Jump to content

So Many Viruses!


Mische

Recommended Posts

Hi

I'm new here. I hope you can help me with my problem. I downloaded GenxVPN to gain unlimited access on the internet. And that's where the trouble began.

After downloading it, Avira blocked a Trojan virus accessing my computer. I thought it was the end of it, but I was wrong.

The next day, Malwarebytes got a lot of viruses, all from GenxVPN:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7907

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/9/2011 7:17:25 PM

mbam-log-2011-10-09 (19-17-25).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 156521

Time elapsed: 2 hour(s), 17 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\GenxVPN\app\disablefirewall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\GenxVPN\app\enablefirewall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\GenxVPN\app\iprelease.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\GenxVPN\app\iprenew.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\GenxVPN\app\m.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\GenxVPN\app\www.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Then today, Avira got another batch of viruses, this time, around 6 of them in my system restore volume. All of them were named: TR.Trash.Gen.Trojan. They were in C:System Volume Information\_restore.

I am attaching the DDS.TXT file:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by Chassy Cruz at 16:27:08 on 2011-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.184 [GMT 8:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\fsproflt.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\wdm\STacSV.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Prey\platform\windows\cronsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\crypserv.exe

C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\SnoopFreeSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\TimeTrex\apache2\bin\httpd.exe

C:\Program Files\Smart Bro\AssistantServices.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\TimeTrex\apache2\bin\httpd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\SnoopFreeUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\SMART BRO\UIExec.exe

C:\Program Files\Free Desktop Clock\DesktopClock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Documents and Settings\Chassy Cruz\Application Data\Smart Bro\ouc.exe

C:\Program Files\Efficient Calendar\EfficientCalendar.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Stickies\stickies.exe

svchost.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Smart Bro\Smart Bro.exe

C:\GenxVPN\genxvpn.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\GenxVPN\bin\openvpn.exe

C:\GenxVPN\app\pinger.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\POP Peeper\poppeeper.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\oDesk\oDeskTeam.exe

C:\Program Files\TimeLeft3\TimeLeft.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chassy Cruz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\oDesk\oDeskHelper.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.google.com/

uSearch Bar =

mStart Page = hxxp://www.bigseekpro.com/freedesktopclock/{5AEFD52D-22BB-4C82-98B4-3198AD9D0D9A}

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - AF-HSS Toolbar

TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} -

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [skinClock] c:\program files\free desktop clock\DesktopClock.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [chromium] c:\documents and settings\chassy cruz\local settings\application data\google\chrome\application\chrome.exe --no-startup-window

uRun: [HW_OPENEYE_OUC_Smart Bro] "c:\program files\smart bro\updatedog\ouc.exe"

uRun: [POP Peeper] "c:\program files\pop peeper\poppeeper.exe" -min

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [snoopFreeUI] SnoopFreeUI.exe

mRun: [EfficientCalendar]

mRun: [atr.exe]

mRun: [Fax Machine]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [uIExec] "c:\program files\smart bro\UIExec.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\chassy cruz\start menu\programs\startup\efficient calendar.lnk - c:\program files\efficient calendar\EfficientCalendar.exe

StartupFolder: c:\docume~1\chassy cruz\start menu\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\timeleft3\tlintergie.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist!

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/emsisoft_webscan.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 121.1.3.168 203.84.191.216

TCP: Interfaces\{8DE8F4C8-4041-418F-BDA0-401E9167F889} : DhcpNameServer = 208.67.222.222 4.2.2.1

TCP: Interfaces\{AC5EF13B-5D50-43E0-B846-5E3002441199} : DhcpNameServer = 121.1.3.168 203.84.191.216

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chassy cruz\application data\mozilla\firefox\profiles\ptus2kjf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 16:31:15.04 ===============

Can anyone please help me get rid of these viruses? And is it ok if I just delete them?

Any help will be appreciated. Thanks!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

What do you mean unlimited Internet access?

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.