anj109 Posted January 13, 2010 ID:183704 Share Posted January 13, 2010 Hey Guys,So usually when I get these stupid malware viruses which try to get you to buy some anti-spyware software I run Malwarebytes and it gets rid of it. Well I did that last night and it got rid of all those stupid pop-ups but now it seems its affecting all my exe files. It shuts IE down after opening and I could only open up Malwarebytes after creating a copy of the exe file. When I start the quick scan, it finds 2 infected files within 30 seconds and then after about 2 or 3 minutes my computer freezes. I tried running Defogger but since I'm not logged in under Administrator that won't run (work computer but I do have admin rights) and when I run GMER my computer locks up around it but the program is still running.Any ideas of how I can get my computer fixed? I'm trying to avoid my IT dept at all costs because all they're gonna do is re-image my computer and that's just a hassle cause of all the programs, etc I have setup.Thanks,Alex Link to post Share on other sites More sharing options...
anj109 Posted January 13, 2010 Author ID:183747 Share Posted January 13, 2010 Somehow I got a quick scan to run completely and was able to reboot and the system seems to be running better but the virus is still around. I ran it 3 more times and everything seems to be good except I can't open IE or Mozilla properly. Right after opening, a window pops up saying "Firefox.exe (or Internet Explorer) has encountered a problem and needs to close.....". If I hit ok, the browser shuts down. If I don't do anything, I can still use the browser in the background (what I'm doing now!).Any ideas from you guys? Everytime I run a scan, I update. I attached my last 3 scans.Thanks!Desktop.zip Link to post Share on other sites More sharing options...
anj109 Posted January 13, 2010 Author ID:183804 Share Posted January 13, 2010 Ran OTL.exe and that hung up forever so had to terminate it.Then ran GMER and here is my log. Any suggestions?GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-01-13 16:20:00Windows 5.1.2600 Service Pack 3Running: r4jtugr8.exe; Driver: C:\DOCUME~1\ajensen\LOCALS~1\Temp\kglorpog.sys---- System - GMER 1.0.15 ----SSDT 8A5A8870 ZwAlertResumeThreadSSDT 8A5BFD30 ZwAlertThreadSSDT 89B52690 ZwAllocateVirtualMemorySSDT 89742D28 ZwConnectPortSSDT 8A5DA858 ZwCreateMutantSSDT 89B05DB8 ZwCreateThreadSSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEB085CC0]SSDT 89749CF0 ZwFreeVirtualMemorySSDT 89797C70 ZwImpersonateAnonymousTokenSSDT 89C06F88 ZwImpersonateThreadSSDT 89C02398 ZwMapViewOfSectionSSDT 8A56A278 ZwOpenEventSSDT 899B1E88 ZwOpenProcessTokenSSDT 89BB9598 ZwOpenThreadTokenSSDT 89BCD2A8 ZwQueryValueKeySSDT 8980FAF0 ZwResumeThreadSSDT 89839CF0 ZwSetContextThreadSSDT 89BB7E98 ZwSetInformationProcessSSDT 89A53A28 ZwSetInformationThreadSSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEB085F20]SSDT 8A5AA7B0 ZwSuspendProcessSSDT 89A40F00 ZwSuspendThreadSSDT 8981AE88 ZwTerminateProcessSSDT 8A57B608 ZwTerminateThreadSSDT 89C02A58 ZwUnmapViewOfSectionSSDT 89750DB8 ZwWriteVirtualMemory---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)---- Services - GMER 1.0.15 ----Service C:\WINDOWS\system32\drivers\H8SRTafdvwkkjkr.sys (*** hidden *** ) [DISABLED] H8SRTd.sys <-- ROOTKIT !!!---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 4Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTafdvwkkjkr.sysReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file systemReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTafdvwkkjkr.sysReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTdstsveotqp.dllReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxjemnmtdwt.datReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTaoykrnqjrt.dllReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTourfmhhgam.dllReg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTpreqjuwsew.dllReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 4Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTafdvwkkjkr.sysReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file systemReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTafdvwkkjkr.sysReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTdstsveotqp.dllReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxjemnmtdwt.datReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTaoykrnqjrt.dllReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTourfmhhgam.dllReg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTpreqjuwsew.dll Link to post Share on other sites More sharing options...
anj109 Posted January 13, 2010 Author ID:183849 Share Posted January 13, 2010 Just ran ComboFix and it seems like everything is running pretty good. Can you guys take a look at the log and let me know if I need any more fixes?I'm going to do an update/run of Malwarebytes again as well.Thanks!log.txt Link to post Share on other sites More sharing options...
Recommended Posts