Jump to content

CoreDump

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. CoreDump
    Update: While I know the instructions says don't post for 48 hours. I thought I should post a note to say I tried hitmanpro after I saw the root kit reference in the dds log and some Google lead me to hitmanpro. I was able to remove the infection and all appears to be working at this point. Thanks for the great site and tools!
  2. CoreDump
    Hi all. I have run into a problem on my wife's computer that I can't solve. Win XP with latest SP and updates. Malware bytes has been run and cleaned up some stuff. There was a instance of TDS root kit and a couple of other Trojans. At this point the computer has the following symptoms. 1) IE has got some redirection thing going on. Trying to go to free.avg.com, for example, takes me to some weird ad site. Firefox is working okay though. 2) Get some just in time debugging messages randomly pop up and asking if Microsoft script debugger should be used. 3) There is activity going on in documents and settings\network services\local settings\temporary internet files\content.ie5. I cleared the entire folder in safe mode (that's where malware bytes said TDS root kit was) and noticed it came back and files where being added there. Thus I would think something is running under network service and accessing the internet. As requested by the instructions in the I'm infected post I am pasting the contents of the DDS log and attaching the latest malware bytes log and attach.log from DDS. Thanks in advance for any help ------- dds log follows --- DDS (Ver_10-12-12.02) - NTFSx86 Run by Jess at 23:36:49.37 on Sat 12/11/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.143 [GMT -5:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Nova Development\Print Artist Platinum\ReminderApp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\AVG\AVG10\avgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\spider.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG10\avgscanx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\HPZinw12.exe C:\Documents and Settings\Jess\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://creator.lego.com/worldbuilder/default.asp?x=x" mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\DrgToDsc.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [searchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [<NO NAME>] mRun: [AddressBookReminderApp] c:\program files\nova development\print artist platinum\ReminderApp.exe mRun: [ReminderApp] c:\program files\nova development\greeting card factory deluxe 8.0\ReminderApp.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186839235999 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186872800296 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://uk.games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {0560CF2A-28EE-49D9-A121-96A3A39FDE00} = 192.168.0.1,208.67.222.222,208.67.220.220 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jess\applic~1\mozilla\firefox\profiles\hyp9klh7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\sony online entertainment\npsoe.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: SearchSettings Plugin: search@searchsettings.com - c:\program files\mozilla firefox\extensions\search@searchsettings.com FF - Ext: pdfforgeToolbar Plugin: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-8-11 6016] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-25 38224] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664] S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\atmfbus.sys --> c:\windows\system32\drivers\ATMFBUS.sys [?] S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\atmfcvsp.sys --> c:\windows\system32\drivers\ATMFCVsp.sys [?] S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\atmfflt.sys --> c:\windows\system32\drivers\ATMFFLT.sys [?] S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\atmfmdm.sys --> c:\windows\system32\drivers\ATMFMdm.sys [?] S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\atmfnet.sys --> c:\windows\system32\drivers\ATMFNET.sys [?] S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\atmfnvsp.sys --> c:\windows\system32\drivers\ATMFNVsp.sys [?] S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\atmfvsp.sys --> c:\windows\system32\drivers\ATMFVsp.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-2 517448] =============== Created Last 30 ================ 2010-12-12 02:30:55 -------- d-----w- c:\docume~1\jess\locals~1\applic~1\AVG Security Toolbar 2010-12-02 23:39:14 -------- d--h--w- C:\$AVG 2010-12-02 23:32:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2010-12-02 23:16:22 -------- d-----w- c:\docume~1\jess\applic~1\AVG10 2010-12-02 23:15:27 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2010-12-02 23:15:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2010-12-02 23:14:27 -------- d-----w- c:\windows\system32\drivers\AVG 2010-12-02 23:14:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 ==================== Find3M ==================== 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Promise_ rev.1.10 -> Harddisk0\DR0 -> \Device\Scsi\fasttx2k1 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862B6555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x862bc7b0]; MOV EAX, [0x862bc82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x87314AB8] 3 CLASSPNP[0xF7783FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8626A030] \Driver\fasttx2k[0x862DB8D0] -> IRP_MJ_CREATE -> 0x862B6555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_Promise&Prod_2+0_Stripe#RAID0&Rev_1.10#5&11d7ddfd&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 23:39:32.32 =============== Attach.zip mbam_log_2010_12_12__00_23_08_.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.