Jump to content

ESET reports 66 infected files


Dinx

Recommended Posts

I have the "Windows Defender" virus and have been trying to get rid of it forever. I was following a post by Eric72 from back in April 2011. I got as far as running ESET, which found 66 infected files. I will paste a copy from the log below. What do I do now to remove them? The post did not include that. I noticed some of them are in other users' folders (Dorothy, Angelo) on this pc. I did the Rkill and the unhide and ran malwarebytes - lots - but only in my user account. Is that why I can't get rid of this virus?

Dinx

___________________________

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cae7b88423f87b498b0f6bf74bcbe2ca

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-26 06:44:10

# local_time=2011-12-26 01:44:10 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=146674

# found=66

# cleaned=0

# scan_time=8945

C:\Documents and Settings\Administrator.PLAYROOM\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\setup[1].exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Administrator.PLAYROOM\My Documents\rkill\setup.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\21946164.exe a variant of Win32/Kryptik.MSA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\aIdFJYXaJU.exe a variant of Win32/Kryptik.MSA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\pIm06511pGaIk06511\pIm06511pGaIk06511.exe a variant of Win32/Kryptik.MRJ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Application Data\Sun\Java\Deployment\cache\6.0\60\789f2b3c-4e4c5292 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Application Data\Sun\Java\Deployment\cache\6.0\61\6ac40e3d-397be9e9 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Desktop\null0.04407785924590435.exe a variant of Win32/Kryptik.NAQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Desktop\null0.3803070521206061.exe a variant of Win32/Kryptik.NCI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Local Settings\Temp\Acr5ED3.tmp JS/Exploit.Pdfka.OVR.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Local Settings\Temp\jar_cache20950.tmp a variant of Win32/Kryptik.NCI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Local Settings\Temp\jar_cache5105.tmp a variant of Win32/Kryptik.NAQ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Local Settings\Temp\pcgukwdma\movbkiaxsik.exe a variant of Win32/Kryptik.NCI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\MB66GIXL\3a290[1].pdf JS/Exploit.Pdfka.OVR.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Application Data\Efopv\dyysb.exe a variant of Win32/Injector.EPU trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Application Data\Picasa\IE\PicasaUpdater.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Application Data\Sun\Java\Deployment\cache\6.0\40\53825128-2c2c9b38 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Application Data\Sun\Java\Deployment\cache\6.0\43\24975a6b-13f2af01 multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temp\jar_cache37979.tmp a variant of Win32/Kryptik.LPW trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temp\jar_cache52971.tmp a variant of Win32/Kryptik.MRJ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\2UGEOLBL\5pzy7tviut[1].htm JS/Kryptik.Y trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\3GKBE6A4\17[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\3GKBE6A4\81ee3[1].pdf JS/Exploit.Pdfka.OTW.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\7VTGI3KG\17[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\DI44NWK1\index[2].htm JS/Exploit.Agent.NBZ trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\DMX9JI3T\806a1d[1].pdf JS/Exploit.Pdfka.OSV.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\MF5409I4\17[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\MF5409I4\jqhngwxqhlbuh[1].pdf PDF/Exploit.Pidief.PDS.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\QJHS7XMG\aplewok3_com[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\TIUUHU04\index[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dorothy\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dottie\Application Data\Sun\Java\Deployment\cache\6.0\52\43f104f4-1b513e7a multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dottie\Local Settings\Temp\Acr4233.tmp JS/Exploit.Pdfka.OVR.Gen trojan (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Dottie\Local Settings\Temp\jar_cache51949.tmp a variant of Win32/Injector.FYU trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Win32/Patched.HK trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\SightSpeed\images\AskToolbarInstaller.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE Win32/Patched.HK trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Symantec AntiVirus\DefWatch.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Windows Defender\MpCmdRun.exe Win32/Patched.HK trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0319145.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0319146.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0320145.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0320146.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0321145.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0321146.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0321178.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2436\A0321179.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2439\A0321202.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2439\A0321203.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2439\A0322201.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2439\A0322202.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\wanmpsvc.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Win32/Patched.HK trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\exefile.exe a variant of Win32/Kryptik.KMU trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\MsPMSPSv.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\ngvpnmgr.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\nvsvc32.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\wuauclt.exe Win32/Patched.HK trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys a variant of Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I

This is my first post and since I've seen no replies, I'm assuming I did something wrong! Anyway, more info - This is an old desktop that is running MSXP Version 2002 Service Pack 3. I have tried to update but the MS Site says it can't get my information. I have deleted all users on the pc and the files - except for me. I tried to download updates for Norton, which appeared successful, but after the install while updating my definition files, the pc froze. After a reboot, here is what I see.

First I get a popup with "Application failed to initialize 0x80070006. The handle is invalid"

Next popup I get is "Old Virus Definition File"

Third popup is "The ordinal 1109 could not be located in dynamic link library WSOC32.dll"

Then a large WINDOWS RECOVERY screen comes up and tells me it is Analyzing my pc and ends with telling me there were 5 errors detected, all of which are critical errors and to click to "fix". (I'm assuming this is still the virus).

What is my best path forward to attempt to get rid of this?

Thanks,

Dinx

Topic Merged

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply into this Topic.

Read and follow the directions >> here << , skipping any steps you are unable to complete.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.