Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN32:Dropper-gen [Drp]


  • Please log in to reply
57 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 21 October 2013 - 02:23 PM

 I made a mistake in opening an old favorite in Windows IE when trying to clean it up.  It was a porn site which I do not go to any anymore and don't really use IE either.  So after doing this I did a AVAST Bootscan and got this little bugger.  AVAST would not let me Delete, Move to Chest or Repair, so I choose Ignore and continued the scan.  

I looked at the Scan Logs and it showed it and said: 
Severity: High
Action: Delete.
Result: Action successful.

I re-scaned and it was still there.
Dam I was doing so well.  I don't have any money because I am very ill so any help will be greatly appreciated.  I really depend on my computer to keep me pre-occupied and some entertainment.  
HP Laptop Series HST NN-104C, Windows XP, Home Edition OS. 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 21 October 2013 - 05:28 PM

What is the file name and its location indicated by Avast?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 23 October 2013 - 10:22 AM

Sorry brother but I am having the guys on avast site help me.  You can shut this down and if they can't fix the issue then I will come back!  The guy that is helping me now seems to have simular hours so this is good for me now.  Here is the file location though.

 

C:\...|>FILE0005.D0FFB8D_996E_4


Edited by pcpunk, 23 October 2013 - 10:24 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 23 October 2013 - 08:00 PM

Thank you for letting me know :)


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 24 October 2013 - 02:29 PM

The guys at AVAST seem to think it is a false positive?  So here I am, don't want any trouble from this.  As stated, I found this right after trying to clean up old favorites, and I did not know it was porn.  I have stopped all porn on my pc lol.

 

I should also mention that I don't really have any symptoms, so maybe all is good.  I should also mention that I am not sure about the second slash.  Not sure if it is a backslash or a straight slash like this:  |  It's the one right after SwSetup.

 

Here is pathway to file:

 

C:\SwSetup|SDMPL\DLA32_52\DLA.msil>Disk1|>FILE0005.D0FFFB8D_996E_43B1_8C32_FF42F494CE70


Edited by pcpunk, 24 October 2013 - 04:21 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 24 October 2013 - 05:23 PM

Upload that file here: https://www.virustotal.com/ for security check


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 26 October 2013 - 12:11 PM

Broni, can you tell me the proper slash in the place I was questioning?  Or else I will have to wait till later when I go home to do another scan.

 

Look at my last post.

 

Okay I must have got the pathway wrong, can I just send enter the avast file?  Please give me more indo if possible. 


Edited by pcpunk, 26 October 2013 - 01:15 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 26 October 2013 - 01:46 PM

I'm not sure if I understand.

You can't find that file?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 26 October 2013 - 02:22 PM

I guess I got the pathway wrong.  I'll be back later.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 27 October 2013 - 11:32 AM

Went to virustotal.com and computer shut down, well not shut-down but got the blue screen and this came up with instructions that I did not copy:  

 

STOP:0X00000008E(0XC0000005,0XBF86600B,0X9EB6AAE4,0X00000000)

 

win32K.Sys-Address BF86600BBF86600B base at BF800000, Datestamp 521ea476

 

Never had this happen?  It said to restart and if it happened again then I should follow the instructions to make the BIOS compatable with something else in the sysetm, I fotgot what.  I figured I would write it down if it happened again.  Is this a sign of something bad?  I am hesitant to go back to the website again.  Also the pathway was wrong the first time I tried to use this site, but the first time I did not have a problem.


Edited by pcpunk, 27 October 2013 - 01:35 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#11 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 27 October 2013 - 12:03 PM

I'm not sure if I understand.

You can't find that file?

No, but I am a bit unsure which file to insert? the one from avast or just the C:\SwSetup\  file?

 

And the pathway was wrong, so I got it right now.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 27 October 2013 - 04:36 PM

SeSetup is a folder so you can't upload it.

You have to upload a file which is listed at the end of the path.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 27 October 2013 - 06:38 PM

This is what I got!

 

C:\SwSetup\SDMPL\DLA32_52\DLA.msi|>Disk1|>FILE0005.D0FFFB8D_996E_43B1_8C32_FF42F494CE70   

 

C:\ Documents and Settings\All Users.WINDOWS2\Application Data\AVAST Software\Avast\report\aswBoot.txt

 

What do I put in there if any?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:03 AM

Posted 27 October 2013 - 07:52 PM

That's pretty strange looking path.

Let's try to get a better look...

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:

:dir
C:\SwSetup\SDMPL\DLA32_52 /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:03 PM

Posted 28 October 2013 - 02:52 PM

Here we go, thank you.  Not sure if this helps but the infection was on the 19th or 20th of this month inbetween 3-5pm I will see if I can tell exactly when.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:49 on 28/10/2013 by Chris
Administrator - Elevation successful
 
========== dir ==========
 
C:\SwSetup\SDMPL\DLA32_52 - Parameters: "/s"
 
---Files---
1028.mst --a--c- 282112 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1030.mst --a--c- 284160 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1031.mst --a--c- 289280 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1033.mst --a--c- 282112 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1035.mst --a--c- 283648 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1036.mst --a--c- 287744 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1040.mst --a--c- 287232 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1041.mst --a--c- 303616 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1042.mst --a--c- 312832 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1043.mst --a--c- 287744 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1044.mst --a--c- 282624 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1046.mst --a--c- 285696 bytes [13:10 02/12/2005] [13:10 02/12/2005]
1053.mst --a--c- 283136 bytes [13:10 02/12/2005] [13:10 02/12/2005]
2052.mst --a--c- 281600 bytes [13:10 02/12/2005] [13:10 02/12/2005]
2070.mst --a--c- 286720 bytes [13:10 02/12/2005] [13:10 02/12/2005]
3082.mst --a--c- 287232 bytes [13:10 02/12/2005] [13:10 02/12/2005]
DLA.msi --a--c- 4976128 bytes [13:09 02/12/2005] [13:09 02/12/2005]
HISTORY.BLD --a--c- 31045 bytes [13:08 02/12/2005] [13:08 02/12/2005]
pconfig.dcf --a--c- 843 bytes [13:16 02/12/2005] [13:16 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\BIN d------ [09:35 15/12/2005]
hpqnt.dll --a--c- 90112 bytes [01:00 01/11/2005] [01:00 01/11/2005]
HPQNTDET.dll --a--c- 49152 bytes [01:00 01/11/2005] [01:00 01/11/2005]
 
C:\SwSetup\SDMPL\DLA32_52\CHS d------ [09:35 15/12/2005]
readme.txt --a--c- 8755 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\CHT d------ [09:35 15/12/2005]
readme.txt --a--c- 8711 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\DAN d------ [09:35 15/12/2005]
readme.txt --a--c- 11870 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\DEU d------ [09:35 15/12/2005]
readme.txt --a--c- 14074 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\ENU d------ [09:35 15/12/2005]
readme.txt --a--c- 11767 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\ESM d------ [09:35 15/12/2005]
readme.txt --a--c- 12863 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\FIN d------ [09:35 15/12/2005]
readme.txt --a--c- 12618 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\FRA d------ [09:35 15/12/2005]
readme.txt --a--c- 13810 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\ITA d------ [09:35 15/12/2005]
readme.txt --a--c- 13320 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\JPN d------ [09:35 15/12/2005]
readme.txt --a--c- 12438 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\KOR d------ [09:35 15/12/2005]
readme.txt --a--c- 10918 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\NLD d------ [09:35 15/12/2005]
readme.txt --a--c- 13465 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\NOR d------ [09:35 15/12/2005]
readme.txt --a--c- 12200 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\PTB d------ [09:35 15/12/2005]
readme.txt --a--c- 12935 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\PTG d------ [09:35 15/12/2005]
readme.txt --a--c- 13728 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
C:\SwSetup\SDMPL\DLA32_52\SVE d------ [09:35 15/12/2005]
readme.txt --a--c- 12477 bytes [13:08 02/12/2005] [13:08 02/12/2005]
 
-= EOF =-

Edited by pcpunk, 28 October 2013 - 02:55 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users