Jump to content

shinjite

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Copy of the DDS log DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Administrator at 13:49:34.89 on 17/01/2011 Internet Explorer: 8.0.6001.18999 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = res://iesetup.dll/HardAdmin.htm uDefault_Page_URL = res://iesetup.dll/HardAdmin.htm mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [kavtray] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 For Windows Servers Enterprise Edition\kavtray.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ShowSuperHidden = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll TCP: {620A1AAD-7803-4DFA-B567-F37C091D7C2D} = 208.67.222.222,208.67.220.220 Handler: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files (x86)\Compaq\hpadu\bin\hpapp.dll LSA: Notification Packages = scecli RASSFM mASetup: {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} - %systemroot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin mASetup: {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} - %systemroot%\system32\rundll32.exe iesetup.dll,IEHardenUser Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== =============== File Associations =============== JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* =============== Created Last 30 ================ 2011-11-01 10:05:21 388608 ----a-w- C:\Windows\SysWow64\runup.dll 2011-11-01 10:05:18 7168 ----a-w- C:\Windows\SysWow64\uk1jdw.dll 2011-11-01 10:04:53 7680 ----a-w- C:\Windows\SysWow64\lruicr.dll 2011-01-17 05:49:37 81 ----a-w- C:\Windows\DelCache.bat 2011-01-17 05:45:56 -------- d-----w- C:\Windows\SysWow64\1JJUHWT0 2011-01-17 05:40:49 -------- d-----w- C:\Windows\SysWow64\0U5FU3NG 2011-01-17 05:22:27 201240 --sh--w- C:\Windows\SysWow64\wairaprnlib.dll 2011-01-17 05:22:27 119988 ----a-w- C:\Windows\SysWow64\acmkyq.exe 2011-01-17 05:06:30 0 ----a-w- C:\Windows\SysWow64\mss.exe 2011-01-17 05:06:26 176128 ----a-w- C:\Windows\SysWow64\mcsql.exe 2011-01-17 01:37:11 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys 2011-01-17 01:22:41 6144 ------w- C:\Windows\System32\164F.tmp 2011-01-17 01:21:42 6144 ------w- C:\Windows\System32\2F4A.tmp 2011-01-17 01:21:31 -------- d-----w- C:\Program Files (x86)\Sophos 2011-01-17 01:12:20 -------- d-----w- C:\Windows\SysWow64\wbem\Logs 2011-01-16 13:34:26 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-01-16 13:34:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-01-16 13:27:57 352 ----a-w- C:\PROGRA~3\123.bat 2011-01-16 13:27:55 25205248 ----a-w- C:\PROGRA~3\lanmao.exe 2011-01-16 13:27:43 -------- d-----w- C:\downloads 2011-01-16 08:14:02 -------- d-----w- C:\Windows\share 2011-01-16 07:04:09 40961 --sh--w- C:\Windows\SysWow64\MiaoshaXP.exe 2011-01-15 04:12:46 -------- d-----w- C:\Program Files\SAP 2011-01-15 01:53:13 24576 ----a-w- C:\Windows\System32\EventLogDLL.dll 2011-01-15 01:53:13 24576 ----a-w- C:\Windows\System32\ErrorLogDLL.dll 2011-01-14 16:44:21 44544 ----a-w- C:\system 2011-01-14 14:39:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-01-14 14:39:00 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy 2011-01-14 14:34:06 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2011-01-14 14:34:01 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\Malwarebytes 2011-01-14 14:33:33 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-01-14 14:33:25 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-01-14 03:21:19 40464 ----a-w- C:\Windows\System32\drivers\39455142.sys 2011-01-14 03:21:19 352784 ----a-w- C:\Windows\System32\drivers\3945514.sys 2011-01-14 03:21:19 157712 ----a-w- C:\Windows\System32\drivers\39455141.sys 2011-01-11 02:22:34 -------- d-----w- C:\Program Files\WindowsUpdate 2011-01-11 02:22:34 -------- d-----w- C:\Program Files\Realtek 2011-01-10 18:02:27 7680 ----a-w- C:\Program Files\Common Files\System\lruicr.dll 2011-01-10 15:29:04 388608 ----a-w- C:\Program Files\Common Files\System\runup.dll 2011-01-10 15:19:19 387072 ----a-w- C:\Program Files\Common Files\System\gec.dll 2011-01-10 15:19:18 6656 ----a-w- C:\Program Files\Common Files\System\ra5os7.dll 2011-01-10 15:18:54 10240 ----a-w- C:\Program Files\Common Files\System\eow6rl.dll 2011-01-10 15:18:37 7168 ----a-w- C:\Program Files\Common Files\System\uk1jdw.dll 2011-01-10 15:13:02 387072 ----a-w- C:\Windows\SysWow64\gec.dll 2011-01-10 15:13:01 6656 ----a-w- C:\Windows\SysWow64\ra5os7.dll 2011-01-10 15:12:52 10240 ----a-w- C:\Windows\SysWow64\eow6rl.dll 2011-01-10 15:12:47 16384 ----a-w- C:\Program Files\Common Files\System\CLF.dll 2011-01-10 15:12:46 26624 ----a-w- C:\Program Files\Common Files\System\ClassLibrary1.dll 2011-01-10 15:12:05 -------- d-----w- C:\Windows\SysWow64\iSql 2011-01-09 06:09:58 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\IsolatedStorage 2011-01-08 11:13:18 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\Downloaded Installations 2011-01-07 03:09:04 -------- d-----w- C:\Program Files\CPUID ==================== Find3M ==================== 2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll 2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll 2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll 2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe 2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll 2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe 2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll 2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll 2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec 2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec 2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll 2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll 2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll 2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll ============= FINISH: 13:50:19.70 =============== Attached.zip
  2. Hi all, Recently around last week, my company's server which is running on Windows Server 2008 has been infected by a malware as well as trojans. Not only it affects my server's performance, it also injects itself into various files within the System32 folder and SysWOW64 folder and many other places. Plus for some strange reason, it prevents my server from rebooting into Windows normally with the "Attempting to boot from hard drive C:" every time it restarts (even after a complete scan to completely remove it). I used Kaspersky Anti Virus Removal Tool as well as MBAM (updated to the latest database) to scan the server. I have successfully cleared it off on Saturday. However, it manages to infect my server again on the next day and it puzzles me. So I am here to seek guidance from the experts to help me solve it as this server is the main operational server in my company. Thanks Filenames of infection: E001.exe, F001.exe, K001.exe, yoeski.exe, rozhuq.exe and many other funny names
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.