Jump to content

Recommended Posts

A friend of mine had some infections on his computer. Most of it was releated to TDSS (according to virusscan.jotti.org and NORMAN). I believe I removed everything but Internet Explorer can't start. When I run it, the process runs for a fraction of a second and closes itself. MBAM finds nothing. Is there some malware left that interferes with IE ? I've tried to run IE without addons, booting in safe mode and under another user account and it didn't help.

thanks

DSS log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by USER at 22:36:36,57 on 2011-03-28

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2941.2345 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS.0\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS.0\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS.0\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS.0\system32\nvsvc32.exe

C:\WINDOWS.0\system32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS.0\system32\wbem\wmiapsrv.exe

C:\WINDOWS.0\Explorer.EXE

C:\WINDOWS.0\system32\wscntfy.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\WINDOWS.0\system32\wuauclt.exe

C:\Documents and Settings\USER.ORDI1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER.ORDI1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER.ORDI1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER.ORDI1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER.ORDI1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER.ORDI1\Bureau\dds.scr

.

============== Pseudo HJT Report ===============

.

uWindow Title =

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: -{ec69794b-60b3-44fe-a0b1-1efebfc131eb} - No File

TB: -{30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: -{1c491116-c175-45e1-a570-6fb14fea8b7b} - No File

TB: -{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\documents and settings\user.ordi1\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows.0\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

RUnknown SASDIFSV;SASDIFSV; [x]

RUnknown SASKUTIL;SASKUTIL; [x]

S3 rootrepeal;rootrepeal;\??\c:\windows.0\system32\drivers\rootrepeal.sys --> c:\windows.0\system32\drivers\rootrepeal.sys [?]

.

=============== Created Last 30 ================

.

2011-03-29 02:10:49 -------- d-----w- c:\docume~1\user~1.ord\locals~1\applic~1\PHPNukeFR

2011-03-29 02:03:19 -------- d-----w- c:\program files\CONEXANT

2011-03-29 01:33:16 -------- d-----w- c:\program files\Yamicsoft

2011-03-28 23:24:48 56400 ----a-w- c:\windows.0\system32\drivers\tmrkb.sys

2011-03-28 23:23:53 -------- d-----w- c:\windows.0\pss

2011-03-28 23:06:34 190032 ----a-w- c:\windows.0\system32\drivers\tmcomm.sys

2011-03-28 22:40:32 -------- d-----w- c:\program files\UPHClean

2011-03-28 22:00:03 -------- dc-h--w- c:\windows.0\ie8

2011-03-28 21:41:25 98816 ----a-w- c:\windows.0\sed.exe

2011-03-28 21:41:25 89088 ----a-w- c:\windows.0\MBR.exe

2011-03-28 21:41:25 256512 ----a-w- c:\windows.0\PEV.exe

2011-03-28 21:41:25 161792 ----a-w- c:\windows.0\SWREG.exe

2011-03-28 10:04:06 -------- d-----w- c:\docume~1\user~1.ord\locals~1\applic~1\Elf_1.13

2011-03-28 10:02:58 -------- d-----w- c:\program files\CCleaner

2011-03-28 05:50:12 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\SUPERAntiSpyware.com

2011-03-28 04:00:51 -------- d-----w- c:\docume~1\user~1.ord\applic~1\Malwarebytes

2011-03-28 04:00:48 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys

2011-03-28 04:00:47 -------- d-----w- c:\docume~1\alluse~1.0\applic~1\Malwarebytes

2011-03-28 03:55:23 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys

2011-03-28 02:41:49 -------- d-sha-r- C:\cmdcons

2011-03-27 03:10:57 -------- d--h--w- c:\windows.0\system32\GroupPolicy

2011-03-26 19:55:25 -------- d-----w- C:\RE

2011-03-26 10:50:52 -------- d-----w- c:\docume~1\user~1.ord\locals~1\applic~1\Elf_1

2011-03-25 23:20:11 -------- d-----w- c:\docume~1\user~1.ord\locals~1\applic~1\vertvonline

2011-03-23 03:00:11 -------- d-----w- c:\docume~1\user~1.ord\locals~1\applic~1\Geckofx

2011-03-23 02:42:05 -------- d-----w- c:\windows.0\SxsCaPendDel

2011-03-21 22:06:45 -------- d-----w- C:\intdubpkcache

2011-03-21 20:11:57 -------- d-----w- c:\documents and settings\user.ordi1\.SSRB2

2011-03-19 18:28:50 -------- d-----w- C:\Rev1X

2011-03-19 17:14:02 -------- d-----w- C:\ReSc

2011-03-19 16:55:52 -------- d-----w- c:\documents and settings\user.ordi1\TavloniaCacheV3

2011-03-15 23:19:33 -------- d-----w- C:\RsReloadedv2

2011-03-03 23:20:29 -------- d-----w- C:\TragicX3_Cache

2011-03-02 22:56:43 -------- d-----w- c:\documents and settings\user.ordi1\.GenerationX_v2

2011-03-02 18:47:59 -------- d-----w- C:\OppV1

2011-03-02 16:35:46 -------- d-----w- c:\documents and settings\user.ordi1\NearRealityCachev111

2011-02-28 19:14:40 -------- d-----w- C:\Raincache

.

==================== Find3M ====================

.

2011-02-09 13:54:09 270848 ----a-w- c:\windows.0\system32\sbe.dll

2011-02-09 13:54:09 186880 ----a-w- c:\windows.0\system32\encdec.dll

2011-02-03 01:40:23 472808 ----a-w- c:\windows.0\system32\deployJava1.dll

2011-02-02 23:19:39 73728 ----a-w- c:\windows.0\system32\javacpl.cpl

2011-02-02 07:59:09 2067456 ----a-w- c:\windows.0\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows.0\system32\mstsc.exe

2011-01-21 14:44:12 441344 ----a-w- c:\windows.0\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows.0\system32\atmfd.dll

2010-12-31 14:04:24 1855104 ----a-w- c:\windows.0\system32\win32k.sys

.

============= FINISH: 22:36:44,53 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please run DDS again and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.