Jump to content

IE8 issues after virus removal

susanP

By susanP
in Resolved Malware Removal Logs

 Share

Recommended Posts

susanP

susanP

Posted
Posted

This is a work computer in a domain. Cannot get to an internal web site through IE 8. Had a difficult time donwloading and running Malwarebytes. Was able to get the program loaded - found numerous viruses, removed the viruses and the computer is running better with no pop-ups when running IE, however still cannot connect to the internal web site while on the domain. No other computers in the domain are having issues with the internal web site. IE error - Internet Explorer cannot display the webpage.

Domain name removed from Highjackthis file...

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

11/24/2009 1:06:55 PM

mbam-log-2009-11-24 (13-06-55).txt

Scan type: Full Scan (C:\|)

Objects scanned: 158157

Time elapsed: 1 hour(s), 0 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:24:58 PM, on 11/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\2OXnGhTwG.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249572570687

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163161552609

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = com

O17 - HKLM\Software\..\Telephony: DomainName = com

O17 - HKLM\System\CCS\Services\Tcpip\..\{36A57645-ACF2-4FC1-A2B6-C8328E21CB4F}: NameServer = 83.149.115.182

O17 - HKLM\System\CCS\Services\Tcpip\..\{D201AC89-3D44-45AB-8670-9653CF5B7C16}: NameServer = 83.149.115.182

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = com

O20 - AppInit_DLLs: c:\windows\system32\jikotato.dll c:\windows\system32\dezuzara.dll bulisazu.dll c:\windows\system32\misoselo.dll c:\windows\system32\wayebomi.dll c:\windows\system32\zuvararo.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: jawejotar - {32fff9f8-ed4a-465f-8294-1d587921fa6a} - c:\windows\system32\misoselo.dll (file missing)

O21 - SSODL: hekewitif - {1ef91598-95c9-47fe-bd0a-6df7db55baa8} - c:\windows\system32\wayebomi.dll (file missing)

O21 - SSODL: gofetumuw - {28f5db56-669f-4375-aa62-3beaebf44d09} - c:\windows\system32\wayebomi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {a5f0acc1-79d7-4eae-a5a8-615c37a5daa9} - (no file)

O22 - SharedTaskScheduler: tokatiluy - {32fff9f8-ed4a-465f-8294-1d587921fa6a} - c:\windows\system32\misoselo.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {1ef91598-95c9-47fe-bd0a-6df7db55baa8} - c:\windows\system32\wayebomi.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {28f5db56-669f-4375-aa62-3beaebf44d09} - c:\windows\system32\wayebomi.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSSQL$ADPDB - Unknown owner - C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlservr.exe (file missing)

O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: SQLAgent$ADPDB - Unknown owner - C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlagent.EXE (file missing)

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 6845 bytes

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello SusanP,

Disconnect this system from the network, if that has not been done already. Get the corporate IT tech support to address the issues. This system has several elements of a Vundo infection.

As this is a corporate system, you must follow the company protocol and procedures.

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.