Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with bootworm Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 ThatEnglishGuy

ThatEnglishGuy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 29 October 2012 - 10:33 AM

Previous topic http://www.bleepingcomputer.com/forums/topic473423.html

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Sean at 14:59:50 on 2012-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8178.6441 [GMT 0:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\V0700Mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mRun: [V0700Mon.exe] C:\Windows\V0700Mon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{39545D76-ACB4-4F82-B76F-510457B6272A} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-12 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-12 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-10-2 1314720]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-29 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-10-12 10207232]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-10-12 317952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-29 231440]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-10-29 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-29 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-10-29 44672]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;C:\Windows\System32\drivers\V0700Vid.sys [2011-9-7 393920]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 116648]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 116648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2012-10-29 20:36:34 -------- d-----w- C:\Windows\Panther
2012-10-29 19:54:08 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-10-29 19:54:08 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-10-29 19:54:08 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-10-29 19:54:02 -------- d-----w- C:\Program Files (x86)\Realtek
2012-10-29 19:52:58 44672 ----a-r- C:\Windows\System32\drivers\usbfilter.sys
2012-10-29 19:52:34 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-10-29 19:52:34 -------- d-----w- C:\ProgramData\AMD
2012-10-29 19:52:34 -------- d-----w- C:\Program Files\ATI Technologies
2012-10-29 19:52:30 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-10-29 19:52:25 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-10-29 19:52:18 -------- d-----w- C:\Program Files\ATI
2012-10-29 19:52:16 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-10-29 19:52:12 -------- d-sh--w- C:\Windows\Installer
2012-10-29 14:03:43 -------- d-----w- C:\Users\Sean\AppData\Local\Google
2012-10-29 14:03:37 -------- d-----w- C:\Users\Sean\AppData\Local\Deployment
2012-10-29 14:03:37 -------- d-----w- C:\Users\Sean\AppData\Local\Apps
2012-10-29 13:51:08 -------- d-----w- C:\Users\Sean\AppData\Roaming\AVG2013
2012-10-29 13:50:02 -------- d--h--w- C:\$AVG
2012-10-29 13:50:02 -------- d-----w- C:\ProgramData\AVG2013
2012-10-29 13:44:34 -------- d-----w- C:\Users\Sean\AppData\Local\Avg2013
2012-10-29 13:32:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\TuneUp Software
2012-10-29 13:32:05 -------- d-----w- C:\Program Files (x86)\AVG
2012-10-29 13:27:47 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-10-29 13:27:47 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-10-29 13:27:47 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-10-29 13:27:47 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-10-29 13:25:21 -------- d--h--w- C:\ProgramData\Common Files
2012-10-29 13:25:21 -------- d-----w- C:\Users\Sean\AppData\Local\MFAData
2012-10-29 13:25:21 -------- d-----w- C:\ProgramData\MFAData
2012-10-29 13:18:32 -------- d-----w- C:\Program Files (x86)\Nero
2012-10-29 13:18:26 -------- d-----w- C:\ProgramData\Nero
2012-10-29 13:13:27 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-10-29 13:13:09 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-10-29 13:04:05 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-10-29 13:03:55 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-10-29 13:02:44 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-10-29 13:02:27 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-10-29 13:00:35 -------- d-----w- C:\Users\Sean\AppData\Local\AMD
2012-10-29 13:00:26 -------- d-----w- C:\Users\Sean\AppData\Local\ATI
2012-10-29 12:59:00 0 ----a-w- C:\Windows\ativpsrm.bin
2012-10-29 12:56:27 -------- d-----w- C:\winki
2012-10-29 12:56:05 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-10-29 12:54:59 1698408 ------r- C:\Windows\RtlExUpd.dll
2012-10-29 12:54:58 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-10-29 12:54:58 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-10-29 12:54:58 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-10-29 12:54:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-10-29 12:54:58 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-10-29 12:54:58 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-10-29 12:54:58 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-10-29 12:54:57 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-10-29 12:54:57 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-10-05 10:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 10:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2012-09-21 10:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 10:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 10:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 10:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 10:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-09-04 17:39:32 50296 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
.
============= FINISH: 15:00:01.07 ===============

BC AdBot (Login to Remove)

 


#2 ThatEnglishGuy

ThatEnglishGuy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 29 October 2012 - 10:35 AM

GMER has yielded no infection results.

Attached Files



#3 ThatEnglishGuy

ThatEnglishGuy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 29 October 2012 - 10:38 AM

http://forums.avg.com/gb-en/avg-forums?sec=thread&act=show&id=219490#post_219490 Currently have this thread open on the AVG forums, apparently someone is in a similar situation as me. Also i think AVG 2013 was released within the last 24 hours, is it possible this is a false positive?

Once again huge thanks for your help! :)

Edited by ThatEnglishGuy, 29 October 2012 - 10:38 AM.


#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:13 PM

Posted 31 October 2012 - 01:23 AM

Hello ThatEnglishGuy :)

Most likely it was a false-positive which should be corrected now.

Read this post if you have not already: Post number 219504

Also i think AVG 2013 was released within the last 24 hours

I am not quite sure what you meant to say here but AVG 2013, the program itself, has probably been out for at least a couple of months now.

Your DDS log is clean but we can run a few more checks if you would like to. Let me know but make sure to update AVG's virus definition database as I highly suspect that will fix that alert you were receiving from AVG :thumbup2:

Edited by thisisu, 31 October 2012 - 01:29 AM.


#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:13 PM

Posted 02 November 2012 - 03:06 PM

Due to the lack of feedback, this topic will be closed.

If you need the topic re-opened, private message me or any moderator to re-open the thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users