Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PING.exe virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 deNieD88

deNieD88

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 27 August 2011 - 03:54 PM

so I got it off a site I was going to download a song from

basically there is this PING.exe process that once in a while takes up to 700,000k memory and a lot of CPU.
This process is never ever there. Just got this virus yesterday, ive ran multiple scans like
Combofix, a fullscan of drwebcureit, RKill, House Caller...The only one that seemed to notice ping.exe was a virus was DR web cureit scanner and all it did was "eradicate it" or end it.Which when you end the process all it does is come right backup. Anyways I just really hope to get this fix because i'm a gamer and don't like my computer slowing down.



HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:33:53 PM, on 8/27/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKUS\S-1-5-21-3428298516-1171043127-4088980639-501\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Guest')
O4 - HKUS\S-1-5-21-3428298516-1171043127-4088980639-501\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Guest')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: CNG Key Isolation (KeyIso32) - Unknown owner - (no file)
O23 - Service: MBAMService - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

bump .

EDIT: Please be patient. There are over 130 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~Budapest

Edited by Budapest, 27 August 2011 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 AM

Posted 01 September 2011 - 12:44 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Nothing suspicious was found on your log.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:49 AM

Posted 08 September 2011 - 12:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users