Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Randomly Opening, new programs not working


  • This topic is locked This topic is locked
18 replies to this topic

#1 Moonyboy99

Moonyboy99

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 03:12 AM

Hi Guys,

Basically since about 3 days ago IE opens 3 times on startup every time, even in safe mode (It is not in startup menu that i could see). Further more it randomly opens throughout the day, sometimes up to 7 times!

If i open IE it always opens multiple windows, yesterday i DL'd Skype and Chrome, both of these work when I first boot, but after that they "Not Responding" and then if I try to open them it just instantly says "Not Responding Windows is searching for a solution"

I'm not sure if these factors are related or not, but would appreciate some help to at least fix the IE issue,


Bit of background, I have run MalWare AntiBytes (Upto date) and Super Anti Spyware (Uptodate) both found a couple of things, and removed, but nothing major.

Since then I have reinstalled Java, removing all old version (Not sure why, but Ive been meaning to do it for a while)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Will at 8:23:36.62 on 16/04/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1524 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DRIVERS\ACFXAU32.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Will\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\iuvdacqv\qbnpkcam.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\will\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 RapportCerberus_25973;RapportCerberus_25973;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\metaboli player\X4HSX32Ex.sys [2008-10-1 29856]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-10-1 53168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-9-9 945920]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-2-23 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-2-23 28800]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-3-31 130976]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== Created Last 30 ================
.
2011-04-16 06:26:06 174955 ----a-w- c:\windows\Explorermgr.exe
2011-04-15 21:50:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-15 21:41:06 174955 ----a-w- c:\windows\system32\MsiExecmgr.exe
2011-04-15 17:49:53 -------- d-----w- c:\progra~2\Skype Extras
2011-04-15 17:43:40 -------- d-----r- c:\program files\Skype
2011-04-15 06:04:39 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 06:03:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-14 17:02:26 -------- d-----w- c:\windows\pss
2011-04-14 05:31:10 -------- d-----w- c:\program files\iuvdacqv
2011-04-13 17:44:28 174955 --s---w- c:\users\will\appdata\roaming\microsoft\windows\start menu\programs\startup\qbnpkcam.exe
2011-04-02 14:23:26 -------- d-----w- c:\progra~2\oJb06511fNkNh06511
2011-03-31 19:55:47 -------- d-----w- c:\program files\Futuremark
2011-03-30 05:47:40 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-26 01:23:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 19:46:45 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-16 19:46:45 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-16 19:38:22 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-01-29 00:19:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-28 16:21:49 138056 ----a-w- c:\users\will\appdata\roaming\PnkBstrK.sys
2011-01-28 16:21:29 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
.
============= FINISH: 8:24:08.03 ===============


Any help would be hugely appreciated guys

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:43 AM

Posted 16 April 2011 - 05:17 AM

Hello Moonyboy99 ! Welcome to BleepingComputer Forums! :welcome:


My name is Georgi and and I will be helping you with your computer problems.


Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



IMPORTANT NOTE :exclame:


I am afraid that you may have a file infector on board which is never good.
This would involve a full reformat as the only way to cure it.
However, I would like to confirm my suspicions first.






Since we are going to use a USB flash drive to transport files and logs back and forth we should disinfect the both computers to avoid re-infection.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Please run it on both computers (the clean and the infected one).



Next please use a clean PC to download the following tool:
Click here to download Kaspersky Virus Removal Tool.

  • Use a usb flash drive to move the setup file to the infected PC. (don't forget to use Flash_Desinfector first).
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.


Note: This tool will self uninstall when you close it so please save the log before closing it.




Regards,
Georgi

cXfZ4wS.png


#3 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 09:59 AM

Hi Georgi,
Thanks, for your assistance, I am working through the steps, but the Kapersky virus scan is taking a huge amount of time, so far on 11% after 1.15h.

I will update when completed

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:43 AM

Posted 16 April 2011 - 11:06 AM

Don't worry.
I will be around for a while. :thumbup2:



Regards,
Georgi

cXfZ4wS.png


#5 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 12:12 PM

Windows Explorer has crashed and is not responding, but the scanner seems to still be running, is this ok?

#6 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 12:15 PM

Sorry ignore that, it seems to have sorted itself :)

The scanner seems to be finding pretty much a virus in every file it is checking, in the bottom right corner it keeps popping up saying "found virus in xxxxxxx trojan.dropper"

I'm guessing this isn't good ;(

Sorry to divert a little bit, but if every file is infected does that mean all data is not safe to transfer to other PC's so all my family photos will be gone?

Hopefully we (well you :P) can fix this! I'll update when it's complete, it may end up being tomorrow now, as it is 6pm in the UK now, and i think I still have about 7h to go!

Will

#7 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 07:03 PM

Hi, the file is 12mb, and is 100,000's of lines, it crashes when I try to C+P in here, i'm going to try in increments;

Autoscan: completed 31 minutes ago (events: 36861, objects: 1114911, time: 09:33:51)
16/04/2011 14:35:09 Task started
16/04/2011 14:35:35 Detected: Trojan.Win32.Agent.hssp c:\Program Files\iuvdacqv\qbnpkcam.exe
16/04/2011 14:35:35 Untreated: Trojan.Win32.Agent.hssp c:\Program Files\iuvdacqv\qbnpkcam.exe Cannot be disinfected
16/04/2011 14:35:50 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\QTTask.exe
16/04/2011 14:35:50 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\QTTask.exe Cannot be disinfected
16/04/2011 14:38:50 Detected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\RarExt.dll
16/04/2011 14:38:50 Untreated: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\RarExt.dll Cannot be disinfected
16/04/2011 14:38:52 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
16/04/2011 14:38:53 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll Cannot be disinfected
16/04/2011 14:39:21 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Album\hpqaprnt.exe
16/04/2011 14:39:21 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Album\hpqaprnt.exe Cannot be disinfected
16/04/2011 14:39:24 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
16/04/2011 14:39:25 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe Cannot be disinfected
16/04/2011 14:39:29 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe
16/04/2011 14:39:30 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe Cannot be disinfected
16/04/2011 14:39:31 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqUnSet.exe
16/04/2011 14:39:31 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqUnSet.exe Cannot be disinfected
16/04/2011 14:39:50 Detected: Virus.Win32.Nimnul.a c:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
16/04/2011 14:39:50 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe Cannot be disinfected
16/04/2011 14:39:57 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\PictureViewer.exe
16/04/2011 14:39:57 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\PictureViewer.exe Cannot be disinfected
16/04/2011 14:40:00 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\sbase.exe
16/04/2011 14:40:01 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\sbase.exe Cannot be disinfected
16/04/2011 14:40:01 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\scalc.exe
16/04/2011 14:40:01 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\scalc.exe Cannot be disinfected
16/04/2011 14:40:01 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\sdraw.exe
16/04/2011 14:40:01 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\sdraw.exe Cannot be disinfected
16/04/2011 14:40:01 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\simpress.exe
16/04/2011 14:40:01 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\simpress.exe Cannot be disinfected
16/04/2011 14:40:01 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\smath.exe
16/04/2011 14:40:01 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\smath.exe Cannot be disinfected
16/04/2011 14:40:02 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\soffice.exe
16/04/2011 14:40:02 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\soffice.exe Cannot be disinfected
16/04/2011 14:40:02 Detected: Virus.Win32.Nimnul.a c:\Program Files\SopCast\SopCast.exe
16/04/2011 14:40:02 Untreated: Virus.Win32.Nimnul.a c:\Program Files\SopCast\SopCast.exe Cannot be disinfected
16/04/2011 14:40:03 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\swriter.exe
16/04/2011 14:40:03 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\swriter.exe Cannot be disinfected
16/04/2011 14:40:03 Detected: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\unopkg.exe
16/04/2011 14:40:03 Untreated: Virus.Win32.Nimnul.a c:\Program Files\OpenOffice.org 3\program\unopkg.exe Cannot be disinfected
16/04/2011 14:40:03 Detected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\WinRAR.exe
16/04/2011 14:40:03 Untreated: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\WinRAR.exe Cannot be disinfected
16/04/2011 14:40:07 Detected: Virus.Win32.Nimnul.a c:\Program Files\SystemRequirementsLab\srldetect_cyri_4.4.21.0.dll
16/04/2011 14:40:07 Untreated: Virus.Win32.Nimnul.a c:\Program Files\SystemRequirementsLab\srldetect_cyri_4.4.21.0.dll Cannot be disinfected
16/04/2011 14:40:10 Detected: Virus.Win32.Nimnul.a c:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
16/04/2011 14:40:10 Untreated: Virus.Win32.Nimnul.a c:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL Cannot be disinfected
16/04/2011 14:40:13 Detected: Virus.Win32.Nimnul.a c:\Programs\PartyGaming\PartyPoker\RunApp.exe
16/04/2011 14:40:13 Untreated: Virus.Win32.Nimnul.a c:\Programs\PartyGaming\PartyPoker\RunApp.exe Cannot be disinfected
16/04/2011 14:40:13 Detected: Virus.Win32.Nimnul.a c:\Program Files\Sports Interactive\Football Manager Live\fml_launcher.exe
16/04/2011 14:40:13 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Sports Interactive\Football Manager Live\fml_launcher.exe Cannot be disinfected
16/04/2011 14:40:14 Detected: Virus.Win32.Nimnul.a c:\Program Files\FOOTBALLMANAGERBETA\Football Manager Live\fml_launcher.exe
16/04/2011 14:40:14 Untreated: Virus.Win32.Nimnul.a c:\Program Files\FOOTBALLMANAGERBETA\Football Manager Live\fml_launcher.exe Cannot be disinfected
16/04/2011 14:40:17 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
16/04/2011 14:40:17 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Cannot be disinfected
16/04/2011 14:40:17 Detected: Trojan.Win32.Agent.hssp c:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbnpkcam.exe
16/04/2011 14:40:17 Untreated: Trojan.Win32.Agent.hssp c:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbnpkcam.exe Cannot be disinfected
16/04/2011 14:40:18 Detected: Virus.Win32.Nimnul.a c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
16/04/2011 14:40:18 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Cannot be disinfected
16/04/2011 14:40:19 Detected: Virus.Win32.Nimnul.a c:\Program Files\Electronic Arts\EADM\EADMUI.exe
16/04/2011 14:40:20 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Electronic Arts\EADM\EADMUI.exe Cannot be disinfected
16/04/2011 14:40:20 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe
16/04/2011 14:40:20 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe Cannot be disinfected
16/04/2011 14:40:20 Detected: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
16/04/2011 14:40:20 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe Cannot be disinfected
16/04/2011 14:40:21 Detected: Virus.Win32.Nimnul.a c:\Program Files\mIRC\mirc.exe
16/04/2011 14:40:21 Untreated: Virus.Win32.Nimnul.a c:\Program Files\mIRC\mirc.exe Cannot be disinfected
16/04/2011 14:40:22 Detected: Virus.Win32.Nimnul.a c:\Program Files\Ventrilo\Ventrilo.exe
16/04/2011 14:40:22 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Ventrilo\Ventrilo.exe Cannot be disinfected
16/04/2011 14:40:55 Detected: Virus.Win32.Nimnul.a c:\Users\Will\Desktop\FM2010_v10.3.0_PC_Patch.exe
16/04/2011 14:40:55 Untreated: Virus.Win32.Nimnul.a c:\Users\Will\Desktop\FM2010_v10.3.0_PC_Patch.exe Cannot be disinfected
16/04/2011 14:41:19 Detected: Virus.Win32.Nimnul.a c:\Programs\PartyGaming\PartyGaming.exe
16/04/2011 14:41:19 Untreated: Virus.Win32.Nimnul.a c:\Programs\PartyGaming\PartyGaming.exe Cannot be disinfected
16/04/2011 14:43:30 Detected: Virus.Win32.Nimnul.a c:\Program Files\Jollygood Games\Turbo Sliders\sliders.exe
16/04/2011 14:43:31 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Jollygood Games\Turbo Sliders\sliders.exe Cannot be disinfected
16/04/2011 14:43:32 Detected: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\United Football\UnitedFootball.exe
16/04/2011 14:43:32 Untreated: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\United Football\UnitedFootball.exe Cannot be disinfected
16/04/2011 14:43:38 Detected: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll
16/04/2011 14:43:38 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll Cannot be disinfected
16/04/2011 14:43:39 Detected: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll
16/04/2011 14:43:39 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll Cannot be disinfected
16/04/2011 14:43:42 Detected: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll
16/04/2011 14:43:42 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll Cannot be disinfected
16/04/2011 14:43:42 Detected: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
16/04/2011 14:43:42 Untreated: Virus.Win32.Nimnul.a c:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll Cannot be disinfected
16/04/2011 14:43:48 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin.dll
16/04/2011 14:43:48 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin.dll Cannot be disinfected
16/04/2011 14:43:48 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin2.dll
16/04/2011 14:43:48 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin2.dll Cannot be disinfected
16/04/2011 14:43:49 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin3.dll
16/04/2011 14:43:49 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin3.dll Cannot be disinfected
16/04/2011 14:43:49 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin4.dll
16/04/2011 14:43:49 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin4.dll Cannot be disinfected
16/04/2011 14:43:49 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin5.dll
16/04/2011 14:43:50 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin5.dll Cannot be disinfected
16/04/2011 14:43:50 Detected: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin6.dll
16/04/2011 14:43:50 Untreated: Virus.Win32.Nimnul.a c:\Program Files\QuickTime\Plugins\npqtplugin6.dll Cannot be disinfected
16/04/2011 14:44:03 Detected: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_6167\berkelium.dll
16/04/2011 14:44:03 Untreated: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_6167\berkelium.dll Cannot be disinfected
16/04/2011 14:44:04 Detected: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\fml2\libEGL.dll
16/04/2011 14:44:04 Untreated: Virus.Win32.Nimnul.a c:\Users\Will\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\fml2\libEGL.dll Cannot be disinfected
16/04/2011 14:45:24 Detected: Virus.Win32.Nimnul.a c:\Program Files\DivX\divx web player\dotdivxapp.exe
16/04/2011 14:45:24 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\DivX\divx web player\dotdivxapp.exe
16/04/2011 14:45:24 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\DivX\divx web player\dotdivxapp.exe
16/04/2011 14:45:26 Detected: Trojan.Win32.Agent.hssp c:\Program Files\iuvdacqv\qbnpkcam.exe
16/04/2011 14:45:26 Untreated: Trojan.Win32.Agent.hssp c:\Program Files\iuvdacqv\qbnpkcam.exe Cannot be disinfected
16/04/2011 14:45:27 Detected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\QTTask.exe
16/04/2011 14:45:27 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\QTTask.exe
16/04/2011 14:45:27 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\QTTask.exe
16/04/2011 14:45:48 Detected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\RarExt.dll
16/04/2011 14:45:48 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\RarExt.dll
16/04/2011 14:45:48 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\RarExt.dll
16/04/2011 14:45:48 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
16/04/2011 14:45:48 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
16/04/2011 14:45:48 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
16/04/2011 14:45:51 Detected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqCmon.exe
16/04/2011 14:45:51 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqCmon.exe
16/04/2011 14:45:51 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqCmon.exe
16/04/2011 14:45:51 Detected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Album\hpqaprnt.exe
16/04/2011 14:45:52 Detected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqPhUnl.exe
16/04/2011 14:45:52 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Album\hpqaprnt.exe
16/04/2011 14:45:52 Detected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqUnSet.exe
16/04/2011 14:45:52 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Album\hpqaprnt.exe
16/04/2011 14:45:52 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqPhUnl.exe
16/04/2011 14:45:52 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqPhUnl.exe
16/04/2011 14:45:52 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqUnSet.exe
16/04/2011 14:45:53 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\hewlett-packard\digital imaging\Unload\HpqUnSet.exe
16/04/2011 14:45:55 Detected: Virus.Win32.Nimnul.a c:\Program Files\real alternative\media player classic\mplayerc.exe
16/04/2011 14:45:55 Detected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\pictureviewer.exe
16/04/2011 14:45:56 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\real alternative\media player classic\mplayerc.exe
16/04/2011 14:45:56 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sbase.exe
16/04/2011 14:45:56 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\pictureviewer.exe
16/04/2011 14:45:56 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\real alternative\media player classic\mplayerc.exe
16/04/2011 14:45:56 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\quicktime\pictureviewer.exe
16/04/2011 14:45:57 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\scalc.exe
16/04/2011 14:45:57 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sbase.exe
16/04/2011 14:45:57 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sbase.exe
16/04/2011 14:45:58 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\scalc.exe
16/04/2011 14:45:58 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\scalc.exe
16/04/2011 14:45:58 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\simpress.exe
16/04/2011 14:45:58 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sdraw.exe
16/04/2011 14:45:58 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\smath.exe
16/04/2011 14:45:58 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\simpress.exe
16/04/2011 14:45:58 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\simpress.exe
16/04/2011 14:45:59 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sdraw.exe
16/04/2011 14:45:59 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\sdraw.exe
16/04/2011 14:46:00 Detected: Virus.Win32.Nimnul.a c:\Program Files\SopCast\SopCast.exe
16/04/2011 14:46:00 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\smath.exe
16/04/2011 14:46:00 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\smath.exe
16/04/2011 14:46:02 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\SopCast\SopCast.exe
16/04/2011 14:46:02 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\SopCast\SopCast.exe
16/04/2011 14:46:02 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\swriter.exe
16/04/2011 14:46:02 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\soffice.exe
16/04/2011 14:46:02 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\swriter.exe
16/04/2011 14:46:02 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\swriter.exe
16/04/2011 14:46:03 Detected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\unopkg.exe
16/04/2011 14:46:03 Detected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\WinRAR.exe
16/04/2011 14:46:05 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\soffice.exe
16/04/2011 14:46:05 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\soffice.exe
16/04/2011 14:46:05 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\unopkg.exe
16/04/2011 14:46:05 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\openoffice.org 3\program\unopkg.exe
16/04/2011 14:46:07 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\WinRAR.exe
16/04/2011 14:46:07 Detected: Virus.Win32.Nimnul.a c:\Programs\partygaming\partypoker\RunApp.exe
16/04/2011 14:46:07 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\WinRAR\WinRAR.exe
16/04/2011 14:46:07 Disinfected: Virus.Win32.Nimnul.a c:\Programs\partygaming\partypoker\RunApp.exe
16/04/2011 14:46:07 Disinfected: Virus.Win32.Nimnul.a c:\Programs\partygaming\partypoker\RunApp.exe
16/04/2011 14:46:08 Detected: Virus.Win32.Nimnul.a c:\Program Files\systemrequirementslab\srldetect_cyri_4.4.21.0.dll
16/04/2011 14:46:09 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\systemrequirementslab\srldetect_cyri_4.4.21.0.dll
16/04/2011 14:46:09 Disinfected: Virus.Win32.Nimnul.a c:\Program Files\systemrequirementslab\srldetect_cyri_4.4.21.0.dll
16/04/2011 14:46:09 Detected: Trojan.Win32.Agent.hssp c:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbnpkcam.exe
16/04/2011 14:46:09 Untreated: Trojan.Win32.Agent.hssp c:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qbnpkcam.exe Cannot be disinfected
16/04/2011 14:46:29 Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\DSETUP.dll
16/04/2011 14:46:29 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\DSETUP.dll
16/04/2011 14:46:29 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\DSETUP.dll
16/04/2011 14:46:29 Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dxsetup.exe
16/04/2011 14:46:30 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dxsetup.exe
16/04/2011 14:46:30 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dxsetup.exe
16/04/2011 14:46:30 Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dsetup32.dll
16/04/2011 14:46:31 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dsetup32.dll
16/04/2011 14:46:31 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\Blizzard Entertainment\World of Warcraft Installer\DirectX\dsetup32.dll
16/04/2011 14:46:37 Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup\NFE.exe
16/04/2011 14:46:38 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup\NFE.exe
16/04/2011 14:46:38 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup\NFE.exe
16/04/2011 14:46:48 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1204.html
16/04/2011 14:46:48 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1958.html
16/04/2011 14:46:49 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1E88.html
16/04/2011 14:46:49 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1204.html Cannot be disinfected
16/04/2011 14:46:49 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1958.html Cannot be disinfected
16/04/2011 14:46:49 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_24FC.html
16/04/2011 14:46:49 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_1E88.html Cannot be disinfected
16/04/2011 14:46:49 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_294.html
16/04/2011 14:46:50 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_24FC.html Cannot be disinfected
16/04/2011 14:46:50 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_CA8.html
16/04/2011 14:46:51 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_294.html Cannot be disinfected
16/04/2011 14:46:51 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EALogReader.html
16/04/2011 14:46:52 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EADM_CA8.html Cannot be disinfected
16/04/2011 14:46:54 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Electronic Arts\EA Core\logs\EALogReader.html Cannot be disinfected
16/04/2011 14:46:57 Detected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Metaboli Player\Setup.exe
16/04/2011 14:46:58 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Metaboli Player\Setup.exe
16/04/2011 14:46:58 Disinfected: Virus.Win32.Nimnul.a C:\Documents and Settings\All Users\Metaboli Player\Setup.exe
16/04/2011 14:47:05 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\index.htm
16/04/2011 14:47:05 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\index_src.htm
16/04/2011 14:47:06 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\index.htm Cannot be disinfected
16/04/2011 14:47:07 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\insindex.html
16/04/2011 14:47:10 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\index_src.htm Cannot be disinfected
16/04/2011 14:47:15 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\insindex.html Cannot be disinfected
16/04/2011 14:47:20 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\html\localization\browser_unsupported.htm
16/04/2011 14:47:22 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\html\localization\browser_unsupported.htm Cannot be disinfected
16/04/2011 14:47:22 Detected: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\html\localization\scripting_disabled.htm
16/04/2011 14:47:23 Untreated: Trojan-Dropper.JS.Agent.ex C:\Documents and Settings\All Users\Microsoft\OC\Channels\ch1\HTML\html\localization\scripting_disabled.htm Cannot be disinfected

#8 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 16 April 2011 - 07:05 PM

I can't attach the file, and i'm guessing you dont want me to paste 1m lines onto this thread?

THe Zipped file is smaller, but i'm not allowed to upload that type,

Let me know what you want me to do please Georgi, i'm happy to keep pasting, but i'm sure the website will be :P

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:43 AM

Posted 17 April 2011 - 04:47 AM

Hi Moonyboy99, :)



Thanks for the logs.
They confirmed my suspicious.



I'm afraid I have very bad news.



Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smo"rga*sbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).




Regards,
Georgi

cXfZ4wS.png


#10 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 April 2011 - 06:14 AM

Hey Georgi,

Thanks for that, I kind of figured once I had a 1m instance report!

I formated this morning, and am currently reinstalling everything.

Could you possible point me in the dirction of some kind of guide as to what I can do to prevent further infection, i dont have a one care subscription, so i figure I need a new way of protection,

I'm guessing Firewall, Anti Virus, Anti Malware ?

Thanks again for your help

#11 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 April 2011 - 06:18 AM

SOrry one further question, I use 3/4 USB sticks on this PC, is the only safe way to format them, using the hold down shift technique to prevent auto run?

Or is it safest to ditch them all? I'd rather not as I have a rather pricey 32gb one,

Will

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:43 AM

Posted 17 April 2011 - 06:46 AM

I formated this morning, and am currently reinstalling everything.
Could you possible point me in the dirction of some kind of guide as to what I can do to prevent further infection, i dont have a one care subscription, so i figure I need a new way of protection,




My advice is to do a format of all partitions (except the recovery one if you have a such) and then to reinstall Windows from scratch.

This infection can spread very easily so if backup or other drives are infected, when reconnected they will start the whole process over again.

You should only back up your data such as pictures, music, documents.

Do not back up any system files or installers as they may be infected.<-- Important :exclame:





:step1: When you rebuild the system, install an antivirus software and make sure your it is turned on and up-to-date.

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection against malicious software.

Note:
You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may very well decrease the overall protection as well as impair the performance of your PC.





:step2: Also be sure that you re-download all drivers and software you need from their website after the wipe. Do not use old installers. They are probably infected.




:step3: Finally, do not forget to disable the Autoplay feature in Windows to avoid future problems.

You can use Flash_Desinfector as described above.





:step4: Also I highly recommend that you use Mozilla Firefox + NoScript add-ons to disable the dangerous iframes and JavaScript fragments used by Virut/Sality/Ramnit/Parite and the other polymorphic threats.

Posted Image

Keep in mind that the iframes and Javascripts objects are not always malicious. Some web sites will still need them to visualize the web content properly.





:step5: Don't use pirated software !!

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems, so my advice is;

Stay away from them!



This is an absolutely massive amount of work to be done there but this is the only safest way.



I suggest you to take a look here:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html



Regards,
Georgi

cXfZ4wS.png


#13 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 April 2011 - 07:06 AM

Hi Georgi,

I have taken your advice,

I reformated everything (Except the partition that holds my recovery data)

I deleted everything, even pictures music and all :(

I want to use a virus scanner, but how can I get rid of the windows one? Is AVG considered a good one? Or Malware ANti Bytes?

I am now using Mozilla, and the add on you suggested

AFAIK I havent used pirate software since I got a job!

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:43 AM

Posted 17 April 2011 - 08:50 AM

Hi Moonyboy99,



I want to use a virus scanner, but how can I get rid of the windows one?




Could you please rephrase your question?



Is AVG considered a good one? Or Malware ANti Bytes?



Malwarebytes is not an antivirus application. I recommend that you keep that installed.
I also recommend installing an antivirus application.



Which is the best antivirus ? In the end it's a personal choice and what works best for you. Personally from the freeware software I recommend Avira or Avast or Microsoft Security Essentials or eset's NOD32 or Kaspersky's if you want to buy one.



- AVG is good and reputable antivirus softwares. AVG 2011 has improved a lot in its latest free edition - especially the LinkScanner and the Identity protection feature which acts like a behaviour blocker.



- Avira has one of the best detection rates out there. However the interface is unintuitive and can be difficult to use for beginners.



- Avast offer more features for its resources like boot-time scan, sandbox, Webrep and many more. A great software.



- MSE is free as long as your windows OS is genuine. MSE fails to detect some malware but it is very good when it comes to effective full removal of viruses/malware.
However MSE is slow at scanning and cleaning of threats. Also when you open a directory with a lot of files the appearance of the icons might be delayed a bit.



- Kaspersky has a comprehensive scanner but can take a long time to complete.



- Nod32 is light on resources and has one of the fastest scanner engine.



They both are great products. :)



Regards,
Georgi

Edited by B-boy/StyLe/, 17 April 2011 - 09:14 AM.
typo.

cXfZ4wS.png


#15 Moonyboy99

Moonyboy99
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 17 April 2011 - 09:43 AM

Hi again,

Thanks for that, I will try Avira, i should be ok to work it out, I so work for a software house! If not I'll try the Avaat one.

What I meant by my question was that my windows Vista has One Care on it, do i need to remove this?

Is the windows firewall good enough, or should I get a new one?

I think Windows just downloaded an update called Malware and malicious software remover, shall I unistall that If I choose Avira?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users