Jump to content

Infected with Disk Doctor Application


Recommended Posts

Guest Pitmaster

Hi,

Disk Doctor were installed into my computer without permission and made a big mess.

I used Malwarebytes to clean my pc but still i have black, empty desktop ;/

DDS (Ver_10-12-05.01) - NTFSx86

Run by Pitmaster at 13:50:41,62 on Fri 12/10/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1033.18.3033.1864 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\MetaTrader 5\metatester.exe

C:\Program Files\MetaTrader 5\metatester.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Gadu-Gadu 10\gg.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Pitmaster\Downloads\putty_ssh.exe

C:\Users\Pitmaster\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pitmaster\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Pitmaster\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Pitmaster\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = https://fxtrade.oanda.com/your_account/logi...rading_platform

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll

BHO: Java

Attach.txt

ark.txt

Link to post
Share on other sites

Hello Pitmaster! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Going over your logs I noticed that you have

Link to post
Share on other sites

Guest Pitmaster

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: DI5JD5WJ.ocx

Submission date: 2010-12-14 09:48:07 (UTC)

Current status: finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.12.14.00 2010.12.14 -

AntiVir 7.11.0.31 2010.12.14 -

Antiy-AVL 2.0.3.7 2010.12.14 -

Avast 4.8.1351.0 2010.12.13 -

Avast5 5.0.677.0 2010.12.13 -

AVG 9.0.0.851 2010.12.13 -

BitDefender 7.2 2010.12.14 -

CAT-QuickHeal 11.00 2010.12.14 -

ClamAV 0.96.4.0 2010.12.14 -

Command 5.2.11.5 2010.12.14 -

Comodo 7057 2010.12.14 -

DrWeb 5.0.2.03300 2010.12.14 -

Emsisoft 5.1.0.1 2010.12.14 -

eSafe 7.0.17.0 2010.12.13 -

eTrust-Vet 36.1.8040 2010.12.14 -

F-Prot 4.6.2.117 2010.12.13 -

F-Secure 9.0.16160.0 2010.12.14 -

Fortinet 4.2.254.0 2010.12.13 -

GData 21 2010.12.14 -

Ikarus T3.1.1.90.0 2010.12.14 -

Jiangmin 13.0.900 2010.12.13 -

K7AntiVirus 9.72.3235 2010.12.13 -

Kaspersky 7.0.0.125 2010.12.14 -

McAfee 5.400.0.1158 2010.12.14 -

McAfee-GW-Edition 2010.1C 2010.12.14 -

Microsoft 1.6402 2010.12.14 -

NOD32 5700 2010.12.13 -

Norman 6.06.12 2010.12.14 -

nProtect 2010-12-14.01 2010.12.14 -

Panda 10.0.2.7 2010.12.13 -

PCTools 7.0.3.5 2010.12.14 -

Prevx 3.0 2010.12.14 -

Rising 22.78.00.04 2010.12.14 -

Sophos 4.60.0 2010.12.14 -

SUPERAntiSpyware 4.40.0.1006 2010.12.14 -

Symantec 20101.3.0.103 2010.12.14 -

TheHacker 6.7.0.1.099 2010.12.13 -

TrendMicro 9.120.0.1004 2010.12.14 -

TrendMicro-HouseCall 9.120.0.1004 2010.12.14 -

VBA32 3.12.14.2 2010.12.13 -

VIPRE 7644 2010.12.14 -

ViRobot 2010.12.14.4199 2010.12.14 -

VirusBuster 13.6.92.0 2010.12.13 -

Additional informationShow all

MD5 : 2d4347fa9d465db93f7319ce9e90294c

SHA1 : be3792daf77185af0fef2b98604536302ae3429c

SHA256: f0453606c18cb5ce24a58fcdf1d79844f92d1693597df961d8c54e613c549041

ssdeep: 12:DlZt5Kg0+aI+aI+aN2rA2222222222e9rmmmmmmmmmbQgttneKz+aA:5VhFXhQeR

File size : 3120 bytes

First seen: 2010-12-14 09:48:07

Last seen : 2010-12-14 09:48:07

TrID:

Game Music Creator Music (21.2%)

MacBinary 1 header (19.3%)

MacBinary 2 header (18.8%)

Adobe PhotoShop Brush (18.8%)

BONK lossless/lossy audio compressor (18.7%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

==================================

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: 9RRJBIWD.ocx

Submission date: 2010-12-14 09:56:42 (UTC)

Current status: finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.12.14.00 2010.12.14 -

AntiVir 7.11.0.31 2010.12.14 -

Antiy-AVL 2.0.3.7 2010.12.14 -

Avast 4.8.1351.0 2010.12.13 -

Avast5 5.0.677.0 2010.12.13 -

AVG 9.0.0.851 2010.12.13 -

BitDefender 7.2 2010.12.14 -

CAT-QuickHeal 11.00 2010.12.14 -

ClamAV 0.96.4.0 2010.12.14 -

Command 5.2.11.5 2010.12.14 -

Comodo 7057 2010.12.14 -

DrWeb 5.0.2.03300 2010.12.14 -

Emsisoft 5.1.0.1 2010.12.14 -

eSafe 7.0.17.0 2010.12.13 -

eTrust-Vet 36.1.8040 2010.12.14 -

F-Prot 4.6.2.117 2010.12.13 -

F-Secure 9.0.16160.0 2010.12.14 -

Fortinet 4.2.254.0 2010.12.13 -

GData 21 2010.12.14 -

Ikarus T3.1.1.90.0 2010.12.14 -

Jiangmin 13.0.900 2010.12.13 -

K7AntiVirus 9.72.3235 2010.12.13 -

Kaspersky 7.0.0.125 2010.12.14 -

McAfee 5.400.0.1158 2010.12.14 -

McAfee-GW-Edition 2010.1C 2010.12.14 -

Microsoft 1.6402 2010.12.14 -

NOD32 5700 2010.12.13 -

Norman 6.06.12 2010.12.14 -

nProtect 2010-12-14.01 2010.12.14 -

Panda 10.0.2.7 2010.12.13 -

PCTools 7.0.3.5 2010.12.14 -

Rising 22.78.00.04 2010.12.14 -

Sophos 4.60.0 2010.12.14 -

SUPERAntiSpyware 4.40.0.1006 2010.12.14 -

Symantec 20101.3.0.103 2010.12.14 -

TheHacker 6.7.0.1.099 2010.12.13 -

TrendMicro 9.120.0.1004 2010.12.14 -

TrendMicro-HouseCall 9.120.0.1004 2010.12.14 -

VBA32 3.12.14.2 2010.12.13 -

VIPRE 7644 2010.12.14 -

ViRobot 2010.12.14.4199 2010.12.14 -

VirusBuster 13.6.92.0 2010.12.13 -

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\Users\Pitmaster\AppData\Local\*.html
C:\Windows\*.tmp

:Commands
[purity]
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.