Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected to various sites ads/directories etc.


  • This topic is locked This topic is locked
13 replies to this topic

#1 joerg2008

joerg2008

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 30 September 2011 - 12:23 PM

Hi there,

since I got into contact with, what I believe is a Trojan, an ominous virus disguised as being from the "Bundespolizei" where they ask you to pay money in order to unlock the frozen screen I am experiencing some sort of browser hijacking as well. Every so often when I click on a search result I am being redirected to various other locations. When I go back and cklick again it seems to be fine. Upon performing a virus scan I got several alerts. Among them is a file called csrss.exe (Trojan Agent)in the temp folder, which seems to reoccur every time I start the system. Windows-Defender spotted "Backdoor:Win32/Cycbot.B" on several occations. Cant seem to get rid of that one either. I attached my hijackthis-logfile, just in case. Any help would be much appreciated. Thank you very much.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 05 October 2011 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

If you loose your Internet Connectivity after this fix execute this.

Go start > run type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

Then hit Enter, type Exit, hit Enter
*/*

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Please post the logs and let me know what problem persists.

#3 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 October 2011 - 05:06 AM

Thanks for your reply. Here are the logs you requested. At the moment my computer seems to be fine.

Regards Joerg

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 09 October 2011 - 07:44 AM

Looking good.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 October 2011 - 01:12 PM

Hi there,

I downloaded the progrm, but for some reason it wont let me start. When I click on the icon I get the messege that the folder name is not valid?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 09 October 2011 - 01:38 PM

Is it saved on your Desktop?

Right Click on the .exe file and run as an Administrator.

#7 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 October 2011 - 02:25 PM

Hey, sorry, but tried that already and it's not working. Strange. If I put the file in a different location I get the same error refering to the current folder I am in.

Thats the error I get on the desktop "C:\Users\Jörg\Desktop\SecurityCheck.exe" saying that the folder name is not valid.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 09 October 2011 - 04:55 PM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

#9 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 October 2011 - 05:26 PM

Thank you for your time. Here is the content of the dds_log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_21
Run by Jörg at 0:16:03 on 2011-10-11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1409 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRAM FILES\STREAMRIPPER\wstreamripper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jörg\Downloads\Free Antivurus Spyware\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FlashFetcher: {16e8a050-74ce-43d5-8dc0-badd7347b2dd} - c:\program files\geovid\flashfetcher\FlashFetcher.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Free YouTube Download - c:\users\jörg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\jörg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {07174FC7-B4C1-4643-9C03-B4D2148EB057} - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - c:\program files\geovid\flashfetcher\FlashFetcher.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} - hxxps://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B41E65FF-9926-475F-968F-4B2C4B58A9D0} : DhcpNameServer = 192.168.178.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.2 casino
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jörg\appdata\roaming\mozilla\firefox\profiles\pq1fkd9s.default\
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-12 11608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_9a642328\AEstSrv.exe [2008-10-29 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2009-8-12 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-12 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-12 66616]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-29 366152]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-13 341328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-9-27 1526080]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-13 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 84240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-29 22216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-1 23624]
.
=============== Created Last 30 ================
.
2011-10-10 05:48:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e863ccda-0a32-4fe7-8015-b2cdbaaade7a}\offreg.dll
2011-10-09 09:33:43 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-10-09 09:33:43 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-10-09 07:47:29 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-09 07:21:07 98816 ----a-w- c:\windows\sed.exe
2011-10-09 07:21:07 518144 ----a-w- c:\windows\SWREG.exe
2011-10-09 07:21:07 256000 ----a-w- c:\windows\PEV.exe
2011-10-09 07:21:07 208896 ----a-w- c:\windows\MBR.exe
2011-10-09 07:20:58 -------- d-----w- C:\ComboFix
2011-10-07 05:58:14 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e863ccda-0a32-4fe7-8015-b2cdbaaade7a}\mpengine.dll
2011-10-01 06:28:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-01 06:28:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-01 06:28:11 -------- d-----w- c:\programdata\Hitman Pro
2011-09-28 20:32:15 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-09-28 20:32:15 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-09-28 20:32:15 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-09-28 20:32:15 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-09-28 20:32:15 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-09-28 20:32:08 -------- d-----w- c:\users\jörg\appdata\roaming\Simply Super Software
2011-09-28 20:32:08 -------- d-----w- c:\programdata\Simply Super Software
2011-09-28 20:32:08 -------- d-----w- c:\program files\Trojan Remover
2011-09-25 15:38:58 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-09-24 10:23:03 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-09-29 17:40:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 11:53:48 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 0:17:29,39 ===============

Sorry to ask, but where would you like me to send the other attach_file? Do you want me to attach it to this post?

regards

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 10 October 2011 - 07:20 PM

Sorry to ask, but where would you like me to send the other attach_file? Do you want me to attach it to this post?


Copy and paste the content of the log in your next reply.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post the logs ans let me know what problems persists.

#11 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 11 October 2011 - 04:16 AM

Now the SecutityCheck program is working for some reason. Well, here is the log file for SecurityCheck:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 21
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 de..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

===============================================================

Here is the other attach_log from the DDS Scanning Tool:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29.10.2008 21:22:44
System Uptime: 10.10.2011 07:47:33 (17 hours ago)
.
Motherboard: Hewlett-Packard | | 30FD
Processor: AMD Athlon™ X2 Dual-Core QL-62 | Socket M2/S1G1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 142,738 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1,632 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-6zu4-Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 8.1.0 - Deutsch
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Amazon MP3-Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
DBManager Standard Edition
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
Free Audio CD Burner version 1.4.7
Free Studio version 5.1.7
Free YouTube to MP3 Converter version 3.9.40.602
GoGear SA018 Device Manager
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Total Care Advisor
HP Update
HP User Guides 0103
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 5
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 4.3.4 (Full)
LabelPrint
LightScribe System Software 1.12.33.2
LightScribe Template Designs - Bonus Pack 1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Tribal Pack 1
Magic DVD Ripper V5.5.0
Malwarebytes' Anti-Malware Version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000 SR-1
Mozilla Firefox 7.0.1 (x86 de)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Tools for 5.0
MySQL Turbo Manager 3.6.1.0
Nero 6 Demo
OpenOffice.org 3.0
PDF Settings
PDF24 Creator 3.0.0
PDFCreator
PixiePack Codec Pack
PowerDirector
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skins
SQLyog Community 7.14
Streamripper (Remove only)
Synaptics Pointing Device Driver
The Web Graphics Creator v3
Trojan Remover 6.8.2
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Winamp
Winamp Erkennungs-Plug-in
Winamp Toolbar
WinRAR
WinSnap
World of Warcraft FREE Trial
XAMPP 1.6.8
Xvid 1.2.1 final uninstall
.
==== End Of File ===========================

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 11 October 2011 - 07:51 AM

Windows Vista Service Pack 1 support ended on 12/07/2011
http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 21
Java™ 6 Update 5

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Please let me know of any pending issues.

#13 joerg2008

joerg2008
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 13 October 2011 - 10:29 AM

Thank you ever so much for your support. I have now installed an up to date java version and flashplayer. Just out of curiosity, why do I have to delete the older installed java versions? Ar ethey a security risk as well? About the service Pack 2 installation. I have heard that some people have had problems after the installation where the computer did not want to boot anymore and things like that. Is there any merit to that?

thanks again, regards Joerg

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 PM

Posted 13 October 2011 - 01:36 PM

why do I have to delete the older installed java versions? Ar ethey a security risk as well?

Yes they are.
All you need it the last one. Unless you do some Java programming in that case you decide if you want to keep them.

===

I have heard that some people have had problems after the installation where the computer did not want to boot anymore and things like that. Is there any merit to that?


This is not the normality. Make sure you restart the computer after the installation.

If something goes wrong you can also remove the new installation using the add/remove programs list, or restore you computer to a previous date.

p.s. A new restore point will be created before the the update start.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users