Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with windows xp recovery and possibly TDSS


  • This topic is locked This topic is locked
3 replies to this topic

#1 ViralNova

ViralNova

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 08 June 2011 - 10:54 PM

My problem is that a fake anti-virus named "Windows XP Recovery" keeps starting up sending false alarms etc. Now I tried to do exactly what one of the guides on this site recommended but I can't update MBAM and I tried TDSSKiller but it found nothing so I'm not sure whats going on to why it wont update. Sorry if Im not detailed enough.

Guide used: http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-recovery



Here is a DDS log:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by at 18:06:02 on 2011-06-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.110 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\AOL\1138907690\ee\AOLSoftware.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\QuickTime\QTTask.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [WinColorReminder] c:\program files\pro imaging powertoys\microsoft color control panel applet for windows xp\WinColorReminder.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [UtYUtxpPbB] c:\documents and settings\all users\application data\UtYUtxpPbB.exe
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [OASClnt] c:\program files\mcafee.com\antivirus\oasclnt.exe
mRun: [EmailScan] c:\program files\mcafee.com\antivirus\mcvsescn.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [MPFExe] c:\program files\mcafee.com\personal firewall\MPfTray.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Dell QuickSet] c:\progra~1\dell\quickset\quickset.exe
mRun: [HostManager] c:\program files\common files\aol\1138907690\ee\AOLSoftware.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NPSStartup]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmaTel Audio] c:\program files\sigmatel\c-major audio\dellxpm_5515v131\setup.exe -postqfe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AOLSPScheduler] c:\program files\common files\aol\1138907690\ee\services\safetycore\ver210_5_4_1\AOLSP Scheduler.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A3C84861-78D5-4C2A-9469-AC915E1211EA} : DhcpNameServer = 192.168.1.1
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-5-29 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2007-4-30 80640]
R1 MpKslbc6bc3b8;MpKslbc6bc3b8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKslbc6bc3b8.sys [2011-6-8 28752]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-20 54760]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
S1 MpKsl04b976eb;MpKsl04b976eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\mpksl04b976eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKsl04b976eb.sys [?]
S1 MpKsl0b8ddab9;MpKsl0b8ddab9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKsl0b8ddab9.sys [2011-6-8 28752]
S1 MpKsl98378ff2;MpKsl98378ff2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\mpksl98378ff2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\MpKsl98378ff2.sys [?]
S1 MpKsl99b40bd0;MpKsl99b40bd0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\mpksl99b40bd0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\MpKsl99b40bd0.sys [?]
S1 MpKsldbe079af;MpKsldbe079af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\mpksldbe079af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed256c81-8dee-4b3e-bbe6-3536cd7c58cd}\MpKsldbe079af.sys [?]
S2 McShield;McAfee McShield;c:\progra~1\mcafee.com\antivi~1\mcshield.exe --> c:\progra~1\mcafee.com\antivi~1\mcshield.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-4-18 36608]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-26 9472]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-2-2 114464]
.
=============== Created Last 30 ================
.
2011-06-09 00:38:28 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKslbc6bc3b8.sys
2011-06-09 00:26:55 38224 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-09 00:26:48 20952 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 23:39:52 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKsl0b8ddab9.sys
2011-06-04 21:56:17 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKsl83719dca.sys
2011-06-04 21:54:22 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKslc0d61d26.sys
2011-06-04 01:30:21 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-05-29 20:59:56 -------- d--h--w- c:\documents and settings\lew shedd\application data\Panda Security
2011-05-29 20:58:52 28552 ---ha-w- c:\windows\system32\drivers\pavboot.sys
2011-05-29 20:51:49 -------- d--h--w- c:\documents and settings\lew shedd\local settings\application data\panda2_0dn
2011-05-29 20:51:40 -------- d--h--w- c:\documents and settings\all users\application data\Panda Security URL Filtering
2011-05-29 20:51:37 -------- d--h--w- c:\documents and settings\lew shedd\application data\pandasecuritytb
2011-05-29 20:49:55 -------- d--h--w- c:\program files\Panda Security
2011-05-29 20:49:55 -------- d--h--w- c:\documents and settings\all users\application data\Panda Security
2011-05-29 19:59:39 -------- d--h--w- c:\program files\msn gaming zone
2011-05-29 19:47:59 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKsl0ec1e590.sys
2011-05-29 19:46:18 28752 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\MpKslf0e33358.sys
2011-05-29 19:10:31 6962000 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e12e137-ce41-4a1e-ae97-ce74ebdc6638}\mpengine.dll
2011-05-29 15:24:16 -------- d--h--w- c:\program files\Dell Computer
2011-05-29 15:17:54 446464 ---ha-r- c:\windows\system32\hhactivex.dll
2011-05-29 15:17:54 176128 ---ha-w- c:\windows\system32\RcdScan.dll
2011-05-29 15:17:53 328480 ---ha-w- c:\windows\system32\ssa3d30.ocx
2011-05-29 15:17:49 89360 ---ha-w- c:\windows\system32\VB5DB.DLL
2011-05-29 15:17:42 13632 ---h--w- c:\windows\system32\drivers\omci.sys
2011-05-29 15:17:32 212992 ---ha-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-05-29 14:52:50 341504 ---ha-w- c:\documents and settings\all users\application data\16572196.exe
2011-05-29 14:42:17 433152 ---ha-w- c:\documents and settings\all users\application data\UtYUtxpPbB.exe
2011-05-28 23:50:01 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-28 23:50:01 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2011-05-28 23:48:17 -------- d--h--w- c:\program files\iTunes
2011-05-28 23:46:15 -------- d--h--w- c:\program files\Bonjour
2011-05-17 18:58:48 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 18:54:35 -------- d--h--w- c:\windows\system32\wbem\repository\FS
2011-05-17 18:54:35 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-05-17 18:54:01 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 18:53:43 -------- d--h--w- c:\program files\The Weather Channel FW
.
==================== Find3M ====================
.
2011-04-10 00:08:55 56 -csh--r- c:\windows\system32\482DD5CC5D.sys
2011-04-10 00:08:55 10016 -csha-w- c:\windows\system32\KGyGaAvL.sys
2011-04-06 23:20:16 91424 ---ha-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 197920 ---ha-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ---ha-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 18:08:29.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:42 PM

Posted 15 June 2011 - 01:28 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:42 PM

Posted 18 June 2011 - 11:46 AM

ViralNova? Do you still need help?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:42 PM

Posted 21 June 2011 - 02:00 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users