idk120 Posted July 26, 2010 ID:290628 Share Posted July 26, 2010 I recently became infected by what avira said was tssd.exe and the program was successful in deleting it. My computer seems to not be running normally.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4345Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.189287/25/2010 3:48:20 AMmbam-log-2010-07-25 (03-48-20).txtScan type: Full scan (C:\|)Objects scanned: 275805Time elapsed: 1 hour(s), 23 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 0:20:59.17 on Mon 07/26/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_18Microsoftattach.zip Link to post Share on other sites More sharing options...
idk120 Posted July 27, 2010 Author ID:291054 Share Posted July 27, 2010 Updated java, adobe reader, and flashFrom AntiVir rook kit and malware scanStarting to scan executable files (registry).The registry was scanned ( '1773' files ).Starting the file scan:Begin scan in 'C:'C:\Windows\System32\drivers\ihyklnx.sys [DETECTION] Is the TR/Agent.767488.15 TrojanBeginning disinfection:C:\Windows\System32\drivers\ihyklnx.sys [DETECTION] Is the TR/Agent.767488.15 Trojan [WARNING] The file could not be copied to quarantine! [WARNING] The file could not be deleted! [WARNING] The file could not be selected for deletion after the restart. Possible cause: A device attached to the system is not functioning. Link to post Share on other sites More sharing options...
idk120 Posted July 27, 2010 Author ID:291459 Share Posted July 27, 2010 Antivir has been finding a driver that appears to be malware and is unable to remove it.My internet connection is being affected by the infected computer causing other computers on the network to struggle to load webpages.The driver is suspects as malware is ihyklnx.sys which was also recognized by gmerMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4357Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.189287/27/2010 11:57:45 AMmbam-log-2010-07-27 (11-57-45).txtScan type: Quick scanObjects scanned: 131355Time elapsed: 8 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 17:45:32.37 on Tue 07/27/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21MicrosoftAttach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2010 Staff ID:295901 Share Posted August 5, 2010 Hi and welcome to Malwarebytes.My apologies for the extended delay. Do you still need help? Link to post Share on other sites More sharing options...
idk120 Posted August 11, 2010 Author ID:299189 Share Posted August 11, 2010 Hi and welcome to Malwarebytes.My apologies for the extended delay. Do you still need help?I think I have gotten most of it, but sometimes my browser gets hijacked when clicking on google search results Link to post Share on other sites More sharing options...
Staff screen317 Posted August 12, 2010 Staff ID:299514 Share Posted August 12, 2010 Well let's find the cause then. Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
idk120 Posted August 13, 2010 Author ID:299779 Share Posted August 13, 2010 Ok here is the MBAM logMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4423Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.189438/13/2010 12:34:51 AMmbam-log-2010-08-13 (00-34-51).txtScan type: Quick scanObjects scanned: 133791Time elapsed: 11 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)And here is the DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 0:35:30.85 on Fri 08/13/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2010 Staff ID:300567 Share Posted August 15, 2010 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
idk120 Posted August 15, 2010 Author ID:300580 Share Posted August 15, 2010 The New DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 0:29:23.97 on Sun 08/15/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21Microsoft Link to post Share on other sites More sharing options...
idk120 Posted August 15, 2010 Author ID:300581 Share Posted August 15, 2010 Combo fix stated that Norton Anti Virus was running on my system. I do not use Norton AV, but it did come previously installed on the computer. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 16, 2010 Staff ID:301248 Share Posted August 16, 2010 Hi,You can run Norton's removal tool from here.Also, you have uTorrent installed.Please see:HijackThis Forum PolicyWe will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.Please uninstall it before proceeding.Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the quotebox below into Notepad:Driver::ihyklnxKILLALL::Save this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
idk120 Posted August 18, 2010 Author ID:301793 Share Posted August 18, 2010 I ran Combo fix and it rebooted my computer but upon restart, no program would run because it gave an error that their drivers were marked for deletion. So I was unable to run a DDS scan. I was able to fix this by doing a system restore, but anyways here is the Combo fix log.ComboFix 10-08-16.04 - Mike 08/17/2010 14:01:35.2.2 - x86Microsoft Link to post Share on other sites More sharing options...
Staff screen317 Posted August 18, 2010 Staff ID:302088 Share Posted August 18, 2010 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306414 Share Posted August 29, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts