Jump to content

Infected again

capricorn
 Share

Recommended Posts

capricorn

capricorn

Posted
Posted

After my computer was cleaned up I had a local company transfer files from my dead desktop (due to hardware problem) and there must have been infections in those files. Norton is telling me I have Backdoor.Tidserv, W32Sircam.worm and Klez.H

malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4156

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

6/17/2010 1:12:01 PM

mbam-log-2010-06-17 (13-12-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 209770

Time elapsed: 1 hour(s), 53 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected

Sorry, I don't have the zip option apparently for below.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/14/2007 5:17:13 PM

System Uptime: 6/17/2010 12:53:52 AM (17 hours ago)

Motherboard: Dell Inc. | | 0FF049

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 23.786 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP711: 3/19/2010 8:27:41 PM - System Checkpoint

RP712: 3/21/2010 12:49:17 AM - System Checkpoint

RP713: 3/22/2010 12:25:29 PM - System Checkpoint

RP714: 3/23/2010 7:04:14 PM - System Checkpoint

RP715: 3/24/2010 8:13:10 PM - System Checkpoint

RP716: 3/26/2010 9:08:35 AM - System Checkpoint

RP717: 3/27/2010 10:30:43 AM - System Checkpoint

RP718: 3/28/2010 12:48:50 PM - System Checkpoint

RP719: 3/29/2010 2:08:31 PM - System Checkpoint

RP720: 3/31/2010 3:00:22 AM - Software Distribution Service 3.0

RP721: 4/3/2010 12:40:47 PM - System Checkpoint

RP722: 4/4/2010 1:20:54 PM - System Checkpoint

RP723: 4/5/2010 7:55:56 PM - System Checkpoint

RP724: 4/7/2010 8:33:05 AM - System Checkpoint

RP725: 4/8/2010 7:25:27 PM - System Checkpoint

RP726: 4/9/2010 7:51:47 PM - System Checkpoint

RP727: 4/10/2010 11:17:54 PM - System Checkpoint

RP728: 4/12/2010 9:56:06 AM - System Checkpoint

RP729: 4/13/2010 8:47:15 PM - System Checkpoint

RP730: 4/14/2010 11:54:50 AM - Software Distribution Service 3.0

RP731: 4/19/2010 2:23:09 PM - System Checkpoint

RP732: 4/20/2010 6:40:22 PM - System Checkpoint

RP733: 4/22/2010 7:50:48 AM - System Checkpoint

RP734: 4/23/2010 7:52:23 AM - System Checkpoint

RP735: 4/24/2010 9:56:50 AM - System Checkpoint

RP736: 4/25/2010 12:18:39 PM - System Checkpoint

RP737: 4/26/2010 9:12:14 PM - System Checkpoint

RP738: 4/27/2010 10:04:51 PM - System Checkpoint

RP739: 4/28/2010 11:51:18 PM - System Checkpoint

RP740: 4/29/2010 9:45:14 AM - Avg8 Update

RP741: 4/30/2010 9:56:12 PM - System Checkpoint

RP742: 5/2/2010 7:51:36 AM - System Checkpoint

RP743: 5/3/2010 8:04:38 AM - System Checkpoint

RP744: 5/4/2010 8:54:12 AM - System Checkpoint

RP745: 5/5/2010 9:47:38 AM - System Checkpoint

RP746: 5/6/2010 8:16:45 PM - System Checkpoint

RP747: 5/8/2010 2:40:23 PM - System Checkpoint

RP748: 5/9/2010 8:20:22 PM - System Checkpoint

RP749: 5/10/2010 9:29:04 PM - System Checkpoint

RP750: 5/11/2010 10:33:34 PM - System Checkpoint

RP751: 5/12/2010 10:57:11 PM - System Checkpoint

RP752: 5/13/2010 6:43:23 PM - Software Distribution Service 3.0

RP753: 5/14/2010 9:07:52 PM - System Checkpoint

RP754: 5/16/2010 12:59:38 AM - System Checkpoint

RP755: 5/17/2010 7:57:57 AM - System Checkpoint

RP756: 5/18/2010 10:10:10 AM - System Checkpoint

RP757: 5/19/2010 8:00:07 PM - System Checkpoint

RP758: 5/21/2010 10:31:28 AM - System Checkpoint

RP759: 5/22/2010 11:00:57 AM - System Checkpoint

RP760: 5/23/2010 2:23:01 PM - System Checkpoint

RP761: 5/24/2010 6:35:39 PM - System Checkpoint

RP762: 5/25/2010 7:38:39 PM - System Checkpoint

RP763: 5/26/2010 9:20:38 AM - Software Distribution Service 3.0

RP764: 5/27/2010 11:01:40 AM - System Checkpoint

RP765: 5/28/2010 5:14:17 PM - System Checkpoint

RP766: 5/30/2010 4:13:48 PM - System Checkpoint

RP767: 5/31/2010 4:48:03 PM - System Checkpoint

RP768: 6/1/2010 5:01:29 PM - System Checkpoint

RP769: 6/1/2010 7:15:45 PM - Installed Java 6 Update 20

RP770: 6/1/2010 7:18:50 PM - Removed J2SE Runtime Environment 5.0 Update 6

RP771: 6/1/2010 7:29:53 PM - Software Distribution Service 3.0

RP772: 6/2/2010 9:36:53 AM - Software Distribution Service 3.0

RP773: 6/2/2010 7:48:40 PM - Removed AVG 8.5

RP774: 6/3/2010 6:35:32 AM - Software Distribution Service 3.0

RP775: 6/4/2010 8:26:46 AM - Software Distribution Service 3.0

RP776: 6/7/2010 10:17:21 AM - System Checkpoint

RP777: 6/11/2010 8:30:09 AM - Software Distribution Service 3.0

RP778: 6/12/2010 3:04:44 AM - Software Distribution Service 3.0

RP779: 6/13/2010 8:22:01 PM - System Checkpoint

RP780: 6/14/2010 10:14:43 PM - System Checkpoint

RP781: 6/17/2010 2:47:51 PM - System Checkpoint

==== Installed Programs ======================

Sansa Media Converter

Academy of Feng Shui

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

Amazon Unbox Video

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

AOLIcon

Broadcom Management Programs

Camedia Master 4.3

Conexant HDA D110 MDC V.92 Modem

Corel Photo Album 6

Critical Update for Windows Media Player 11 (KB959772)

Dell Digital Jukebox Driver

Dell Media Experience

DellSupport

Digital Content Portal

Digital Line Detect

Documentation & Support Launcher

ELIcon

Games, Music, & Photos Launcher

GoToAssist 8.0.0.480

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

Java Auto Updater

Java 6 Update 20

LaserJet 1020 series

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

mCore

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

mIWA

mLogView

mMHouse

Modem Helper

Move Media Player

Mozilla Firefox (3.6.3)

Mozilla Thunderbird (2.0.0.24)

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Musicmatch

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

"The application's digital signature has an error." This is what I get when I try to run Kapersky and I've had trouble since this morning trying to get a full scan. Maybe there is another program that I can run instead or you can start looking over the less "sensible" logs that I have posted to start.

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

might be a problem with not having the latest version of java

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u20.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

Honestly, when I came to this forum over memorial day weekend for virus help, one of the last things I did was to install a current version of Java. How often do these upgrades happen? I had been good about letting the system perform upgrades since then so I don't understand how this happened.

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

might be a problem with not having the latest version of java

OK, I updated my Java again and took out the old program. After I restarted my computer I got the message that the following add-ons had been added:

Adobe DLM

Java Console 6.0.11

Java Console 6.0.20

Java Quick Starter 1.0

Microsoft.NET framework assistant 1.2.1

Move Media Player 1.0.0.071101000055

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

Sorry, I have been facing work deadlines all week and had to work late most nights. The directions to disable Norton 360 aren't accurate and I need assistance in disabling it before going further. It is divided up into 4 sections according to my program. It shows different information in each section and it is not clear what all I should be turning off.

Thanks.

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

1. Right Click Norton 360 icon in the system tray, select Open tasks and Settings Window.

2. ON the right side, under Settings, click on Change advanced settings.

3. Next, click on Virus & Spyware Protection Settings.

4. Uncheck Turn on Auto-Protect, select Apply.

5. You will be asked to select a time for notron to reactivate, (eg. 1hr * 5hrs * on reboot) Choose Until I turn it back on.

Re-enable when our tools have completed their tasks.

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

This is the problem. There are drop down menus. One is for tasks and one is for settings. In the settings menu, there is no option "change advanced settings". Also, what is a system tray? I have a page that comes up when I click on the icon and it has different drop-down menus. I referenced those above. If the system tray is something else, I would need to know where to find it.

1. Right Click Norton 360 icon in the system tray, select Open tasks and Settings Window.

2. ON the right side, under Settings, click on Change advanced settings.

3. Next, click on Virus & Spyware Protection Settings.

4. Uncheck Turn on Auto-Protect, select Apply.

5. You will be asked to select a time for notron to reactivate, (eg. 1hr * 5hrs * on reboot) Choose Until I turn it back on.

Re-enable when our tools have completed their tasks.

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

I simply CANNOT get Norton to stop running in the background. I keep going in, clicking off whatever I can, it tells me the system is disabled. I restart my computer and then, there it is, telling me I have viruses again. I really need help with this as I have said before. And going to Norton in the bottom right hand corner now looks like everything is off.

Meanwhile, thinking that everything is off, I have attempted to download combo-fix. Once I attempt to run it from the download I get a Windows error message. I have deleted the download. Closed and restarted the computer and the same thing happens. I downloaded it once before at the request of someone at this site. After my problem was fixed I deleted it. I don't know whether that is an issue or not, but until I can get these basic issues resolved, I cannot move forward. I plan to devote as much time today as necessary to resolve these issues and get this computer cleaned up. Please let me know what to do to resolve these issues.

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

17th doc.com (W32.Sircam.worm@mm)

C:\Documents and Settings\Mary Giese\Desktop\backup\emailbackup\Mail\Local Folders\Communicator 4.x Mail.sbd

hwchina15t(w32.KlezH@mm

C:\Documents and Settings\Mary Giese\Desktop\backup\emailbackup\9vlgbsxe.slt\Mail\Local Folders\Communicator 4.x Mail.sbd

maryannmuehlbauer.doc.exe (W32.Bugbear@mm

C:\Documents and Settings\Mary Giese\Desktop\backup\emailbackup\Mail\Local Folders\Communicator 4.x Mail.sbd

Unknown 436189a6.data (W32.Sobig.A@mm.enc)

C:\Documents and Settings\Mary Giese\Desktop\backup\emailbackup\9vlgbsxe.slt\Mail\Local Folders\Communicator 4.x Mail.sbd

OK there are other names under each type of virus named in parentheses. They are all located in a huge file with emails that I had transferred from my old desktop. I just went ahead and deleted this file. Should I be doing something else? If so, I still need to stop Norton from running.

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

I would be too worried since they are located in a backup folder, but we can do an online to make sure.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites
capricorn

capricorn

Posted
  • Author
Posted

OK, I finally went to Norton and their solution is to just uninstall the program and re-install it after we are done. He did the same things that I did and we still couldn't get this background off. So I will do that and then run the program you just named, hopefully, later today, because Norton tied me up for over an hour.

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept