Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans and such


  • Please log in to reply
10 replies to this topic

#1 amberwilliams123

amberwilliams123

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 July 2011 - 06:31 PM

Hi again..I've got a computer that has multiple problems. A friend brought it to me the other day and asked if I could "clean" it out. So I did, installing MBAM and Microsoft Security Essentials. When I gave the computer back, nothing was being detected by either program (both doing a FULL scan, not quick scans).

Well the computer is back with the same problems. Either I didn't "clean" it out well enough or he is getting them from somewhere on the internet. MS Security Essentials scan found 12 threats such as Rogue:win32/fakerean, trojandownloader:win32/karagany.a, trojandownloader:java/openconnection.on, backdoor:win32/cycbot.b, trojan:win32/bumat!rts, exploit:java/cve-2009-3869.i, and many many more.

Is there any hope for this computer or should I just tell him to wipe it out and reinstall windows? Thanks for any help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 25 July 2011 - 06:36 PM

Hello and welcome lets run these and review the logs.

Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

<><><><>><>><><><><>><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post 3 logs and Let us know how the PC is running now.

Edited by boopme, 25 July 2011 - 06:37 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amberwilliams123

amberwilliams123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 July 2011 - 08:12 PM

Here is R Killer

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/25/2011 at 18:54:06.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 07/25/2011 at 18:54:13.

Here is TDSS Killer

2011/07/25 18:46:19.0272 2428 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 18:46:19.0444 2428 ================================================================================
2011/07/25 18:46:19.0444 2428 SystemInfo:
2011/07/25 18:46:19.0444 2428
2011/07/25 18:46:19.0460 2428 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/25 18:46:19.0460 2428 Product type: Workstation
2011/07/25 18:46:19.0460 2428 ComputerName: ALAN-EDE3F431B8
2011/07/25 18:46:19.0460 2428 UserName: Alan
2011/07/25 18:46:19.0460 2428 Windows directory: C:\WINDOWS
2011/07/25 18:46:19.0460 2428 System windows directory: C:\WINDOWS
2011/07/25 18:46:19.0460 2428 Processor architecture: Intel x86
2011/07/25 18:46:19.0460 2428 Number of processors: 1
2011/07/25 18:46:19.0460 2428 Page size: 0x1000
2011/07/25 18:46:19.0460 2428 Boot type: Normal boot
2011/07/25 18:46:19.0460 2428 ================================================================================
2011/07/25 18:46:21.0304 2428 Initialize success
2011/07/25 18:46:24.0569 1952 ================================================================================
2011/07/25 18:46:24.0569 1952 Scan started
2011/07/25 18:46:24.0569 1952 Mode: Manual;
2011/07/25 18:46:24.0569 1952 ================================================================================
2011/07/25 18:46:26.0381 1952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/25 18:46:26.0444 1952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/25 18:46:26.0522 1952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/25 18:46:26.0584 1952 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/07/25 18:46:26.0662 1952 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/25 18:46:26.0912 1952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/25 18:46:26.0991 1952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/25 18:46:27.0053 1952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/25 18:46:27.0100 1952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/25 18:46:27.0162 1952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/25 18:46:27.0256 1952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/25 18:46:27.0303 1952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/25 18:46:27.0366 1952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/25 18:46:27.0381 1952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/25 18:46:27.0412 1952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/25 18:46:27.0428 1952 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/25 18:46:27.0616 1952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/25 18:46:27.0678 1952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/25 18:46:27.0741 1952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/25 18:46:27.0756 1952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/25 18:46:27.0803 1952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/25 18:46:27.0944 1952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/25 18:46:28.0069 1952 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/25 18:46:28.0147 1952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/25 18:46:28.0194 1952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/25 18:46:28.0225 1952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/25 18:46:28.0256 1952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/25 18:46:28.0303 1952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/25 18:46:28.0334 1952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/25 18:46:28.0350 1952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/25 18:46:28.0412 1952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/25 18:46:28.0475 1952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/25 18:46:28.0553 1952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/25 18:46:28.0631 1952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/25 18:46:28.0756 1952 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/25 18:46:28.0819 1952 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/25 18:46:28.0912 1952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/25 18:46:29.0006 1952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/07/25 18:46:29.0115 1952 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/25 18:46:29.0209 1952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/25 18:46:29.0272 1952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/25 18:46:29.0303 1952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/25 18:46:29.0350 1952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/25 18:46:29.0397 1952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/25 18:46:29.0412 1952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/25 18:46:29.0475 1952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/25 18:46:29.0490 1952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/25 18:46:29.0522 1952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/25 18:46:29.0537 1952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/25 18:46:29.0584 1952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/25 18:46:29.0600 1952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/25 18:46:29.0631 1952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/25 18:46:29.0678 1952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/25 18:46:29.0772 1952 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/25 18:46:29.0850 1952 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/07/25 18:46:29.0881 1952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/25 18:46:29.0943 1952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/25 18:46:30.0006 1952 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/25 18:46:30.0037 1952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/25 18:46:30.0100 1952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/25 18:46:30.0115 1952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/25 18:46:30.0162 1952 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/25 18:46:30.0412 1952 MpKsl6b75f427 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9D80FD8-6090-47E7-83EC-283167FA756D}\MpKsl6b75f427.sys
2011/07/25 18:46:30.0506 1952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/25 18:46:30.0568 1952 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/25 18:46:30.0662 1952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/25 18:46:30.0725 1952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/25 18:46:30.0787 1952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/25 18:46:30.0803 1952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/25 18:46:30.0834 1952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/25 18:46:30.0881 1952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/25 18:46:30.0912 1952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/25 18:46:30.0959 1952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/25 18:46:31.0021 1952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/25 18:46:31.0053 1952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/25 18:46:31.0100 1952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/25 18:46:31.0131 1952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/25 18:46:31.0146 1952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/25 18:46:31.0193 1952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/25 18:46:31.0225 1952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/25 18:46:31.0271 1952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/25 18:46:31.0334 1952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/25 18:46:31.0381 1952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/25 18:46:31.0490 1952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/25 18:46:31.0568 1952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/25 18:46:31.0584 1952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/25 18:46:31.0631 1952 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/07/25 18:46:31.0662 1952 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/07/25 18:46:31.0693 1952 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/07/25 18:46:31.0771 1952 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/07/25 18:46:31.0865 1952 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/07/25 18:46:31.0928 1952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/25 18:46:31.0959 1952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/25 18:46:31.0975 1952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/25 18:46:31.0990 1952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/25 18:46:32.0068 1952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/25 18:46:32.0115 1952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/25 18:46:32.0318 1952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/25 18:46:32.0365 1952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/25 18:46:32.0396 1952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/25 18:46:32.0428 1952 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/25 18:46:32.0553 1952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/25 18:46:32.0599 1952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/25 18:46:32.0631 1952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/25 18:46:32.0662 1952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/25 18:46:32.0756 1952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/25 18:46:32.0771 1952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/25 18:46:32.0803 1952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/25 18:46:32.0849 1952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/25 18:46:32.0912 1952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/25 18:46:33.0178 1952 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\Alan\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2011/07/25 18:46:33.0240 1952 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\Alan\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2011/07/25 18:46:33.0334 1952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/25 18:46:33.0381 1952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/25 18:46:33.0443 1952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/25 18:46:33.0506 1952 sfxq (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\uwrbsyrr.sys
2011/07/25 18:46:33.0568 1952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/25 18:46:33.0646 1952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/25 18:46:33.0693 1952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/25 18:46:33.0771 1952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/25 18:46:33.0912 1952 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/25 18:46:34.0037 1952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/25 18:46:34.0068 1952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/25 18:46:34.0115 1952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/25 18:46:34.0240 1952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/25 18:46:34.0334 1952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 18:46:34.0381 1952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/25 18:46:34.0412 1952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/25 18:46:34.0459 1952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/25 18:46:34.0552 1952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/25 18:46:34.0646 1952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/25 18:46:34.0724 1952 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/25 18:46:34.0756 1952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/25 18:46:34.0818 1952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/25 18:46:34.0834 1952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/25 18:46:34.0881 1952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/25 18:46:34.0943 1952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/25 18:46:34.0990 1952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/25 18:46:35.0052 1952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/25 18:46:35.0146 1952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/25 18:46:35.0193 1952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 18:46:35.0287 1952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/25 18:46:35.0380 1952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/25 18:46:35.0490 1952 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/25 18:46:35.0630 1952 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/25 18:46:35.0677 1952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/25 18:46:35.0709 1952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/25 18:46:35.0740 1952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/25 18:46:35.0771 1952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/25 18:46:35.0834 1952 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/25 18:46:35.0834 1952 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/25 18:46:35.0849 1952 Boot (0x1200) (6535daad6fe624f85f4477892c8335b5) \Device\Harddisk0\DR0\Partition0
2011/07/25 18:46:35.0849 1952 ================================================================================
2011/07/25 18:46:35.0849 1952 Scan finished
2011/07/25 18:46:35.0849 1952 ================================================================================
2011/07/25 18:46:35.0865 1476 Detected object count: 1
2011/07/25 18:46:35.0865 1476 Actual detected object count: 1
2011/07/25 18:46:48.0192 1476 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/25 18:46:48.0192 1476 \Device\Harddisk0\DR0 - ok
2011/07/25 18:46:48.0192 1476 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/25 18:46:54.0848 1636 Deinitialize success

Here is SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/25/2011 at 07:44 PM

Application Version : 4.55.1000

Core Rules Database Version : 7459
Trace Rules Database Version: 5271

Scan type : Complete Scan
Total Scan Time : 00:43:20

Memory items scanned : 264
Memory threats detected : 0
Registry items scanned : 5387
Registry threats detected : 0
File items scanned : 50267
File threats detected : 49

Adware.Tracking Cookie
C:\Documents and Settings\Alan\Cookies\alan@media6degrees[2].txt
C:\Documents and Settings\Alan\Cookies\alan@tacoda.at.atwola[1].txt
C:\Documents and Settings\Alan\Cookies\alan@content.yieldmanager[3].txt
C:\Documents and Settings\Alan\Cookies\alan@legolas-media[2].txt
C:\Documents and Settings\Alan\Cookies\alan@at.atwola[2].txt
C:\Documents and Settings\Alan\Cookies\alan@imrworldwide[2].txt
C:\Documents and Settings\Alan\Cookies\alan@a1.interclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@www.googleadservices[1].txt
C:\Documents and Settings\Alan\Cookies\alan@apmebf[1].txt
C:\Documents and Settings\Alan\Cookies\alan@content.yieldmanager[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adbrite[2].txt
C:\Documents and Settings\Alan\Cookies\alan@mediaplex[2].txt
C:\Documents and Settings\Alan\Cookies\alan@viewablemedia[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.pubmatic[2].txt
C:\Documents and Settings\Alan\Cookies\alan@pro-market[1].txt
C:\Documents and Settings\Alan\Cookies\alan@atdmt[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.cpxadroit[2].txt
C:\Documents and Settings\Alan\Cookies\alan@interclick[2].txt
C:\Documents and Settings\Alan\Cookies\alan@invitemedia[1].txt
C:\Documents and Settings\Alan\Cookies\alan@questionmarket[2].txt
C:\Documents and Settings\Alan\Cookies\alan@ad.yieldmanager[1].txt
C:\Documents and Settings\Alan\Cookies\alan@tribalfusion[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adtech[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.pointroll[1].txt
C:\Documents and Settings\Alan\Cookies\alan@serving-sys[2].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Alan\Cookies\alan@anrtx.tacoda[1].txt
C:\Documents and Settings\Alan\Cookies\alan@advertise[1].txt
C:\Documents and Settings\Alan\Cookies\alan@www.find-fast-answers[1].txt
C:\Documents and Settings\Alan\Cookies\alan@adxpose[1].txt
C:\Documents and Settings\Alan\Cookies\alan@doubleclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@revsci[1].txt
C:\Documents and Settings\Alan\Cookies\alan@statse.webtrendslive[2].txt
C:\Documents and Settings\Alan\Cookies\alan@247realmedia[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ru4[2].txt
C:\Documents and Settings\Alan\Cookies\alan@kontera[1].txt
C:\Documents and Settings\Alan\Cookies\alan@yieldmanager[1].txt
C:\Documents and Settings\Alan\Cookies\alan@lucidmedia[2].txt
C:\Documents and Settings\Alan\Cookies\alan@specificclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@collective-media[1].txt
C:\Documents and Settings\Alan\Cookies\alan@mediabrandsww[1].txt
C:\Documents and Settings\Alan\Cookies\alan@pointroll[2].txt
secure-uk.imrworldwide.com [ C:\Documents and Settings\Alan\Application Data\Macromedia\Flash Player\#SharedObjects\CXDPDPUB ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Alan\Application Data\Macromedia\Flash Player\#SharedObjects\CXDPDPUB ]
.atdmt.com [ C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ttmnfbbc.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ttmnfbbc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ttmnfbbc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ttmnfbbc.default\cookies.sqlite ]

Trojan.Agent/Gen
C:\FSQWR.BMP

And Lastly MBAM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7278

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/25/2011 8:06:19 PM
mbam-log-2011-07-25 (20-06-19).txt

Scan type: Quick scan
Objects scanned: 153120
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I've not noticed any problems so far with the computer.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 25 July 2011 - 08:28 PM

OK good scans,you DID reboot after those?? It is needed.
The TDSS removal was a key infection. Rootkit.Win32.TDSS.tdl4)
You should change your passwords on here now as that one looks to harvest those.
>>>>
The trojan found by SAS may be a SystemToll infection.
This infection may also change your Windows HOSTS file, we want to replace this file with the default version for your operating system.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


>>>>

Lets do an online scan and be sure nothing broke loose before we mop up.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 amberwilliams123

amberwilliams123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 July 2011 - 09:51 PM

Looks like I've got some more cleaning to do....

C:\Documents and Settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\52\640f9e74-395c36bc Java/Exploit.CVE-2010-3562.A trojan deleted - quarantined
C:\Documents and Settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\62\2bc3143e-480bdb6c a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\jar_cache24390.tmp probably a variant of J2ME/Agent.AA trojan deleted - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\jar_cache33199.tmp a variant of J2ME/Agent.AA trojan deleted - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\jar_cache38746.tmp a variant of Java/TrojanDownloader.OpenStream.NCE trojan deleted - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\jar_cache7721.tmp probably a variant of J2ME/Agent.AA trojan deleted - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\jar_cache9100.tmp a variant of Java/TrojanDownloader.OpenStream.NCE trojan deleted - quarantined
C:\Documents and Settings\Alan\Local Settings\Temp\is-Q5O15.tmp\kls.exe Win32/Toolbar.Zugo application deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 26 July 2011 - 08:33 AM

Much better.
<

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 amberwilliams123

amberwilliams123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 26 July 2011 - 08:47 AM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 10
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

I updated FireFox, Java, and Adobe.

Edited by amberwilliams123, 26 July 2011 - 09:10 AM.


#8 amberwilliams123

amberwilliams123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 26 July 2011 - 12:42 PM

MSSE keeps finding Trojan:Java/Mesdeh. How can I remove that completely?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 26 July 2011 - 07:38 PM

Hi,this is most like due to the old Java on the machine,. WE need to update that and Adobe reader as that can also be exploited.
Consider getting the latest Firefox.

Trojan:Java/Mesdeh is the detection for a data file that is used by malware to exploit a vulnerability in the Java Runtime Environment (JRE) discussed in CVE-2010-0094. Successful exploitation of the affected computer allows attackers to bypass Java sandbox restrictions and gain read and write access to the local file system.

Note when updating uncheck the box before Yes, install Google Toolbar

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Please do similarly and update to Adobe Reader X (10.1.0)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 amberwilliams123

amberwilliams123
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 26 July 2011 - 08:02 PM

Thank you very much for your help. I updated Java, Firefox, and Adobe to the latest versions. I don't seem to be having any trouble right now. Thank you, thank you, thank you!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:28 AM

Posted 26 July 2011 - 08:20 PM

You're most welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users