Jump to content

Recommended Posts

Hello, I am a nOOb at this level of a Virus. I have in the past used Malwarebytes and it worked... :) Now, I started getting this AV 2009 software saying I need to scan my computer and so on. I tried to delete it but I could not find it. So I tried to do a system restore. It would not let me. I tried to google av 2009 and spyware, it sent me to other sites. I tried to run my Malwarebytes and it would not run, I tried Spybot and adaware no luck. I tried Macafee, it locked up. I downloaded malware on a thumb drive from my sons computer an tried to download it and it would not load it said to many secrets?;? I got a SATA to USB enclosure and was able to use my sons computer to scan my HDD thur an enclosure with Malware. It came back with 5 viruses.

1. Rootkit.agent

2.Trojan.TDSS\UACdjvwdapo.dll

3.Trojan.TDSS\UACtfnlkydo.dll

4.Trojan.TDSS\UACCynkrdoea.dll

5.Trojan.TDSS\UACCyxcnttmp.dll

also, Everytime I reboot save mode or regular I always get:

Googleupdate.exe - Application error

The exception Break Point

A breakpoint has been reached

(0x80000003) occurred in the application at location 0x00406eef.

I finally was able to run DDS this is the result:

DDS (Ver_09-03-16.01) - NTFSx86

Run by Administrator at 22:48:13.09 on Fri 04/03/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.627 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ergodex\bin\ergomon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\DNA\btdna.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: BHO: {abd42510-9b22-41cd-9dcd-8182a2d07c63} -

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [system tool] c:\windows\sysguard.exe

mRun: [ErgoMon] "c:\program files\ergodex\bin\ergomon.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector\DirectrecConfig.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5402/mcfscan.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: karna.dat

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\5x36ymwb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://mysjrcc.sjrcc.edu/cp/home/loginf|about:blank

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=

FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R2 OKI OPHC DCS Loader;OKI OPHC DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE [2006-8-12 24576]

R3 ErgoDvr;Ergodex DX1;c:\windows\system32\drivers\ergodvr.sys [2005-4-19 25771]

S2 gupdate1c90952fb2422ec;Google Update Service (gupdate1c90952fb2422ec);c:\program files\google\update\GoogleUpdate.exe [2008-8-28 133104]

S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]

S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-7-2 48128]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-04-03 22:27 3,067,000 a------- C:\ComboFix.exe

2009-04-03 17:36 552 a------- c:\windows\system32\d3d8caps.dat

2009-04-02 13:35 10,752 a------- c:\windows\DCEBoot.exe

2009-04-02 10:22 2,577 a------- c:\windows\system32\config.bak

2009-04-02 10:22 2,577 a------- c:\windows\config.nt

2009-04-02 10:22 1,688 a------- c:\windows\system32\autoexec.bak

2009-04-02 10:22 1,688 a------- c:\windows\autoexec.nt

2009-04-02 10:20 <DIR> --d----- C:\AV-CLS

2009-04-01 21:22 <DIR> --d----- c:\program files\CCleaner

2009-04-01 19:23 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-04-01 19:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-01 19:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-24 20:35 <DIR> --d----- c:\program files\Audacity

==================== Find3M ====================

2009-01-31 21:12 410,984 a------- c:\windows\system32\deploytk.dll

2008-10-22 20:37 22,328 ac------ c:\docume~1\admini~1\applic~1\PnkBstrK.sys

2005-01-28 16:02 63,576 ac------ c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT

2005-01-08 23:23 723 ac------ c:\program files\INSTALL.LOG

2003-07-31 05:53 147,456 ac------ c:\windows\inf\EL2K_XP.sys

2003-07-31 05:50 448,768 ac------ c:\windows\inf\EL2K_N64.sys

2003-07-31 05:43 147,456 ac------ c:\windows\inf\EL2K_2K.sys

2001-05-03 00:49 201,216 ac------ c:\documents and settings\administrator\Love Meter.Exe

2001-05-03 00:48 518,656 ac------ c:\documents and settings\administrator\MahJong.exe

2001-05-03 00:40 273,920 ac------ c:\documents and settings\administrator\Darts.exe

2001-05-03 00:36 164,352 ac------ c:\documents and settings\administrator\Checkers.exe

2001-05-03 00:32 269,824 ac------ c:\documents and settings\administrator\Brick Breakers.exe

============= FINISH: 22:49:19.98 ===============

Please Help...

Attach.txt

Attach.txt

Link to post
Share on other sites

MPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

I just seen this in another post. I Just removed my P2P...

Link to post
Share on other sites

This helped alot:

CLB Rootkit infection AKA: TDSS,UAC Rootkit

Here is my mbam log:

Malwarebytes' Anti-Malware 1.35

Database version: 1904

Windows 5.1.2600 Service Pack 2

4/4/2009 12:20:33 AM

mbam-log-2009-04-04 (00-20-29).txt

Scan type: Full Scan (C:\|)

Objects scanned: 185229

Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.BHO) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\UACedvjapao.dat (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\UACjpspjdvg.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\UACtoituooy.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\UACwomimdwj.log (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\UACbejwqjkl.sys (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.