Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have possible/probable rootkit infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 brdickson

brdickson

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 11 July 2012 - 11:30 PM

DDS.TXT follows here:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Run by Brian Dickson at 23:39:01 on 2012-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.294 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ===============
.
D:\PROGRA~1\AVG\AVG2012\avgrsx.exe
D:\Program Files\AVG\AVG2012\avgcsrvx.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG2012\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
D:\Program Files\AVG\AVG2012\avgnsx.exe
D:\Program Files\AVG\AVG2012\avgemcx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AVG\AVG2012\avgtray.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
D:\PROGRA~1\AD-AWA~1\AdAware.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\AVG\AVG2012\avgui.exe
D:\Documents and Settings\Brian Dickson\Desktop\bjhewz6u.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - d:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - d:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [googletalk] "d:\program files\google\google talk\googletalk.exe" /autostart
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "d:\documents and settings\brian dickson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [SiSUSBRG] d:\windows\SiSUSBrg.exe
mRun: [SpybotSnD] "d:\program files\spybot - search & destroy\SpybotSD.exe" /autoclose /waitstart
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "d:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "d:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - d:\program files\silicon image\siisataraid\SATARaid.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - d:\program files\avg\avg2012\avgdtiex.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265498512968
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265498500343
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A92DB9BE-8475-4556-A508-B9EE629ACC5B} : NameServer = 192.168.2.98,192.168.2.39
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\brian dickson\application data\mozilla\firefox\profiles\1b3kpuuj.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 4
FF - component: d:\documents and settings\brian dickson\application data\mozilla\firefox\profiles\1b3kpuuj.default\extensions\{5df0e234-376d-41e5-86a8-1a39008117fd}\components\RadioWMPCoreGecko19.dll
FF - component: d:\documents and settings\brian dickson\application data\mozilla\firefox\profiles\1b3kpuuj.default\extensions\firegpg@firegpg.team\platform\winnt_x86-msvc\components\ipc.dll
FF - component: d:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: d:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: d:\documents and settings\brian dickson\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\nos\bin\np_gp.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;d:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 sbaphd;sbaphd;d:\windows\system32\drivers\sbaphd.sys [2012-7-7 21240]
R1 SbFw;SbFw;d:\windows\system32\drivers\SbFw.sys [2012-7-7 335224]
R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;d:\windows\system32\drivers\sbtis.sys [2012-7-7 217976]
R2 Ad-Aware Service;Ad-Aware Service;d:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 SBAMSvc;Ad-Aware;d:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;d:\windows\system32\drivers\sbapifs.sys [2012-7-7 77816]
R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 CX88VID;FusionHDTV 88x AvStream Video Capture;d:\windows\system32\drivers\zl88avs.sys [2007-5-3 336128]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;d:\windows\system32\drivers\SbFwIm.sys [2012-7-7 94584]
S1 AEC671X;AEC671X;d:\windows\system32\drivers\aec671x.sys [2005-9-14 12128]
S1 DMX3191;DMX3191;d:\windows\system32\drivers\dmx3191.sys [2005-9-14 17700]
S2 CX88XBAR;FusionHDTV 88x, WDM Crossbar; [x]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]
S2 UDNT;UDNT; [x]
S2 Zulu88Tune;FusionHDTV 88x, WDM Tuner(T7611+3302); [x]
S2 Zulu88Vid;FusionHDTV 88x, WDM Video Capture; [x]
S3 CXAVSAUD;FusionHDTV 880, WDM Audio Capture; [x]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2012-5-15 40776]
S3 rootrepeal;rootrepeal;\??\d:\windows\system32\drivers\rootrepeal.sys --> d:\windows\system32\drivers\rootrepeal.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;d:\windows\system32\drivers\SbFwIm.sys [2012-7-7 94584]
S3 sbhips;sbhips;d:\windows\system32\drivers\sbhips.sys [2012-7-7 93816]
S3 scsiscan;SCSI Scanner Driver;d:\windows\system32\drivers\scsiscan.sys [2005-9-14 11520]
S3 vsdatant;vsdatant;\??\d:\windows\system32\vsdatant.sys --> d:\windows\system32\vsdatant.sys [?]
S3 Zulu88BDA;FusionHDTV 88x, BDA DVB Tuner/Demod; [x]
S3 Zulu88Ts;FusionHDTV 88x, BDA Receiver(ATSC-A); [x]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-08 00:50:57 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-07-08 00:50:56 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 04:32:00 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2012-04-19 08:50:26 24896 ----a-w- d:\windows\system32\drivers\avgidshx.sys
2004-03-11 17:27:22 40960 ----a-w- d:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_6L060J3 rev.A93.0500 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys PCIIDEX.SYS
d:\windows\system32\drivers\siside.sys Silicon Integrated Systems Corp. SiS PCI Mini IDE Driver
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A495030]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000067[0x8A497188]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A496D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 23:44:04.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 brdickson

brdickson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 July 2012 - 02:36 PM

Ran some more diagnostic tools

THIS APPEARS TO BE A ZEROACCESS INFECTION!

Please help.

Attaching all the diagnostic output I can.

Thanks
Brian

Attached Files



#3 brdickson

brdickson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 14 July 2012 - 02:52 PM

Output of combofix, in a zip file, attached.

Attached Files



#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 16 July 2012 - 12:01 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, brdickson

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do you still need help with this?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 brdickson

brdickson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 July 2012 - 02:00 PM

I do still need help with this, but am now away from the computer in question on vacation (and will be for 2 weeks).

Can you keep this request open/idle until I am back?

Do the logs I posted suggest specific things that need to be done?

Thanks,
Brian

#6 brdickson

brdickson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 July 2012 - 04:13 PM

I do still need help with this, but am now away from the computer in question on vacation (and will be for 2 weeks).

Can you keep this request open/idle until I am back?

Do the logs I posted suggest specific things that need to be done?

Thanks,
Brian

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 16 July 2012 - 10:15 PM

Alright I'll hold on to this for a couple of weeks. I will take a look at your logs at the mean time.

Thanks for informing.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 16 July 2012 - 11:32 PM

CF seems to have took care of it nicely.

Go to My Computer-> Tools-> Folder Options-> View tab:
  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan


click on Browse, and upload the following file for analysis:
D:\WINDOWS\system32\ntdll.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link(for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

===================================================

On your next reply please post :
File scanner report
How is your machine behaving now?


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 brdickson

brdickson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 01 August 2012 - 12:57 AM

https://www.virustotal.com/file/ad2d62f604472958c8b3c20df29d9b5f8b7878e7831af8db7c669636e16afb7c/analysis/1343800438/

The computer seems a bit slow, but I did build it in 2003.

Is there anything else I should do to verify it is okay now?

I'll do whatever you think I should do.

Thanks again!

Brian

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 01 August 2012 - 01:01 AM

Hope you had a great fun in your vacation.

Let's get a fresh OTL log. Hit Run scan then post back the results.

Thanks :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 07 August 2012 - 11:03 PM

Are you still with us?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 09 August 2012 - 11:49 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users