Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False "Win 7 Security 2012"


  • This topic is locked This topic is locked
2 replies to this topic

#1 gabripani

gabripani

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 16 July 2011 - 02:25 AM

At power on my pc recognize some intrusion or virus and ask me upgrade /download of FALSE "win 7 security 2012"
I can't remove it.
If i don't remove "mit.exe" from Task Manager, explorer doesn't run.
I think that maleware in "mit.exe" in my AppData. Remove this file make every .exe file not run!

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by 95000052 at 15:15:36 on 2011-07-15
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.44.1033.18.3510.1892 [GMT 2:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\Program Files\Microsoft SQL Server Express\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fortinet\SslvpnClient\FortiSSLVPNclient.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://web.fanuc.local
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [387422524] c:\users\95000052\appdata\local\mit.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: db.com
Trusted Zone: fanuccnc.com
Trusted Zone: fanuccnc.eu
Trusted Zone: fanucfa.com
Trusted Zone: ffrontier.com
Trusted Zone: db.com
Trusted Zone: fanuccnc.com
Trusted Zone: fanuccnc.eu
Trusted Zone: fanucfa.com
Trusted Zone: ffrontier.com
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0998CC2C-50A7-479F-B083-7E72FDB26207} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0998CC2C-50A7-479F-B083-7E72FDB26207}\14C6963656D23363033363133343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0998CC2C-50A7-479F-B083-7E72FDB26207}\46C696E6B6 : DHCPNameServer = 195.96.30.254 151.99.125.2
TCP: Interfaces\{28855CD1-BC13-4E31-BEB9-322CFD146298} : DHCPNameServer = 3.221.108.81 3.221.108.82
TCP: Interfaces\{6AC93A0E-69DB-41BD-BF69-051B379E8877} : DHCPNameServer = 83.224.70.93 83.224.66.134
TCP: Interfaces\{E246B0C9-C5C9-4CC6-A8B2-FF0886CFD0D2} : NameServer = 3.221.108.81 3.221.108.82
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: CustomTaskbar - cscript.exe c:\taskbar\Taskbar.vbs
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-1-7 146000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-18 49152]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-26 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-12-4 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-12-4 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-1-7 282704]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-18 42672]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-11-18 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-18 6114816]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-11 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-11 101120]
S3 memcard;PCMCIA-Speicherkartentreiber;c:\windows\system32\drivers\memcard.sys [2011-1-11 8320]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-18 47104]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-18 38400]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .txt: txtfile=terminal.exe %1
.
=============== Created Last 30 ================
.
2011-07-15 11:31:26 -------- d-----w- C:\sh4ldr
2011-07-15 11:31:26 -------- d-----w- c:\program files\Enigma Software Group
2011-07-15 11:31:04 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-15 11:31:03 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-07-14 21:12:02 344064 ----a-w- c:\users\95000052\appdata\local\mit.exe
2011-07-14 20:26:40 -------- d-----w- c:\program files\Prevx
2011-07-14 20:26:21 -------- d-----w- c:\programdata\PrevxCSI
2011-07-14 19:56:55 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-07-14 19:48:52 -------- d-----w- c:\users\95000052\appdata\roaming\Uniblue
2011-07-14 19:48:50 -------- d-----w- c:\program files\Uniblue
2011-07-14 19:48:23 -------- d-----w- c:\users\95000052\appdata\local\PackageAware
2011-07-14 13:42:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-14 13:42:31 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-14 13:42:31 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-14 13:31:27 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-01 06:34:24 -------- d-----w- c:\programdata\OEM Links
2011-06-28 13:57:25 -------- d-----w- c:\programdata\Seagate
2011-06-28 13:57:24 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2011-06-28 13:57:24 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-06-28 13:57:24 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-06-28 13:57:23 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-06-28 13:57:15 -------- d-----w- c:\program files\Seagate
2011-06-28 13:57:15 -------- d-----w- c:\program files\common files\Seagate
2011-06-28 09:56:40 -------- d-----w- c:\program files\CNCScreenE
2011-06-27 13:27:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-27 13:23:27 376832 ----a-w- c:\windows\system32\Ncboot32e.exe
.
==================== Find3M ====================
.
2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-04 04:53:10 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-26 10:00:31 102400 ----a-w- c:\windows\RegBootClean.exe
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
============= FINISH: 15:19:44.28 ===============

Attached Files


Edited by gabripani, 16 July 2011 - 03:19 AM.


BC AdBot (Login to Remove)

 


#2 gabripani

gabripani
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 16 July 2011 - 11:53 AM

Problem of infection is resolved now!!
Solution was to install "Microsoft security essential" tha find and repair malware. It was free to dawnload.
Thank at all for attention and the understanding.
Beast reguards

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 16 July 2011 - 04:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users