Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected?


  • Please log in to reply
2 replies to this topic

#1 Ninamarie719

Ninamarie719

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 22 February 2013 - 09:40 AM

 Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/481166/computer-infected-with-malware/#entry2984728 - Hamluis.

 

 

Results of screen317's Security Check version 0.99.59  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
P
C
ECHO is off.
C
l
e
a
n
e
r
ECHO is off.
P
r
o
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Adobe Reader 10.1.2 Adobe Reader out of Date!  
 Mozilla Firefox 18.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Edited by hamluis, 22 February 2013 - 09:45 AM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 Ninamarie719

Ninamarie719
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 22 February 2013 - 09:41 AM

Farbar Service Scanner Version: 20-02-2013
Ran by NJ (administrator) on 22-02-2013 at 09:41:08
Running from "D:\Users\NJ\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
D:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
D:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
D:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
D:\WINDOWS\system32\netman.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
D:\WINDOWS\system32\srsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
D:\WINDOWS\system32\wscsvc.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
D:\WINDOWS\system32\wuauserv.dll
[2011-01-06 04:34] - [2007-03-10 23:13] - 0018392 ____A (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E

D:\WINDOWS\system32\qmgr.dll => MD5 is legit
D:\WINDOWS\system32\es.dll => MD5 is legit
D:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
D:\WINDOWS\system32\svchost.exe => MD5 is legit
D:\WINDOWS\system32\rpcss.dll => MD5 is legit
D:\WINDOWS\system32\services.exe
[2004-08-03 20:07] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****



#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:12 PM

Posted 22 February 2013 - 09:56 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users