Maniac Posted January 18, 2011 ID:375909 Share Posted January 18, 2011 Please go to www.virustotal.com and upload the following file:C:\WINDOWS\Secure.dllPost the resaults in your next reply. Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:375975 Share Posted January 18, 2011 Please go to www.virustotal.com and upload the following file:C:\WINDOWS\Secure.dllPost the resaults in your next reply.File name:Secure.dllSubmission date:2011-01-18 19:42:28 (UTC)Current status:queued queued analysing finishedResult:0/ 42 (0.0%)VT Communitynot reviewed Safety score: - CompactPrint resultsAntivirus Version Last Update ResultAhnLab-V3 2011.01.18.00 2011.01.17 -AntiVir 7.11.1.174 2011.01.18 -Antiy-AVL 2.0.3.7 2011.01.18 -Avast 4.8.1351.0 2011.01.18 -Avast5 5.0.677.0 2011.01.18 -AVG 10.0.0.1190 2011.01.18 -BitDefender 7.2 2011.01.18 -CAT-QuickHeal 11.00 2011.01.18 -ClamAV 0.96.4.0 2011.01.18 -Commtouch 5.2.11.5 2011.01.18 -Comodo 7434 2011.01.18 -DrWeb 5.0.2.03300 2011.01.18 -eSafe 7.0.17.0 2011.01.18 -eTrust-Vet 36.1.8106 2011.01.18 -F-Prot 4.6.2.117 2011.01.17 -F-Secure 9.0.16160.0 2011.01.18 -Fortinet 4.2.254.0 2011.01.16 -GData 21 2011.01.18 -Ikarus T3.1.1.97.0 2011.01.18 -Jiangmin 13.0.900 2011.01.18 -K7AntiVirus 9.77.3570 2011.01.18 -Kaspersky 7.0.0.125 2011.01.18 -McAfee 5.400.0.1158 2011.01.18 -McAfee-GW-Edition 2010.1C 2011.01.18 -Microsoft 1.6402 2011.01.18 -NOD32 5798 2011.01.18 -Norman 6.06.12 2011.01.18 -nProtect 2011-01-18.01 2011.01.18 -Panda 10.0.2.7 2011.01.18 -PCTools 7.0.3.5 2011.01.18 -Prevx 3.0 2011.01.18 -Rising 22.83.01.03 2011.01.18 -Sophos 4.61.0 2011.01.18 -SUPERAntiSpyware 4.40.0.1006 2011.01.18 -Symantec 20101.3.0.103 2011.01.18 -TheHacker 6.7.0.1.116 2011.01.18 -TrendMicro 9.120.0.1004 2011.01.18 -TrendMicro-HouseCall 9.120.0.1004 2011.01.18 -VBA32 3.12.14.2 2011.01.18 -VIPRE 8114 2011.01.18 -ViRobot 2011.1.18.4261 2011.01.18 -VirusBuster 13.6.152.1 2011.01.18 -Additional informationShow allMD5 : f739b2bc15de2f05150303f012295871SHA1 : eb07331969b3c851744bcfa9533d52927d4f211aSHA256: 23b3492f4e615abf3d9768dc51fb6021c4e524e16267973749a75dfff7230c6d Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:375982 Share Posted January 18, 2011 Thanks! Run OTL.exeUnder Custom Scans/Fixes post the following script::OTLIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075:filesC:\WINDOWS\System32\*.tmpC:\WINDOWS\*.tmpC:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.jobC:\Documents and Settings\Tom Krisa\Application Data\systemFP.$dkC:\WINDOWS\System32\epoPGPsdk.dll.sigC:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent:Commands[purity][emptytemp][emptyflash]Then click the Run Fix button at the topLet the program run unhindered,when it is done it will say "Fix Complete press ok to open log"Please post that log in your next reply. Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:375997 Share Posted January 18, 2011 I ran the scan, and it said the computer needed to reboot in order to finish deleting files. This appeared on my screen after the reboot:All processes killed========== OTL ==========HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!========== FILES ==========C:\WINDOWS\System32\CONFIG.TMP moved successfully.C:\WINDOWS\System32\SET19C.tmp moved successfully.C:\WINDOWS\System32\SET19E.tmp moved successfully.C:\WINDOWS\System32\SET1A2.tmp moved successfully.C:\WINDOWS\System32\SET1A3.tmp moved successfully.C:\WINDOWS\System32\SET1AA.tmp moved successfully.C:\WINDOWS\002790_.tmp moved successfully.C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job moved successfully.C:\Documents and Settings\Tom Krisa\Application Data\systemFP.$dk moved successfully.C:\WINDOWS\System32\epoPGPsdk.dll.sig moved successfully.C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 folder moved successfully.C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 folder moved successfully.C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\x64 folder moved successfully.C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64 folder moved successfully.C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} folder moved successfully.C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\dlimagecache folder moved successfully.C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent\apps folder moved successfully.C:\Documents and Settings\Tom Krisa\Application Data\BitTorrent folder moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 9540090 bytes->Temporary Internet Files folder emptied: 204952 bytesUser: All UsersUser: Default User->Temp folder emptied: 49152 bytes->Temporary Internet Files folder emptied: 32969 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 45566 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 229430384 bytesUser: Tom Krisa->Temp folder emptied: 1037255010 bytes->Temporary Internet Files folder emptied: 313614695 bytes->Java cache emptied: 71997958 bytes->FireFox cache emptied: 54047266 bytes->Flash cache emptied: 216345 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 324017711 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 79552072 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 2,022.00 mb[EMPTYFLASH]User: AdministratorUser: All UsersUser: Default UserUser: LocalServiceUser: NetworkServiceUser: Tom Krisa->Flash cache emptied: 0 bytesTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.20.2 log created on 01182011_151831Files\Folders moved on Reboot...File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!File\Folder C:\WINDOWS\temp\NSM-{256BE7ED-C0F4-40C8-9319-8C2DC2AB3902}.dat not found!File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9bc.dat not found!File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a40.dat not found!Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:376003 Share Posted January 18, 2011 Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:376013 Share Posted January 18, 2011 I have a problem getting the updater to run. Though I can update the anti-malware on this computer, I cannot update it on the infected computer or transfer the updated version to that computer via USB. Is it alright to use the outdated version? (28 days outdated) Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:376018 Share Posted January 18, 2011 So there is a problem with your internet connection? Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:376021 Share Posted January 18, 2011 The computer is connected to the internet, and Skype works, but I cannot use any browsers. In Firefox, I get the error message "server not found." Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:376027 Share Posted January 18, 2011 Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computerPlease copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):@echo offipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ip reset allshutdown -r -t 10del /f /q %0Once you've done that click on File and select Save As...In the Save dialogue box click on the drop down menu next to Save as type and select All FilesName the file fix.bat (the .bat extension is very important)Save the file to your desktop and double click it to run it.Once it runs it will automatically restart your computerOnce your computer boots again, check to see if your internet performance has improvedPlease try again with Firefox. Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:376040 Share Posted January 18, 2011 Ok, I managed to get the internet working fine again, and I went back and ran the anti-malware. This is the report I got:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5549Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.131/18/2011 4:36:13 PMmbam-log-2011-01-18 (16-36-13).txtScan type: Quick scanObjects scanned: 155322Time elapsed: 5 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\yr87fk3d2dnszapq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\myhhysry (Trojan.FakeAlert.Gen) -> Value: myhhysry -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:376071 Share Posted January 18, 2011 How are things now? Link to post Share on other sites More sharing options...
Tom717 Posted January 18, 2011 Author ID:376084 Share Posted January 18, 2011 It appears to be running normally. Is there anything else I should check or do? Link to post Share on other sites More sharing options...
Maniac Posted January 18, 2011 ID:376094 Share Posted January 18, 2011 It's not a bad idea for one last check:ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Now click on Advanced Settings and select the following:Remove found threatsScan archivesScan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
Tom717 Posted January 19, 2011 Author ID:376232 Share Posted January 19, 2011 Unfortunately I had a problem getting the log copied and lost it, but I can tell you that it said that there were no threats found. can run it aagain if you think I should. Link to post Share on other sites More sharing options...
Maniac Posted January 19, 2011 ID:376386 Share Posted January 19, 2011 Do you remember that found something and if so what? I need a similar information. Link to post Share on other sites More sharing options...
Tom717 Posted January 19, 2011 Author ID:376656 Share Posted January 19, 2011 I ran the avast! antivirus, and it found two infected .dll files, and I used the option "move to chest." Now, neither the avast nor the eset scans report any problems, though those two files have still not been dealt with. In addition, my internet browser has stopped working again - the screen is completely blank when I try to go to a website. Link to post Share on other sites More sharing options...
Maniac Posted January 19, 2011 ID:376667 Share Posted January 19, 2011 Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computerPlease copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):@echo offipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ip reset allshutdown -r -t 10del /f /q %0Once you've done that click on File and select Save As...In the Save dialogue box click on the drop down menu next to Save as type and select All FilesName the file fix.bat (the .bat extension is very important)Save the file to your desktop and double click it to run it.Once it runs it will automatically restart your computerOnce your computer boots again, check to see if your internet performance has improvedPlease try again with your web browser. Link to post Share on other sites More sharing options...
LDTate Posted January 25, 2011 ID:379457 Share Posted January 25, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts