Jump to content

Multiple Trojans & Viruses - Please help


Recommended Posts

Hi,

Few days back I was surfing net and all of a sudden my antivirus programs started detecting security threats. I am using "Trend Micro Office Scan". Computer became very slow and on rebooting and after multiple reboots things started to behave weird. First my internet started redirecting and then it just stopped working.

I am running WinXP SP3 on a Lenovo Thinkpad T410

I tried to run TSSSkiller in safe as well as normal mode. Everytime it detected threat as "95c6a9c9". It used to clean the threat which used to reappear on reboot. The threat was even detected as "Rootkit.Win32.Pmax.gen". I also observed 2 files created as follows

c:\windows\3383346837 - This was without any extension

c:\windows\system32\c_37293.nl_

I used to see an EXE running in task manager as

3383346837:1782142518.exe

Other viruses kept on detecting as

TROJ_ADSZAC.SM

PTCH_KATUSHA.W

TROJ_GEN.RC1CELG

Steps I followed after this

1] Booted in safe mode

2] Ran TDSSkiller and rebooted

3] Ran Combofix which even installed recovery console during the run. This was installed using a file downloaded from Microsoft (KB310994)

4] Combofix deleted few files, important ones being

Few files from \Application data\toolbar4, $ntuninstallKB50160$ folders

C:\install.exe

C:\windows\syatem32\c_37293.nl_

C:\windows\syatem32\TPAPSLOG.LOG

C:\windows\syatem32\TPHDLOG0.LOG

It also disinfected C:\windows\syatem32\drivers\cdrom.sys &

C:\program files\intel\wifi\bin\evteng.exe

Even after this I can see files present in my system as follows

c:\windows\3383346837

c:\windows\0.log

c:\windows\wiadebug.log

C:\windows\syatem32\TPAPSLOG.LOG

C:\windows\syatem32\TPHDLOG0.LOG

C:\windows\syatem32\d3d9caps.dat

C:\windows\syatem32\perfstringbackup.tmp

I manually deleted c:\windows\3383346837

5] I rebooted in normal windows mode and ran combofix again

Following files were deleted

c:\programs files\speedbit video downloader\toolbar\tbhelper.dll

C:\windows\assembly\GAC_MSIL\desktop.ini

C:\windows\system32

C:\windows\system32\muzapp.exe

C:\windows\syatem32\TPAPSLOG.LOG

C:\windows\syatem32\TPHDLOG0.LOG

After rebooting I can still see files as follows

c:\windows\0.log

c:\windows\wiadebug.log

C:\windows\syatem32\TPAPSLOG.LOG

C:\windows\syatem32\TPHDLOG0.LOG

C:\windows\syatem32\d3d9caps.dat

C:\windows\syatem32\perfstringbackup.tmp

Now my officescan captured another threat as TROJ_SPNR.0CL111

Added to this my internet is still not working as I am getting following error on reboot

"The TCP\IP network transport is not installed"

I am not sure hot to uninstall and reinstall TCP/IP as for my network adapter even if I uncheck TCP/IP, it does not uninstall it.

Also one very strange observation, in device manager I can see yellow exclamation mark under "Processors"

Its quad core, so 4 entries as follows

Inter® core i5 CPU M 520 @ 2.40Ghz

Please advice.

Thanks in advance.

Its urgent. Experts please advice.

Topic Merged

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply into this Topic.

Read and follow the directions >> here << , skipping any steps you are unable to complete.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.