Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN 32/Sality


  • This topic is locked This topic is locked
2 replies to this topic

#1 swaprules

swaprules

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 15 February 2011 - 11:33 PM

Win 32/Sality infected my laptop a week back and started corrupting my .exe files. For a day AVG kept reporting files as infected. Also my C: drive ran out of space due to thousands of folders which got created with wierd alphanumeric names. I ran a full scan too. After that the anti-virus stopped reporting files as infected so I figured my laptop was clean again. However my laptop has now started running very slow and keeps hanging especially in the file transfer operations. Also it takes much longer than it used to for booting. AVG is not seen in my system tray even when I click on avg tray icon executable.

Here is my DDS log.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Swapnil at 9:36:42.41 on Wed 02/16/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.2660 [GMT 5.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Connectify\ConnectifyService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Swapnil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Swapnil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Swapnil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Swapnil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Swapnil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Swapnil\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2529008
uInternet Settings,ProxyServer = 172.24.2.16:8080
uInternet Settings,ProxyOverride = library;intrabits;swd;<local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-10-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-21 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-10-21 6233088]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-21 161280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-11-6 20984]
R3 connctfyMP;connctfyMP;C:\Windows\System32\drivers\connctfy.sys [2010-6-14 34880]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-14 172704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-10-18 145512]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\adusbser.sys [2010-10-22 154112]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-29 35104]
S3 connctfy;Connectify Service;C:\Windows\System32\drivers\connctfy.sys [2010-6-14 34880]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);C:\Windows\System32\drivers\s1039bus.sys [2010-3-1 127600]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;C:\Windows\System32\drivers\s1039mdfl.sys [2010-3-1 19568]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;C:\Windows\System32\drivers\s1039mdm.sys [2010-3-1 161904]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1039mgmt.sys [2010-3-1 141424]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1039nd5.sys [2010-3-1 34416]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1039obex.sys [2010-3-1 137328]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1039unic.sys [2010-3-1 158320]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-12-30 153736]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-8 1255736]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2011-02-15 07:33:20 -------- d-----w- C:\Masm64
2011-02-15 07:17:01 -------- d-----w- C:\Windows\SysWow64\js
2011-02-15 07:17:01 -------- d-----w- C:\Windows\SysWow64\images
2011-02-15 07:17:01 -------- d-----w- C:\Windows\SysWow64\html
2011-02-15 07:17:01 -------- d-----w- C:\Windows\SysWow64\css
2011-02-15 07:15:00 -------- d-----w- C:\Program Files\Microsoft Device Emulator
2011-02-15 06:50:44 -------- d-----w- C:\Windows\SysWow64\1033
2011-02-15 06:46:33 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2011-02-15 06:46:33 -------- d-----w- C:\Program Files (x86)\CE Remote Tools
2011-02-14 09:11:11 389120 ----a-w- C:\Windows\SysWow64\cmax20.ocx
2011-02-14 09:11:11 -------- d-----w- C:\emu8086
2011-02-13 06:02:13 -------- d-----w- C:\Users\Swapnil\AppData\Roaming\WordWeb
2011-02-12 13:40:07 -------- d-----w- C:\Program Files (x86)\Vocaboly
2011-02-12 13:34:24 -------- d-----w- C:\Drivers
2011-02-12 13:29:01 -------- d-----w- C:\Program Files (x86)\WordHacker_Mini
2011-02-12 12:07:57 1283952 ----a-w- C:\Windows\wweb32.dll
2011-02-12 12:07:57 -------- d-----w- C:\Program Files (x86)\WordWeb
2011-02-09 03:54:59 -------- d-----w- C:\Users\Swapnil\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2011-02-09 03:54:57 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop
2011-02-07 13:20:24 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-02-07 13:20:07 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-07 13:20:03 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-07 13:20:00 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-04 11:14:51 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-02-04 11:14:31 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-04 11:14:09 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-04 11:14:04 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-02 12:43:02 -------- d-----w- C:\Users\Swapnil\AppData\Local\Connectify
2011-02-02 12:42:00 -------- d-----w- C:\Program Files (x86)\Connectify
2011-02-01 09:08:38 -------- d-----w- C:\Users\Swapnil\AppData\Local\SKIDROW
2011-02-01 08:53:07 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-02-01 08:53:07 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-02-01 08:53:07 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2011-02-01 08:53:07 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-02-01 08:53:06 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-01-30 11:00:31 -------- d-----w- C:\Program Files\Business Objects
2011-01-30 10:58:29 -------- d-----w- C:\Program Files (x86)\Business Objects
2011-01-30 10:55:21 -------- d-----w- C:\Program Files\Microsoft SQL Server
2011-01-30 10:55:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-01-30 10:55:01 -------- d-----w- C:\Program Files (x86)\Microsoft Device Emulator
2011-01-30 10:54:26 -------- d-----w- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2011-01-30 10:54:02 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-01-30 10:54:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-30 10:45:39 -------- d-----w- C:\PROGRA~3\PreEmptive Solutions
2011-01-30 10:40:38 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-01-30 10:39:42 -------- d-----w- C:\Program Files (x86)\Microsoft Web Designer Tools
2011-01-30 10:37:40 97296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2011-01-30 10:37:40 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2011-01-30 10:37:40 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2011-01-30 10:37:40 95248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2011-01-30 10:37:40 91152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2011-01-30 10:37:40 81424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2011-01-30 10:37:40 79888 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2011-01-30 10:37:40 76304 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2011-01-30 10:37:40 75792 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2011-01-30 10:37:40 562688 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
2011-01-30 10:37:38 -------- d-----w- C:\Windows\System32\1033
2011-01-25 17:13:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-01-18 17:52:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-18 17:52:55 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-18 17:52:55 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-18 17:52:55 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-18 17:41:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-01-18 17:41:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-01-18 17:36:07 464384 ----a-w- C:\Windows\System32\taskeng.exe
2011-01-18 17:36:07 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2011-01-18 17:36:07 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2011-01-18 17:36:06 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-01-18 17:36:06 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2011-01-18 17:36:06 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2011-01-18 17:36:06 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-01-18 17:36:06 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-01-18 17:36:06 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-01-18 17:36:06 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-01-18 17:34:00 3124224 ----a-w- C:\Windows\System32\win32k.sys
2011-01-18 17:16:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-01-18 17:16:02 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-01-18 17:16:01 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-01-18 17:16:01 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-01-18 17:16:01 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-01-18 17:15:59 112000 ----a-w- C:\Windows\System32\consent.exe
2011-01-18 17:15:58 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-18 17:15:58 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-18 17:15:58 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-18 17:15:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-18 17:15:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-18 17:15:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-18 17:15:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-18 17:15:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-18 17:15:58 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-18 17:15:58 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

==================== Find3M ====================

2011-01-09 15:03:34 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-14 18:04:08 74 --sh--r- C:\Windows\CT4CET.bin
2010-12-07 22:42:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-11-19 11:53:56 411368 ----a-w- C:\Windows\SysWow64\deploytk.dll
2010-11-18 04:15:34 86016 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-11-18 04:15:34 262144 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

============= FINISH: 9:37:34.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:01 PM

Posted 16 February 2011 - 04:01 PM

Good evening. :)

Sality is what is known in geek speak as a polymorphic file infecter. The file infecter part you have already seen with the large number of AVG detections and polymorphic refers to the slime's ability to modify it's code to make it more difficult to detect - rather like plastic surgery for human criminals.

The problem you have with cleaning the PC is that you cannot guarantee that all the infected files can be identified, so the infection has a reservoir from which to continue it's actions and those files that can be identified may be damaged by the removal of the malicious code. Removing the whole of the infected file isn't an option as it targets include system files and without those you don't have an active PC.

Basically you need to back up and important data, excepting those with the file extensions .SCR or .EXE, and then reformat and reinstall Windows.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:01 PM

Posted 21 February 2011 - 03:45 PM

After five days with no response, this one gets locked.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users