:22.0359 ================================================================================
2010/11/29 19:44:24.0156 Initialize success
2010/11/29 19:44:37.0046 ================================================================================
2010/11/29 19:44:37.0046 Scan started
2010/11/29 19:44:37.0046 Mode: Manual;
2010/11/29 19:44:37.0046 ================================================================================
2010/11/29 19:44:37.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/29 19:44:37.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/29 19:44:37.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/29 19:44:37.0562 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/29 19:44:37.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/29 19:44:37.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/29 19:44:37.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/29 19:44:37.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/29 19:44:37.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/29 19:44:37.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/29 19:44:38.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/29 19:44:38.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/29 19:44:38.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/29 19:44:38.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/29 19:44:38.0343 ctac32k (23d6d320c0d236784ef0ccf7cbf6c1c0) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/11/29 19:44:38.0375 ctaud2k (16693a385321ceac8f24a53070efc378) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/11/29 19:44:38.0468 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/11/29 19:44:38.0484 ctprxy2k (53b99368d26ab1be9c3842976df5543c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/11/29 19:44:38.0515 ctsfm2k (73746e147e50249b790bc631891063b5) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/11/29 19:44:38.0593 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/29 19:44:38.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/29 19:44:38.0687 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/29 19:44:38.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/29 19:44:38.0750 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/29 19:44:38.0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/29 19:44:38.0859 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/11/29 19:44:38.0890 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/11/29 19:44:38.0921 emupia (a75959f10b6b536982f872b55fc6ce27) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/11/29 19:44:38.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/29 19:44:38.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/29 19:44:39.0015 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/29 19:44:39.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/29 19:44:39.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/29 19:44:39.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/29 19:44:39.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/29 19:44:39.0171 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/29 19:44:39.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/29 19:44:39.0296 ha10kx2k (bcb3281bfc4eeb8d82932669490013cd) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/11/29 19:44:39.0343 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/29 19:44:39.0375 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/29 19:44:39.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/29 19:44:39.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/29 19:44:39.0546 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/29 19:44:39.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/29 19:44:39.0593 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/29 19:44:39.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/29 19:44:39.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/29 19:44:39.0703 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/29 19:44:39.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/29 19:44:39.0765 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/11/29 19:44:39.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/29 19:44:39.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/29 19:44:39.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/29 19:44:39.0890 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/29 19:44:39.0921 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/11/29 19:44:39.0968 LBeepKE (e254e5b2c5227ddbb47d045940a0a559) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/11/29 19:44:40.0015 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/11/29 19:44:40.0093 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/11/29 19:44:40.0140 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/11/29 19:44:40.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/29 19:44:40.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/29 19:44:40.0250 Mouclass (c82ddcaf0d00041c0e5b35a0a5be2993) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/29 19:44:40.0250 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: c82ddcaf0d00041c0e5b35a0a5be2993, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/11/29 19:44:40.0250 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/29 19:44:40.0281 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/29 19:44:40.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/29 19:44:40.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/29 19:44:40.0390 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/29 19:44:40.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/29 19:44:40.0453 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/29 19:44:40.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/29 19:44:40.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/29 19:44:40.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/29 19:44:40.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/29 19:44:40.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/29 19:44:40.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/29 19:44:40.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/29 19:44:40.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/29 19:44:40.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/29 19:44:40.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/29 19:44:40.0750 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/29 19:44:40.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/29 19:44:40.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/29 19:44:40.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/29 19:44:40.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/29 19:44:41.0234 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/29 19:44:41.0484 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/29 19:44:41.0515 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/29 19:44:41.0546 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/29 19:44:41.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/29 19:44:41.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/29 19:44:41.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/29 19:44:41.0703 ossrv (64de7fde0aac66f721addd1e0394e664) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/11/29 19:44:41.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/29 19:44:41.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/29 19:44:41.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/29 19:44:41.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/29 19:44:41.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/29 19:44:41.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/29 19:44:42.0015 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
2010/11/29 19:44:42.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/29 19:44:42.0093 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/29 19:44:42.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/29 19:44:42.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/29 19:44:42.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/29 19:44:42.0296 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/29 19:44:42.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/29 19:44:42.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/29 19:44:42.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/29 19:44:42.0421 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/29 19:44:42.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/29 19:44:42.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/29 19:44:42.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/29 19:44:42.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/29 19:44:42.0703 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/29 19:44:42.0734 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/29 19:44:42.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/29 19:44:42.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/29 19:44:42.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/29 19:44:42.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/29 19:44:42.0921 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/11/29 19:44:42.0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/29 19:44:43.0031 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/29 19:44:43.0078 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/29 19:44:43.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/29 19:44:43.0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/29 19:44:43.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/29 19:44:43.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/29 19:44:43.0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/29 19:44:43.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/29 19:44:43.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/29 19:44:43.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/29 19:44:43.0468 Suspicious service (NoAccess): uergz
2010/11/29 19:44:43.0515 uergz (583c5a3139aa9c197c15eae4a1a9cad3) C:\WINDOWS\system32\drivers\uergz.sys
2010/11/29 19:44:43.0515 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\uergz.sys. md5: 583c5a3139aa9c197c15eae4a1a9cad3
2010/11/29 19:44:43.0531 uergz - detected Locked service (1)
2010/11/29 19:44:43.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/29 19:44:43.0625 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/29 19:44:43.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/29 19:44:43.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/29 19:44:43.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/29 19:44:43.0750 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/29 19:44:43.0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/29 19:44:43.0828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/29 19:44:43.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/29 19:44:43.0906 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/29 19:44:43.0953 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/29 19:44:44.0015 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/29 19:44:44.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/29 19:44:44.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/29 19:44:44.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/29 19:44:44.0484 ================================================================================
2010/11/29 19:44:44.0484 Scan finished
2010/11/29 19:44:44.0484 ================================================================================
2010/11/29 19:44:44.0500 Detected object count: 2
2010/11/29 19:44:50.0453 Mouclass (c82ddcaf0d00041c0e5b35a0a5be2993) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/29 19:44:50.0453 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: c82ddcaf0d00041c0e5b35a0a5be2993, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/11/29 19:44:51.0656 Backup copy found, using it..
2010/11/29 19:44:51.0671 C:\WINDOWS\system32\DRIVERS\mouclass.sys - will be cured after reboot
2010/11/29 19:44:51.0671 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Cure
2010/11/29 19:44:51.0671 Locked service(uergz) - User select action: Skip
2010/11/29 19:44:58.0031 Deinitialize success

----------------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5213

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/29/2010 8:20:06 PM
mbam-log-2010-11-29 (20-20-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 190711
Time elapsed: 17 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\dfui20.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\UO8KTAT1GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hyututehobekeyoj (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5b2467a3-c301-7743-a3e3-7abf402c7ad2} (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uo8ktat1gy (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\dfui20.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\Gary\Application Data\Etis\meake.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Kfanyb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

Edited by sil3nthill, 29 November 2010 - 04:45 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 29 November 2010 - 10:53 AM

OK, it appears our infection will require stronger and more specific tools.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 sil3nthill

sil3nthill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 03 December 2010 - 01:57 AM

Hi,

I noticed this particular exploit is popping up rather freqently recently with slight variations between people.

http://www.bleepingcomputer.com/forums/topic363940.html

Is there an advanced guide or something you guys could post for us to try out, obviously at OUR OWN RISK. By this i mean combofix and any other 'potentially dangerous' removal tools.

Like a generic removal guide. ie. in the past i've managed to remove any malware i've had with combinations of MBAM, sys restore, msconfig, and one o 2 other tools.

I ask this because you're all so swamped with issues and it takes forever for a response.

The removal guides in other sections are, frankly, not deep enough to remove exploits such as mine.

Edited by sil3nthill, 03 December 2010 - 01:59 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users