Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seriously nasty virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 RGlass2

RGlass2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 27 October 2011 - 07:06 PM

So I've tried almost everything: Spywareblast, Malwarebytes, Superantispyware, Spybot, Dr. Web & Emsisoft yet nothing can get rid of this nasty virus completely... Any help that you could possibly give would be greatly appreciated beyond belief.

I just got it to where it would let me access files & directories on my computer again but I'm sure it's going to come back again.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8AA9E000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AA000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pavboot.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E4B000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E2B000 fltmgr.sys
0xB9E19000 sr.sys
0xB9E02000 KSecDD.sys
0xB9DEF000 WudfPf.sys
0xB9D62000 Ntfs.sys
0xB9D35000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D1B000 Mup.sys
0xB97F9000 kl1.sys
0xBA128000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8C54000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7C5B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7C47000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7C1E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7BFA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7B8E000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB7B6A000 \SystemRoot\system32\drivers\portcls.sys
0xB8C44000 \SystemRoot\system32\drivers\drmk.sys
0xB7B47000 \SystemRoot\system32\drivers\ks.sys
0xB7B15000 \SystemRoot\system32\drivers\ctoss2k.sys
0xBA480000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xBA488000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7B01000 \SystemRoot\system32\DRIVERS\parport.sys
0xB8C34000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8DB5000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8C24000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8C14000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8C04000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA490000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8BF4000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA6C4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8BE4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7AEA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8BD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7AD9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA5E0000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA4B0000 \SystemRoot\System32\Drivers\Modem.SYS
0xB7AA9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8047000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA358000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7A4B000 \SystemRoot\system32\DRIVERS\update.sys
0xBA584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA360000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA158000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB03C5000 \SystemRoot\system32\drivers\ha20x2k.sys
0xB0398000 \SystemRoot\system32\drivers\emupia2k.sys
0xB0371000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xB02D5000 \SystemRoot\system32\drivers\ctac32k.sys
0xB00AA000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB4F97000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xADE39000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA632000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6D9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA634000 \SystemRoot\System32\Drivers\Beep.SYS
0xB009A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB0092000 \SystemRoot\System32\drivers\vga.sys
0xBA636000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA638000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB008A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB0082000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4A6A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB007A000 \SystemRoot\system32\DRIVERS\kl2.sys
0xAED70000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAD411000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD3B8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAD36A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAD342000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAEC30000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD320000 \SystemRoot\System32\drivers\afd.sys
0xAE1A1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD2FE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAE191000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAED68000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAD233000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD1C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE181000 \SystemRoot\System32\Drivers\Fips.SYS
0xADE19000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAD2EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xADE01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xADDED000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAB06E000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xA4EBB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA3CC8000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA4886000 \SystemRoot\System32\drivers\Dxapi.sys
0xA4D17000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA761000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA3B0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB97B4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2B3A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA438000 \SystemRoot\System32\drivers\aspi32.sys
0xA2AAD000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA218000 \SystemRoot\system32\drivers\sysaudio.sys
0xA1F35000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA3B8000 \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
0xA462C000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA0FC6000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA0DF5000 \SystemRoot\System32\Drivers\HTTP.sys
0xA04F2000 \SystemRoot\system32\DRIVERS\rt73.sys
0x9F3FF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA4099000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA388000 \??\C:\DOCUME~1\Nikki\LOCALS~1\Temp\catchme.sys
0x9E79A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
1512 C:\WINDOWS\system32\smss.exe
1580 csrss.exe
1604 C:\WINDOWS\system32\winlogon.exe
1660 C:\WINDOWS\system32\services.exe
1672 C:\WINDOWS\system32\lsass.exe
1852 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
1912 C:\WINDOWS\system32\svchost.exe
1976 svchost.exe
360 C:\WINDOWS\system32\svchost.exe
436 C:\WINDOWS\system32\svchost.exe
728 svchost.exe
956 svchost.exe
1440 C:\WINDOWS\system32\spoolsv.exe
1620 C:\Program Files\SUPERAntiSpyware\SASCore.exe
164 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
220 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
296 C:\Program Files\QuickTime\QTTask.exe
312 C:\Program Files\ATT-SST\McciTrayApp.exe
316 C:\Program Files\iTunes\iTunesHelper.exe
520 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1212 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
1256 C:\Program Files\Bonjour\mDNSResponder.exe
184 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2180 C:\Program Files\Java\jre6\bin\jqs.exe
2352 C:\Program Files\Common Files\Motive\McciCMService.exe
2736 C:\Program Files\Common Files\Motive\McciServiceHost.exe
2760 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
3000 C:\WINDOWS\system32\nvsvc32.exe
3060 C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
3224 C:\WINDOWS\system32\svchost.exe
2812 C:\Program Files\iPod\bin\iPodService.exe
3396 C:\WINDOWS\system32\wscntfy.exe
2216 alg.exe
7876 C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
3096 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
5464 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11804 C:\WINDOWS\explorer.exe
12144 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
10600 C:\Documents and Settings\Nikki\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.ADH

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 01 November 2011 - 07:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425361 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 06 November 2011 - 08:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users