Jump to content

Rundll Read Error (3)

JPS

By JPS
in Resolved Malware Removal Logs

 Share

Recommended Posts

JPS

JPS

Posted
Posted

Hello,

Further to previous posts, I am still having the same read error on the rundll.exe and rundll32.exe advisingof a trojan and backdoor bot.

The files do not seem to exist and I am advised that this is a read error by Malwarebytes and not a virus.

I have also installed Kaspersky Internet Security 2010 and this does not pick up the files on scanning.

Not sure what to do re same, any help would be appreciated.

I have attached latest scans from Malwarebytes and Hijack This.

Cheers,

JPS

Malwarebytes' Anti-Malware 1.41

Database version: 3174

Windows 5.1.2600 Service Pack 3

15/11/2009 8:17:22 PM

mbam-log-2009-11-15 (20-17-22).txt

Scan type: Quick Scan

Objects scanned: 141412

Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

D:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:23:51 AM, on 17/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\wanmpsvc.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\LTMSG.exe

D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

D:\WINDOWS\System32\keyhook.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

D:\WINDOWS\system32\sistray.exe

D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

D:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: SearchHelperBho - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [MaxtorOneTouch] D:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [siS Windows KeyHook] D:\WINDOWS\System32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] D:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [mxomssmenu] "D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: MaxBackServiceInt - Unknown owner - D:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: MaxSyncService (NTService1) - - D:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe

--

End of file - 6833 bytes

Link to post
Share on other sites
  • 1 month later...
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.