Jump to content

*urgent* no .exe file access


Ejester

Recommended Posts

Hello,

Ok so I am working on this PC and it has been infected with antimalware doctor.

However, this also seems to be infected with other things, as I couldn't access file options, see hidden files, access the registry, operate any exe files, and on and on ... was a terrible mess.

I have managed to get everything in windows working again, with the exception of the .exe files ... and it's not ALL .exe files.

For example:

a) I can go and run nero.exe - program loads no problems.

;) I try to run malwarebytes, nope.

Now, I know what your saying, "Why not rename some files?" been there, done that.

ANY exe file I download, it will not let me open, no matter what I rename it to. Also, if I try to go into the folders and manually rename any .exe files, it won't let me open it either.

I tried 3 different programs (one was CCleaner as a test), and the other 2 were mbam cleaner and a fresh randomized named mbam setup and still no go. I even tried to rename as a explorer.exe, no luck.

I did manage to get Bitdefenders quick scan to work, but that only lets me know that I have 2 more infected files, that I have no idea on how to clean atm.

Here is a log:

QuickScan Beta 32-bit v0.9.9.30

-------------------------------

Scan date: Fri Sep 03 17:22:27 2010

Machine ID: 882C54A6

Found 2 infected files!

-----------------------

C:\WINDOWS\system32\winlogon.exe --> Win32.Loader.O

--> Process winlogon.exe (680)

C:\WINDOWS\explorer.exe --> Win32.Loader.O

--> HKCR\Folder\shell\open\command\(default)

--> HKCR\folder\shell\open\command\(default)

--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"

--> Process explorer.exe (972)

Processes

---------

<unsigned> Microsoft

Link to post
Share on other sites

Ok, I also submitted those files to VirusTotal for a full scan and here are the results:

explorer.exe

Submission date:

2010-09-03 21:36:20 (UTC)

Current status:

queued (#10) queued (#10) analysing finished

Result:

27/ 43 (62.8%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.09.03.01 2010.09.03 -

AntiVir 8.2.4.50 2010.09.03 TR/Spy.1032192.9

Antiy-AVL 2.0.3.7 2010.09.03 -

Authentium 5.2.0.5 2010.09.03 W32/Patched.B

Avast 4.8.1351.0 2010.09.03 -

Avast5 5.0.594.0 2010.09.03 Win32:Bamital-X

AVG 9.0.0.851 2010.09.03 -

BitDefender 7.2 2010.09.03 Win32.Loader.O

CAT-QuickHeal 11.00 2010.09.03 -

ClamAV 0.96.2.0-git 2010.09.03 -

Comodo 5960 2010.09.03 -

DrWeb 5.0.2.03300 2010.09.03 Win32.Dat.3

Emsisoft 5.0.0.37 2010.09.03 Trojan.Win32.Patched!IK

eSafe 7.0.17.0 2010.09.01 -

eTrust-Vet 36.1.7835 2010.09.03 Win32/Patcher.F

F-Prot 4.6.1.107 2010.09.01 W32/Patched.B

F-Secure 9.0.15370.0 2010.09.03 Win32.Loader.O

Fortinet 4.1.143.0 2010.09.03 -

GData 21 2010.09.03 Win32.Loader.O

Ikarus T3.1.1.88.0 2010.09.03 Trojan.Win32.Patched

Jiangmin 13.0.900 2010.09.03 -

K7AntiVirus 9.63.2436 2010.09.03 Virus

Kaspersky 7.0.0.125 2010.09.03 Trojan.Win32.Patched.kl

McAfee 5.400.0.1158 2010.09.03 W32/Bamital.a

McAfee-GW-Edition 2010.1B 2010.09.03 -

Microsoft 1.6103 2010.09.03 Virus:Win32/Bamital.C

NOD32 5421 2010.09.03 Win32/Bamital.DX

Norman 6.05.11 2010.09.03 W32/Patched.Q

nProtect 2010-09-03.01 2010.09.03 Win32.Loader.O

Panda 10.0.2.7 2010.09.03 W32/Patched.AC

PCTools 7.0.3.5 2010.09.03 Trojan.Bamital

Prevx 3.0 2010.09.03 -

Rising 22.63.04.01 2010.09.03 Trojan.Win32.Generic.52275AE2

Sophos 4.57.0 2010.09.03 Troj/Patched-O

Sunbelt 6827 2010.09.03 Virus.Win32.Bamital.c (v)

SUPERAntiSpyware 4.40.0.1006 2010.09.03 -

Symantec 20101.1.1.7 2010.09.03 Trojan.Bamital!inf

TheHacker 6.5.2.1.363 2010.09.03 -

TrendMicro 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

TrendMicro-HouseCall 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

VBA32 3.12.14.0 2010.09.03 -

ViRobot 2010.8.31.4017 2010.09.03 Win32.Patched.AF

VirusBuster 12.64.16.1 2010.09.03 -

Additional information

Show all

MD5 : 37a09d861e2aba42ddb83edd73c5cc55

SHA1 : 79ef956b07adb1db04bcff0a0bab7713266d3520

SHA256: f30bea5e67735312044f8a075e727425f0f30525ecfeeb04c6fb04715ff6ec26

============-----------_________________===============---------------___________________=========

winlogon.exe

Submission date:

2010-09-03 21:37:19 (UTC)

Current status:

queued (#15) queued (#7) analysing finished

Result:

31/ 43 (72.1%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.09.03.01 2010.09.03 -

AntiVir 8.2.4.50 2010.09.03 TR/Patched.AW

Antiy-AVL 2.0.3.7 2010.09.03 Trojan/Win32.Patched.gen

Authentium 5.2.0.5 2010.09.03 W32/Patched.B

Avast 4.8.1351.0 2010.09.03 -

Avast5 5.0.594.0 2010.09.03 Win32:Bamital-X

AVG 9.0.0.851 2010.09.03 -

BitDefender 7.2 2010.09.03 Win32.Loader.O

CAT-QuickHeal 11.00 2010.09.03 -

ClamAV 0.96.2.0-git 2010.09.03 -

Comodo 5960 2010.09.03 -

DrWeb 5.0.2.03300 2010.09.03 Win32.Dat.3

Emsisoft 5.0.0.37 2010.09.03 Trojan.Win32.Patched!IK

eSafe 7.0.17.0 2010.09.01 -

eTrust-Vet 36.1.7835 2010.09.03 Win32/Patcher.F

F-Prot 4.6.1.107 2010.09.01 W32/Patched.B

F-Secure 9.0.15370.0 2010.09.03 Win32.Loader.O

Fortinet 4.1.143.0 2010.09.03 -

GData 21 2010.09.03 Win32.Loader.O

Ikarus T3.1.1.88.0 2010.09.03 Trojan.Win32.Patched

Jiangmin 13.0.900 2010.09.03 TrojanDownloader.Small.aswj

K7AntiVirus 9.63.2436 2010.09.03 Virus

Kaspersky 7.0.0.125 2010.09.03 Trojan.Win32.Patched.kl

McAfee 5.400.0.1158 2010.09.03 W32/Bamital.a

McAfee-GW-Edition 2010.1B 2010.09.03 Generic.dx!tou

Microsoft 1.6103 2010.09.03 Virus:Win32/Bamital.C

NOD32 5421 2010.09.03 Win32/Bamital.DX

Norman 6.05.11 2010.09.03 W32/Patched.Q

nProtect 2010-09-03.01 2010.09.03 Trojan-Downloader/W32.Small.502272.B

Panda 10.0.2.7 2010.09.03 W32/Patched.AC

PCTools 7.0.3.5 2010.09.03 Trojan.Bamital

Prevx 3.0 2010.09.03 -

Rising 22.63.04.01 2010.09.03 Trojan.Win32.Generic.52223C15

Sophos 4.57.0 2010.09.03 Troj/Patched-O

Sunbelt 6827 2010.09.03 Trojan.Win32.Generic!BT

SUPERAntiSpyware 4.40.0.1006 2010.09.03 -

Symantec 20101.1.1.7 2010.09.03 Trojan.Bamital!inf

TheHacker 6.5.2.1.363 2010.09.03 Trojan/Downloader.Small.atqr

TrendMicro 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

TrendMicro-HouseCall 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

VBA32 3.12.14.0 2010.09.03 -

ViRobot 2010.8.31.4017 2010.09.03 Win32.Patched.AF

VirusBuster 12.64.16.1 2010.09.03 -

Additional information

Show all

MD5 : 9b77da8b8f871cb70ab8efe7b82a5795

SHA1 : 2dc77965394af2d3162a5f61b3287a753671229e

SHA256: 0d00ff0ffacbdbbe33dde94259569f302e04af3cfcab0ae33d414624a9543bc9

ssdeep: 6144:MYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnUhPnpdcrFIzdFz/N5WjyfTNQK:MVLBh

ic7Qy1vSnkJFDNhp8

File size : 502272 bytes

First seen: 2010-09-03 21:37:19

Last seen : 2010-09-03 21:37:19

TrID:

Win64 Executable Generic (80.9%)

Win32 Executable Generic (8.0%)

Win32 Dynamic Link Library (generic) (7.1%)

Generic Win/DOS Executable (1.8%)

DOS Executable Generic (1.8%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows NT Logon Application

original name: WINLOGON.EXE

internal name: winlogon

file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x3D353

timedatestamp....: 0x41107EDC (Wed Aug 04 06:14:52 2004)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x6F352, 0x6F400, 6.82, f0610e6e071ab006adef977ec395b88e

.data, 0x71000, 0x4D90, 0x2000, 6.20, baa64d00a5f8a540a38a60d2aff66f30

.rsrc, 0x76000, 0x9030, 0x9200, 3.62, b93cbbc049130e1bad3ea13d7512c074

[[ 20 import(s) ]]

ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA

AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle

CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx

GDI32.dll: RemoveFontResourceW, AddFontResourceW

KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree

msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp

NDdeApi.dll: -, -, -, -

ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess

PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW

PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW

REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery

RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate

Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage

SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW

USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW

USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -

VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff

WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext

WS2_32.dll: -, getaddrinfo, -

VT Community

Link to post
Share on other sites

Ok, here are the scan results from VirusTotal for those 2 infected files - Just trying to give you as much info as possible so I can get this fixed.

File 1:

winlogon.exe

Submission date:

2010-09-03 21:37:19 (UTC)

Current status:

queued (#15) queued (#7) analysing finished

Result:

31/ 43 (72.1%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.09.03.01 2010.09.03 -

AntiVir 8.2.4.50 2010.09.03 TR/Patched.AW

Antiy-AVL 2.0.3.7 2010.09.03 Trojan/Win32.Patched.gen

Authentium 5.2.0.5 2010.09.03 W32/Patched.B

Avast 4.8.1351.0 2010.09.03 -

Avast5 5.0.594.0 2010.09.03 Win32:Bamital-X

AVG 9.0.0.851 2010.09.03 -

BitDefender 7.2 2010.09.03 Win32.Loader.O

CAT-QuickHeal 11.00 2010.09.03 -

ClamAV 0.96.2.0-git 2010.09.03 -

Comodo 5960 2010.09.03 -

DrWeb 5.0.2.03300 2010.09.03 Win32.Dat.3

Emsisoft 5.0.0.37 2010.09.03 Trojan.Win32.Patched!IK

eSafe 7.0.17.0 2010.09.01 -

eTrust-Vet 36.1.7835 2010.09.03 Win32/Patcher.F

F-Prot 4.6.1.107 2010.09.01 W32/Patched.B

F-Secure 9.0.15370.0 2010.09.03 Win32.Loader.O

Fortinet 4.1.143.0 2010.09.03 -

GData 21 2010.09.03 Win32.Loader.O

Ikarus T3.1.1.88.0 2010.09.03 Trojan.Win32.Patched

Jiangmin 13.0.900 2010.09.03 TrojanDownloader.Small.aswj

K7AntiVirus 9.63.2436 2010.09.03 Virus

Kaspersky 7.0.0.125 2010.09.03 Trojan.Win32.Patched.kl

McAfee 5.400.0.1158 2010.09.03 W32/Bamital.a

McAfee-GW-Edition 2010.1B 2010.09.03 Generic.dx!tou

Microsoft 1.6103 2010.09.03 Virus:Win32/Bamital.C

NOD32 5421 2010.09.03 Win32/Bamital.DX

Norman 6.05.11 2010.09.03 W32/Patched.Q

nProtect 2010-09-03.01 2010.09.03 Trojan-Downloader/W32.Small.502272.B

Panda 10.0.2.7 2010.09.03 W32/Patched.AC

PCTools 7.0.3.5 2010.09.03 Trojan.Bamital

Prevx 3.0 2010.09.03 -

Rising 22.63.04.01 2010.09.03 Trojan.Win32.Generic.52223C15

Sophos 4.57.0 2010.09.03 Troj/Patched-O

Sunbelt 6827 2010.09.03 Trojan.Win32.Generic!BT

SUPERAntiSpyware 4.40.0.1006 2010.09.03 -

Symantec 20101.1.1.7 2010.09.03 Trojan.Bamital!inf

TheHacker 6.5.2.1.363 2010.09.03 Trojan/Downloader.Small.atqr

TrendMicro 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

TrendMicro-HouseCall 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

VBA32 3.12.14.0 2010.09.03 -

ViRobot 2010.8.31.4017 2010.09.03 Win32.Patched.AF

VirusBuster 12.64.16.1 2010.09.03 -

Additional information

Show all

MD5 : 9b77da8b8f871cb70ab8efe7b82a5795

SHA1 : 2dc77965394af2d3162a5f61b3287a753671229e

SHA256: 0d00ff0ffacbdbbe33dde94259569f302e04af3cfcab0ae33d414624a9543bc9

ssdeep: 6144:MYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnUhPnpdcrFIzdFz/N5WjyfTNQK:MVLBh

ic7Qy1vSnkJFDNhp8

File size : 502272 bytes

First seen: 2010-09-03 21:37:19

Last seen : 2010-09-03 21:37:19

TrID:

Win64 Executable Generic (80.9%)

Win32 Executable Generic (8.0%)

Win32 Dynamic Link Library (generic) (7.1%)

Generic Win/DOS Executable (1.8%)

DOS Executable Generic (1.8%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows NT Logon Application

original name: WINLOGON.EXE

internal name: winlogon

file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x3D353

timedatestamp....: 0x41107EDC (Wed Aug 04 06:14:52 2004)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x6F352, 0x6F400, 6.82, f0610e6e071ab006adef977ec395b88e

.data, 0x71000, 0x4D90, 0x2000, 6.20, baa64d00a5f8a540a38a60d2aff66f30

.rsrc, 0x76000, 0x9030, 0x9200, 3.62, b93cbbc049130e1bad3ea13d7512c074

[[ 20 import(s) ]]

ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA

AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle

CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx

GDI32.dll: RemoveFontResourceW, AddFontResourceW

KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree

msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp

NDdeApi.dll: -, -, -, -

ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess

PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW

PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW

REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery

RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate

Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage

SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW

USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW

USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -

VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff

WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext

WS2_32.dll: -, getaddrinfo, -

VT Community

File 2:

explorer.exe

Submission date:

2010-09-03 21:36:20 (UTC)

Current status:

queued (#10) queued (#10) analysing finished

Result:

27/ 43 (62.8%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.09.03.01 2010.09.03 -

AntiVir 8.2.4.50 2010.09.03 TR/Spy.1032192.9

Antiy-AVL 2.0.3.7 2010.09.03 -

Authentium 5.2.0.5 2010.09.03 W32/Patched.B

Avast 4.8.1351.0 2010.09.03 -

Avast5 5.0.594.0 2010.09.03 Win32:Bamital-X

AVG 9.0.0.851 2010.09.03 -

BitDefender 7.2 2010.09.03 Win32.Loader.O

CAT-QuickHeal 11.00 2010.09.03 -

ClamAV 0.96.2.0-git 2010.09.03 -

Comodo 5960 2010.09.03 -

DrWeb 5.0.2.03300 2010.09.03 Win32.Dat.3

Emsisoft 5.0.0.37 2010.09.03 Trojan.Win32.Patched!IK

eSafe 7.0.17.0 2010.09.01 -

eTrust-Vet 36.1.7835 2010.09.03 Win32/Patcher.F

F-Prot 4.6.1.107 2010.09.01 W32/Patched.B

F-Secure 9.0.15370.0 2010.09.03 Win32.Loader.O

Fortinet 4.1.143.0 2010.09.03 -

GData 21 2010.09.03 Win32.Loader.O

Ikarus T3.1.1.88.0 2010.09.03 Trojan.Win32.Patched

Jiangmin 13.0.900 2010.09.03 -

K7AntiVirus 9.63.2436 2010.09.03 Virus

Kaspersky 7.0.0.125 2010.09.03 Trojan.Win32.Patched.kl

McAfee 5.400.0.1158 2010.09.03 W32/Bamital.a

McAfee-GW-Edition 2010.1B 2010.09.03 -

Microsoft 1.6103 2010.09.03 Virus:Win32/Bamital.C

NOD32 5421 2010.09.03 Win32/Bamital.DX

Norman 6.05.11 2010.09.03 W32/Patched.Q

nProtect 2010-09-03.01 2010.09.03 Win32.Loader.O

Panda 10.0.2.7 2010.09.03 W32/Patched.AC

PCTools 7.0.3.5 2010.09.03 Trojan.Bamital

Prevx 3.0 2010.09.03 -

Rising 22.63.04.01 2010.09.03 Trojan.Win32.Generic.52275AE2

Sophos 4.57.0 2010.09.03 Troj/Patched-O

Sunbelt 6827 2010.09.03 Virus.Win32.Bamital.c (v)

SUPERAntiSpyware 4.40.0.1006 2010.09.03 -

Symantec 20101.1.1.7 2010.09.03 Trojan.Bamital!inf

TheHacker 6.5.2.1.363 2010.09.03 -

TrendMicro 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

TrendMicro-HouseCall 9.120.0.1004 2010.09.03 PE_PATCHED.DEN

VBA32 3.12.14.0 2010.09.03 -

ViRobot 2010.8.31.4017 2010.09.03 Win32.Patched.AF

VirusBuster 12.64.16.1 2010.09.03 -

Additional information

Show all

MD5 : 37a09d861e2aba42ddb83edd73c5cc55

SHA1 : 79ef956b07adb1db04bcff0a0bab7713266d3520

SHA256: f30bea5e67735312044f8a075e727425f0f30525ecfeeb04c6fb04715ff6ec26

Link to post
Share on other sites

make sure when scanning with BD, do a deep system scan. make sure it scans ur whole hardrive, scanning memory processes, use heuristics, and things like that.

It's actually installed. Those scans are from the free online BD scanner. I have no option to do a full scan, only the quick scan on the site from here:

http://quickscan.bitdefender.com/

Link to post
Share on other sites

Hi,

Please download ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to the name provided in the image below:

Cfix_svchost.com.jpg

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.

[*]Double click on the renamed version of ComboFix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can't run the renamed version of ComboFix, then please tell me if you can run any of these:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://oldtimer.geekstogo.com/OTL.scr

http://www.forospyware.com/sUBs/dds/dds.pif

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.