Jump to content

gen.tdss!ik


br101
 Share

Recommended Posts

hi.

i make a scan with a-squared free here and detect a malware called (gen.tdss!ik) in the file msvcrt.dll. i sent to virustotal and only a-squared and ikarus is detecting the malware. is this a false positive or i have a rootkit here?

virustotal results

avira, prevx, malwarebytes and superantispyware don't detected nothing here.

i don't know if my system is clean. please analyze my logs.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:22:30, on 14/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Prevx\prevx.exe

C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe

C:\Arquivos de programas\Macrium\Reflect\ReflectService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Prevx\prevx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\Arquivos de programas\BillP Studios\WinPatrol\winpatrol.exe

C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Microsoft IntelliPoint\dpupdchk.exe

C:\Arquivos de programas\Opera 10 Beta\Opera.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Arquivos de programas\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Arquivos de programas\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [00PCTFW] "C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Preencher - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Arquivos de programas\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218637684484

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) - http://qscan.bitdefender.com/cab/ActiveQscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{477F5228-2AD3-46CE-9F1D-A92DD32EB349}: NameServer = 30.20.10.1 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{97E24F12-18C1-4029-9FD1-70E0B45398F9}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CS1\Services\Tcpip\..\{477F5228-2AD3-46CE-9F1D-A92DD32EB349}: NameServer = 30.20.10.1 208.67.220.220

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: CSIScanner - Prevx - C:\Arquivos de programas\Prevx\prevx.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\RALINK\Common\RalinkRegistryWriter.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Arquivos de programas\Macrium\Reflect\ReflectService.exe

--

End of file - 5486 bytes

thanks!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.