Jump to content

Mr_Ricky_66

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for the help but I just got it all sorted out (and it was combofix btw lol) Thanks again
  2. Hi, I posted this a couple of days ago and nobody answered it, so Im trying again. This nightmare started about a week ago when google searches would redirect me. The day before yesterday my computer was paralyzed by Windows Antivirus Pro scam. I was able to get most of that out but at this stage Ive run malwarebytes many times over and it says it cleaned everything out but when I restart and rerun the same two items come back. I use AVG and when I scan it says Im infected with win32\cryptor. Whatever help anyone can offer would be greatly appreciated. This bug is stuck like velcro to my laptop... As instructed here are the latest malware and hijackthis logs: Malwarebytes' Anti-Malware 1.40 Database version: 2561 Windows 5.1.2600 Service Pack 3 8/5/2009 2:42:12 AM mbam-log-2009-08-05 (02-42-12).txt Scan type: Full Scan (C:\|) Objects scanned: 199582 Time elapsed: 44 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\geyekrckjtmurq.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\geyekrckjtmurq.dll (Trojan.TDSS) -> Quarantined and deleted successfully. =============================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:58 AM, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\dlcqcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdwcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Dell Photo AIO Printer 966\memcard.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Lexmark 7600 Series\lxdwmon.exe C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://eversave.coupons.smartsource.com/download/cscmv5X.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxbx_device - Unknown owner - C:\WINDOWS\system32\lxbxcoms.exe (file missing) O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe (file missing) -- End of file - 11380 bytes
  3. ...help...Ive been at this for days and now im using someone elses laptop until i can resolve this mess...
  4. Hi, Thanks for this forum. This nightmare started about a week ago when google searches would redirect me. The day before yesterday my computer was paralyzed by Windows Antivirus Pro scam. I was able to get most of that out but at this stage Ive run malwarebytes many times over and it says it cleaned everything out but when I restart and rerun the same two items come back. I use AVG and when I scan it says Im infected with win32\cryptor. Whatever help anyone can offer would be greatly appreciated. This bug is stuck like velcro to my laptop... As instructed here are the latest malware and hijackthis logs: Malwarebytes' Anti-Malware 1.40 Database version: 2561 Windows 5.1.2600 Service Pack 3 8/5/2009 2:42:12 AM mbam-log-2009-08-05 (02-42-12).txt Scan type: Full Scan (C:\|) Objects scanned: 199582 Time elapsed: 44 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\geyekrckjtmurq.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\geyekrckjtmurq.dll (Trojan.TDSS) -> Quarantined and deleted successfully. =============================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:37 AM, on 8/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\dlcqcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdwcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\System32\ZoomingHook.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Dell Photo AIO Printer 966\memcard.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Lexmark 7600 Series\lxdwmon.exe C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://eversave.coupons.smartsource.com/download/cscmv5X.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxbx_device - Unknown owner - C:\WINDOWS\system32\lxbxcoms.exe (file missing) O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe (file missing) -- End of file - 11333 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.