Jump to content

Recommended Posts

I am checking to see if I can post a topic after pasting text.

Sad Story: On Monday 6/28/10 I was queried by ZoneAlarm to allow ejdudohtssd.exe access to the net. Since I never heard of it, I denied the request. I then found ejdudohtssd.exe-0163BC33.pf and ejdudohtssd.exe. I deleted the .pf file, but access was denied when trying to delete the .exe file. My system then would no longer launch apps. I was forced to do a hard power off/on. I came up in safe mode, and was able to delete the .exe file. I rebooted and came up in normal mode. I checked for strange processes and found nothing. I then ran AVG which ran clean. I ran Malwarebytes and it found a few problems which I had fixed. I then ran Spybot which found (Fraud.sysguard) which I had removed. I thought all was well, so I got on the net (using Firefox) and started doing some research. When I awoke on Tuesday 6/29, my system would not launch applications again. I again had to power off/on my pc. Later, I reran AVG, Malwarebytes, and Spybot which all ran clean. I then poked around on the net looking for a solution and found that I should run GMER. This is when a second problem started. I noticed that random web pages were being autogened sending me to random virus software companies. Nevertheless, I down loaded GMER and ran it, but when I reviewed the log yesterday morning 6/30, it had run clean. I then got on the malwarebytes forum and looked around for my problem. I didn

Link to post
Share on other sites

Doesn't want to post after pasting DDS.txt data: I've renamed the file and will try to submit after pasting from it.

Changing first Line: DDS (Ver_10-03-17.01) - NTFSx86

Run by M F at 19:04:20.84 on Wed 06/30/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1975 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Keymaestro\Onscreen Display\OSD.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

Link to post
Share on other sites

Please download ComboFix from this link, save it on your desktop, turn off your anti-virus software, and run the ComboFix download that you had saved on your desktop.

Combofix will ask you a few questions (such as whether or not you want to install the Windows Recovery Console), give you some general warnings about not using it without supervision, and it will give you some general information about the tool. Please note that the Windows Recovery Console is not required to run ComboFix, and that you do not need it if you have a Windows XP disk.

ComboFix usually takes about 10 minutes to run, unless your computer is heavily infected. It will run through about 50 different stages (listing them all on the blue window that popped up while it was running), and if it does not advance to the next stage after about 10 minutes then that is usually a sign that your anti-virus software is interfering with it.

Once ComboFix is done, it will remove anything that it knows is malicious, and restart your computer. If it didn't find anything malicious, then it will skip that step. The final step takes a few minutes, and when it is done it will open a log in Notepad. Please either copy and paste this log into a reply, or save it on your desktop as a Text Document and attach it to a reply. Please do not take screenshots of the log, or save it as a Word Document.

Link to post
Share on other sites

Thanks for the help. Downloaded Combofix. I had problems uninstalling AVG Free Antivirus, but was finally able to get rid of it with program avgremover.exe. Ran Combofix. It found a Rootkit and I rebooted. Combofix ran again and created the attached log. I still have my CD emulation turned off via Defogger, and Combofix removed avgremover.exe which was a very handy little tool. I await your advice.

Combofix_txt_70210_2345.zip

Link to post
Share on other sites

That ComboFix log looks pretty good.

Please run an online virus scan through ESET. Here are the steps:

  1. Turn off your anti-virus software.
  2. Click on this link.
  3. Click on the "ESET Online Scanner" button.
  4. Put a check in the box that says "YES, I accept the Terms of Use."
  5. Click the 'Start' button just to the right of the checkbox.
  6. Uncheck the box that says "Remove found threats" (this is very important).
  7. Click on "Advanced settings".
  8. Put a check in the box that says "Scan for potentially unsafe applications".
  9. Verify that "Scan for potentially unwanted applications" is also checked.
  10. Verify that "Enable Anti-Stealth technology" is also checked.
  11. Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  12. When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  13. Save that text file on your desktop, and then copy and paste it into a reply for me.
  14. Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.