Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, Rootkit or legit file?


  • Please log in to reply
3 replies to this topic

#1 amani622

amani622

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 20 July 2012 - 10:59 PM

Hello all,

Please help!

Not exactly sure why I cannot get rid of a virus plaguing my computer. I have ran ad aware virus remover, combofix, superantispyware, and sophos. Then I tried Unhackme scan and it revealed that I had a suspicious file that cannot be removed. This is the file: Item Name: {F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}
Author:
Related File: C:\WINDOWS\SYSWOW64\WBEM\WBEMESS.DLL
Type: DCOM Components

Thank you,
Amani

Attached Files


Edited by hamluis, 21 July 2012 - 09:39 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:22 PM

Posted 21 July 2012 - 07:29 AM

On all Windows vista and 7 machines(32 and 64 bit),default value for this key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} should be

%systemroot%\system32\wbem\wbemess.dll

Did you manually change the default value of this key? Were you infected by zero access?

Edited by narenxp, 21 July 2012 - 07:30 AM.


#3 amani622

amani622
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 July 2012 - 09:27 PM

On all Windows vista and 7 machines(32 and 64 bit),default value for this key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} should be

%systemroot%\system32\wbem\wbemess.dll

Did you manually change the default value of this key? Were you infected by zero access?


No I didn't change anything. And yes I was infected by zero access. Since then my laptop is slow and the cursors spins, crashing browsers. I don't know what else to try. I thought combofix would resolve it in safe mode but it didn't work.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:22 PM

Posted 24 July 2012 - 09:28 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users