Jump to content

trojans/backdoors rage


Atomsk

Recommended Posts

I have been searching for days without any progress so far. It started with exe's being disabled and fake anti virus popping up, I fixed that with malwarebytes, so I thought, it stopped and exes worked again, everything was ok for a while. Later Google started redirecting, after a little while reinstalling java fixed that. A bit later more redirects, but now every link did it and malwarebytes, superantispyware got killed while scanning after just a few seconds and are unable to start agian without reinstalling. Avg popped up with things like my ati files, mscam, even avg files being Trojans, shortly after that there's no more avg components and I couldn't get rid of it, I used avg remover it gets killed in the process too. I used tdsskiller it finds 2-4 things, i click continue to delete/cure but it just finds them again after reboot. I was able to run malwarebytes after tdsskiller in safe mode, malwarebytes found a couple backdoor things and a Trojan but removing them didn't work either. hijackthis gets killed in the process as well.

The last thing I saw from avg showed Packed.Win32.Katusha.a. Unable to reinstall avg now though.

The google redirecting seems to have stopped after reinstalling java with javara now, but like right now I see 4239149419:2494976771.exe in processes. And svchost will uses like 300mb memory and a bunch of cpu. And im sure whatever caused it will do so again.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 10.1.0
Run by Darrell at 6:15:09 on 2011-10-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1249 [GMT -4:00]
.
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\4239149419:2494976771.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\WINDOWS\System32\svchost.exe -k Akamai
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Microsoft LifeCam\MSCamSvc.exe
D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
D:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE
D:\Documents and Settings\Darrell\Local Settings\temp\dlmtlm.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Darrell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://goog.com/
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "d:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\darrell\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SRk9ENC1TWFdSOC1KUlRRQS1KQURDSi1XRU1CUg"&"inst=NzYtNzkyNDQ0MzQzLVU5MCsxLVNQMSsxLVNQMVRCKzEtU1AxUzIrMS1TVUQrMS1TVVArMy1EMzgxTCs2LVMxSSsxLVNVMysxLVNQMVMzKzEtRERUKzAtSTEwKzE"&"prod=94"&"ver=10.0.1392
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: d:\docume~1\darrell\startm~1\programs\startup\stardo~1.lnk - d:\program files\stardock\objectdock\ObjectDock.exe
IE: &Download with &DAP - d:\program files\dap\dapextie.htm
IE: Download &all with DAP - d:\program files\dap\dapextie2.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxps://secwebclinic.ahnlab.com/asp/cab/mkdplus.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{888DAF94-BF19-442C-9052-BD558650533E} : DhcpNameServer = 192.168.1.254
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - d:\program files\common files\stardock\mcpstub.dll
Notify: WBSrv - d:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: d:\windows\system32\wbsys.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\darrell\application data\mozilla\firefox\profiles\u2gl3jyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: d:\documents and settings\darrell\application data\mozilla\firefox\profiles\u2gl3jyj.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: d:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\documents and settings\darrell\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\darrell\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\documents and settings\darrell\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: d:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: d:\windows\system32\npOGPPlugin.dll
FF - plugin: d:\windows\system32\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: PhZilla: amin.eft_PhProxy@gmail.com - %profile%\extensions\amin.eft_PhProxy@gmail.com
FF - Ext: Better Gmail 2: bettergmail2@ginatrapani.org - %profile%\extensions\bettergmail2@ginatrapani.org
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Clippings: {91aa5abe-9de4-4347-b7b5-322c38dd9271} - %profile%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Watcher: gmailwatcher@sonthakit - %profile%\extensions\gmailwatcher@sonthakit
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: SearchLoad Options: searchloadoptions@esteban.torres - %profile%\extensions\searchloadoptions@esteban.torres
FF - Ext: Sidebar Bookmark Selector: sidebarBookmarkSelector@alice - %profile%\extensions\sidebarBookmarkSelector@alice
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 sonyhcb;Sony Digital Imaging Base;d:\windows\system32\drivers\sonyhcb.sys [2007-10-5 6097]
R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2008-12-27 213640]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 Akamai;Akamai NetSession Interface;d:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;d:\windows\system32\drivers\hitmanpro35.sys [2011-9-30 23624]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;d:\windows\system32\drivers\lne100v5.sys [2008-11-26 36224]
R3 MEMSWEEP2;MEMSWEEP2;\??\d:\windows\system32\2.tmp --> d:\windows\system32\2.tmp [?]
S1 SASKUTIL;SASKUTIL;\??\d:\program files\superantispyware\saskutil.sys --> d:\program files\superantispyware\SASKUTIL.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;d:\windows\system32\drivers\ssadadb.sys [2011-4-12 30312]
S3 apf001;apf001;\??\c:\program files\games\gunbound\gunboundis\apf001.sys --> c:\program files\games\gunbound\gunboundis\apf001.sys [?]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\eaglexnt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 HLPSYS;HLPSYS;\??\d:\windows\system32\drivers\hlp.sys --> d:\windows\system32\drivers\hlp.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2008-12-27 79304]
S3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2008-12-27 35272]
S3 mferkdk;McAfee Inc. mferkdk;d:\windows\system32\drivers\mferkdk.sys [2008-12-27 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;d:\windows\system32\drivers\mfesmfk.sys [2008-12-27 40552]
S3 Mkd2kfNt;Mkd2kfNt;d:\windows\system32\drivers\Mkd2kfNT.sys [2008-7-16 127488]
S3 Mkd2Nadr;Mkd2Nadr;d:\windows\system32\drivers\Mkd2Nadr.sys [2008-7-16 101632]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\gamemon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 Partizan;Partizan;d:\windows\system32\drivers\partizan.sys --> d:\windows\system32\drivers\Partizan.sys [?]
S3 pneteth;PdaNet Broadband;d:\windows\system32\drivers\pneteth.sys [2011-5-24 13312]
S3 pwdrvio;pwdrvio;d:\windows\system32\pwdrvio.sys [2011-4-29 16472]
S3 pwdspio;pwdspio;d:\windows\system32\pwdspio.sys [2011-4-29 11104]
S3 RegGuard;RegGuard;d:\windows\system32\drivers\regguard.sys [2008-8-9 25773]
S3 RkHit;RkHit;\??\d:\windows\system32\drivers\rkhit.sys --> d:\windows\system32\drivers\RKHit.sys [?]
S3 rootrepeal;rootrepeal;\??\d:\windows\system32\drivers\rootrepeal.sys --> d:\windows\system32\drivers\rootrepeal.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\screamingbaudio.sys --> d:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;d:\windows\system32\drivers\sonyhcs.sys [2007-10-5 299923]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:\windows\system32\drivers\ssadbus.sys [2011-4-12 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:\windows\system32\drivers\ssadmdfl.sys [2011-4-12 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:\windows\system32\drivers\ssadmdm.sys [2011-4-12 121576]
S3 VX6000;Microsoft LifeCam VX-6000;d:\windows\system32\drivers\VX6000Xp.sys [2009-5-2 2383152]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys --> d:\windows\system32\drivers\wdcsam.sys [?]
S3 XDva164;XDva164;\??\d:\windows\system32\xdva164.sys --> d:\windows\system32\XDva164.sys [?]
S3 XDva319;XDva319;\??\d:\windows\system32\xdva319.sys --> d:\windows\system32\XDva319.sys [?]
S3 XDva326;XDva326;\??\d:\windows\system32\xdva326.sys --> d:\windows\system32\XDva326.sys [?]
S3 XDva332;XDva332;\??\d:\windows\system32\xdva332.sys --> d:\windows\system32\XDva332.sys [?]
S3 XDva346;XDva346;\??\d:\windows\system32\xdva346.sys --> d:\windows\system32\XDva346.sys [?]
S3 XDva360;XDva360;\??\d:\windows\system32\xdva360.sys --> d:\windows\system32\XDva360.sys [?]
.
=============== Created Last 30 ================
.
2011-10-24 09:48:02 -------- d-----w- d:\program files\Sophos
2011-10-24 09:41:40 -------- d-----w- d:\documents and settings\darrell\local settings\application data\Sun
2011-10-24 01:18:17 -------- d-----w- d:\documents and settings\all users\application data\PassMark
2011-10-24 01:18:14 -------- d-----w- d:\program files\PerformanceTest
2011-10-20 09:12:37 -------- d-----w- d:\documents and settings\all users\application data\WeCareReminder
2011-10-20 09:12:22 -------- d-----w- d:\documents and settings\darrell\local settings\application data\OpenCandy
2011-10-20 09:12:19 -------- d-----w- d:\documents and settings\darrell\application data\OpenCandy
2011-10-20 08:58:00 -------- d-----w- d:\documents and settings\darrell\application data\DAEMON Tools Pro
2011-10-20 08:58:00 -------- d-----w- d:\documents and settings\all users\application data\DAEMON Tools Pro
2011-10-17 02:23:20 -------- d-sh--w- d:\documents and settings\darrell\local settings\application data\6b49acfc
2011-10-10 01:26:11 53616 ----a-w- d:\windows\system32\CMStarter_Kor.dll
2011-10-10 01:26:11 53616 ----a-w- d:\windows\system32\CMStarter_Eng.dll
2011-10-10 01:26:11 364912 ----a-w- d:\windows\system32\CMStarterCore.exe
2011-10-10 01:26:11 -------- d-----w- d:\program files\WEBZEN
2011-10-05 07:13:03 -------- d-----w- d:\documents and settings\darrell\application data\Command and Conquer 4
2011-10-03 23:14:32 -------- d-----w- d:\documents and settings\darrell\application data\Softplicity
2011-10-03 22:56:59 -------- d-----w- d:\program files\DebugMode
2011-10-03 21:27:29 14604 ----a-w- d:\windows\system32\drivers\pfc.sys
2011-09-30 18:31:55 23624 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2011-09-30 18:31:55 -------- d-----w- d:\program files\Hitman Pro 3.5
2011-09-30 17:55:11 -------- d-----w- d:\documents and settings\all users\application data\Hitman Pro
2011-09-30 05:38:01 66520 ----a-w- d:\program files\mozilla firefox\plugins\npnul32.dll
2011-09-30 05:38:01 25048 ----a-w- d:\program files\mozilla firefox\components\browserdirprovider.dll
2011-09-30 05:38:01 140248 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll
2011-09-30 05:38:00 505816 ----a-w- d:\program files\mozilla firefox\sqlite3.dll
2011-09-30 05:38:00 1015256 ----a-w- d:\program files\mozilla firefox\js3250.dll
2011-09-25 19:44:08 12920 ----a-w- d:\windows\system32\apl001.sys
2011-09-25 19:44:08 10872 ----a-w- d:\windows\system32\apf001.sys
2011-09-24 23:09:37 79256 ----a-w- d:\windows\system32\npOGPPlugin.dll
2011-09-24 23:09:31 271768 ----a-w- d:\windows\system32\OGPIEPlugin.ocx
2011-09-24 23:09:27 -------- d-----w- d:\program files\OGPlanet
.
==================== Find3M ====================
.
2011-10-24 09:35:02 74752 ----a-w- d:\windows\system32\drivers\ipsec.sys
2011-10-24 09:28:11 162816 ----a-w- d:\windows\system32\drivers\netbt.sys
2011-10-24 09:07:15 544656 ----a-w- d:\windows\system32\deployJava1.dll
2011-10-24 09:07:15 128000 ----a-w- d:\windows\system32\javacpl.cpl
2011-10-24 08:52:44 52736 ----a-w- d:\windows\system32\drivers\i8042prt.sys
2011-10-24 08:20:07 138368 ----a-w- d:\windows\system32\drivers\afd.sys
2011-10-24 06:41:59 457216 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-10-24 06:32:23 36096 ----a-w- d:\windows\system32\drivers\intelppm.sys
2011-10-20 09:12:14 443448 ----a-w- d:\windows\system32\drivers\sptd.sys
2011-10-15 11:51:04 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 6:16:57.59 ===============

Sorry, wasn't exactly sure these should be posted. I have had this pc for 4 years now without formats and stuff, i'd prefer to avoid that. I just found my windows xp cd though, if something like reinstalling windows without losing stuff but fixing these kinds of things was possible?

dds.rar

attach.rar

Link to post
Share on other sites

Dangerous virus and trojan.

I had the same experience last week. First redirect. Later more serious matters. Worst was that a trojan harvested my passwords and settings from a ftp client. In the next days my different websites (I am administrator of a half dozen) were hacked systematically and JS code were systematically put on the pages.

No antivirus programs worked and they stopped working or could not be installed.

I payed one of the most famous anti-virus compagnies to remove the virus. The first guy stopped his work after 1½ hour. The next stopped after almost 6 hours and told me that all virus and trojans were gone.

They are now back again.

Help from me too.

Link to post
Share on other sites

Yes. The virus is back. I don't know about the trojan.

Efter the anti-virus people had been fighting against the virus and trojan my computer is looking like a battle field in Sirte. Many programs don't work caused by damaged files through the battle.

I will reformat my HD. And don't trust anti-virus programs any more.

Link to post
Share on other sites

  • Staff

Jorgen please start your own topic and I promise that someone will help you.

Atomsk,

Hello and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.