Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Open Cloud AV and something else??


  • This topic is locked This topic is locked
8 replies to this topic

#1 thebuffest1

thebuffest1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 27 October 2011 - 09:32 PM

Hi! I got infected with OpenCloud AV and tried following the removal suggestions from this site and others with no luck. I'm not able to run rkill, maleware bytes or any other antiviral software, even in safe mode. My computer was pretty much unusable until I did a system restore. Now my computer will at least turn on, but I'm still having a tons of problems. I still can't use antiviral software, I seem to have some search engine redirect virus, I get random pop-ups saying "Congratulations you just won..." when I use the internet, my computer keeps freezing and has problems shutting down. OpenCloud AV is not present on my desktop anymore, but I have no reason to believe it's not still on my computer.

I wasn't able to run GMER, every time I tried I got a blue screen error message and my computer restarted. Unfortunately, I haven't been able to read what the message says because it flashes so quickly.

I was able to run DDS and attached the logs. Thanks so much for reading this, I really need some help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:15:10 on 2011-10-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.469 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\2194736433:3472502397.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/
uInternet Connection Wizard,ShellNext = hxxp://products.webroot.com/disp0201.php?pc=64150&origrc=1&rc=1&sfb=0&oc=97&mjv=6&mnv=1&rel=0&bld=145&lang=en&loc=USA&opi=2&omj=5&omn=1&avon=1&frq=1&dnv=11&kc=ppc%60p_tq%5e%5eafqk%60t%5ekdi&guid=19066208-9F22-4679-95E1-D79D6804E4CF&selectedBytes=3383&storageUsed=3383
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-2-6 14336]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-10-27 22:42:58 -------- d-----w- C:\RCM
2011-10-27 22:42:40 -------- d-----w- C:\temporary
2011-10-06 22:05:45 77738888 ----a-w- c:\program files\ExcelViewer.exe
2011-10-05 02:16:36 -------- d-----w- c:\program files\MSECache
2011-10-05 02:16:07 63204984 ----a-w- c:\program files\PowerPointViewer.exe
2011-10-04 12:52:19 -------- d-----w- c:\windows\pss
2011-10-04 01:20:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-04 01:20:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-04 01:18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-03 22:43:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
.
==================== Find3M ====================
.
2011-10-27 22:51:11 249856 ------w- c:\windows\Setup1.exe
2011-10-27 22:51:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-10-19 02:01:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 01:30:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-18 00:33:31 1053480 ----a-w- c:\program files\AmazonMP3DownloaderInstall.exe
2011-09-17 19:27:12 1448993 ----a-w- c:\program files\wrar401.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-02-07 01:59:29 121697912 ----a-w- c:\program files\LoggerPro3_8_2.exe
2010-10-24 00:27:53 6274424 ----a-w- c:\program files\Silverlight.exe
.
============= FINISH: 19:16:19.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:59 PM

Posted 28 October 2011 - 05:10 PM

Good evening. :)

Please download DummyCreator.zip by Farbar from here and save it to your Desktop - you will then need to unzip it.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the "Extraction Wizard" window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish.


  • Double click DummyCreator.exe to run the tool.
  • Copy and paste the following into the edit box:

    • C:\WINDOWS\2194736433
  • Click the Create button.
  • Make sure you have a copy of Result.txt that should appear once the tool has completed.
  • Important: Restart the computer and then let me have a copy of Result.txt in your next reply.

So long, and thanks for all the fish.

 

 


#3 thebuffest1

thebuffest1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 30 October 2011 - 09:15 AM

Hi! Sorry it took so long to get back to you. Yesterday I got another virus, Windows XP Restore: PC Performance and Stability Analysis Report. All of my files are now hidden and I'm running my computer from Safe Mode because when I turn on Normal Mode I get a flood of error messages. I ran dummycreator.zip from safe mode with networking and this is what it gave:

DummyCreator by Farbar
Ran by Owner (administrator) on 30-10-2011 at 10:06:05
**************************************************************

C:\WINDOWS\2194736433 [30-10-2011 10:06:05]

== End of log ==

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:59 PM

Posted 30 October 2011 - 02:33 PM

Good evening. :)

I don't see an anti-virus on your system, which probably accounts for the infections you are picking up. How long has this been the case?

So long, and thanks for all the fish.

 

 


#5 thebuffest1

thebuffest1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 30 October 2011 - 06:58 PM

My antivirus software subscription ran out in August.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:59 PM

Posted 31 October 2011 - 02:46 PM

Good evening. :)

While it may be possible to clean the PC fully, the potential for legitimate files to have been infected or corrupted by the malware present on your PC, and also that security settings may have been lowered making your computer more liable to infection in the future, means that starting over is the easiest and most reliable solution to your problems - that's backing up any important files and then reformating and reinstalling Windows.

You also need to be aware of the risk of identity theft if you have accessed bank accounts with this computer or shopped online. Keylogging software could have recorded details of these actions and a lack of an effective firewall means that there is nothing to stop this information being sent home. If this does apply to you, i'd monitor your accounts and perhaps consider getting credit/debit cards, passwords etc... changed - obviously not using this PC!

So long, and thanks for all the fish.

 

 


#7 thebuffest1

thebuffest1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 October 2011 - 08:33 PM

I'd really like to try and fix it without reinstalling my operating system.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:59 PM

Posted 01 November 2011 - 03:41 PM

Good evening. :)

When you have an infected PC you play the percentages. With an up-to-date anti-virus program and firewall present the likelihood is that the PC can be effectively cleaned, unless the infection is a real nasty, so it is worth trying to do so.
With no firewall and at best an out-of-date AV the percentages work against you. It may still be possible to clean the PC, but there is less certainty and even if the PC appears clean there is no guarantee that it is.

If we spend time trying to clean it and fail, we've wasted our time. If we look like we've succeeded, we still may not have and the PC could be sending out spam, taking part in denial of service attacks or monitoring your online banking and shopping and collecting information that could enable someone to play with your finances.

These are worst-case scenarios, but the time that it takes to reformat and reinstall is sufficiently small and the potential problems if it is a worst-case are sufficiently large that it makes sense to bite the bullet.

If it was my PC or a member of my family brought it to me i'd wipe it and start afresh and that's what i'm recommending you do.

So long, and thanks for all the fish.

 

 


#9 thebuffest1

thebuffest1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 01 November 2011 - 09:34 PM

Okay, thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users