Tech Support Forum - View Single Post - heur trojan mess - Cannot Update OS

Roc 65 · 08-10-2008, 10:41 AM

C:\bug.txt
(also found in c:\documents and settings\owner\recent - bug.txt)

----------------------

PUSHD "C:\327882R2FWJFW\"

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT

VER 1>temp00

FIND.exe "Microsoft Windows [Version 5.2.3790]" temp00 1>null

IF NOT ERRORLEVEL 1 GOTO Not_NT

FIND.exe "Windows XP" temp00 1>null

Del temp00

PV -o"%i\t%l" | SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" 1>temp00.bat

CALL temp00.bat

DEL temp00.bat 2>null

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CFLDR=327882R2FWJFW
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-C8BH3JAGLT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
KMD=CF29350.exe
LOGONSERVER=\\YOUR-C8BH3JAGLT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
sfxname=C:\Documents and Settings\Owner\desktop\combofix.exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-C8BH3JAGLT
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

=============================================

IF NOT DEFINED sfxname GOTO END

IF /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" GOTO Abort

IF EXIST "C:\DOCUME~1\Owner\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" DEL "C:\DOCUME~1\Owner\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log"

-----------------------

ComboFix:

"Windows cannot open this file

Attrib.cfexe (last time I thought it was Attrib.cf.exe)

To open this file, Windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer.

What do you want to do?"

I searched for the file above (searched c: drive for attrib) and found the follwoing instances:

c:\327882R2FWJFW - Attribcf.exe
c:\combofix - Attribcf.exe
c:\windows\I386 - attrib.ex_
c:\windows\system32 - attrib.exe
c:\windows\system32\dllcache - attrib.exe

08-10-2008, 10:41 AM	#7 (permalink)
Roc 65 Registered User Join Date: Jan 2008 Posts: 51 OS: Windows XP sp3	Re: heur trojan mess - Cannot Update OS - SP3 cannot find CLBCATQ dll's C:\bug.txt (also found in c:\documents and settings\owner\recent - bug.txt) ---------------------- PUSHD "C:\327882R2FWJFW\" IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT VER 1>temp00 FIND.exe "Microsoft Windows [Version 5.2.3790]" temp00 1>null IF NOT ERRORLEVEL 1 GOTO Not_NT FIND.exe "Windows XP" temp00 1>null Del temp00 PV -o"%i\t%l" \| SED "/\t.*\\nircmd\.inf$/!d; s///; s/./@pv -kfi &/" 1>temp00.bat CALL temp00.bat DEL temp00.bat 2>null ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data CFLDR=327882R2FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-C8BH3JAGLT ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner KMD=CF29350.exe LOGONSERVER=\\YOUR-C8BH3JAGLT NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$ QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console sfxname=C:\Documents and Settings\Owner\desktop\combofix.exe SYSTEM=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=YOUR-C8BH3JAGLT USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner windir=C:\WINDOWS ============================================= IF NOT DEFINED sfxname GOTO END IF /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" GOTO Abort IF EXIST "C:\DOCUME~1\Owner\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" DEL "C:\DOCUME~1\Owner\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" ----------------------- ComboFix: "Windows cannot open this file Attrib.cfexe (last time I thought it was Attrib.cf.exe) To open this file, Windows needs to know what program created it. Windows can go online to look it up automatically, or you can manually select from a list of programs on your computer. What do you want to do?" I searched for the file above (searched c: drive for attrib) and found the follwoing instances: c:\327882R2FWJFW - Attribcf.exe c:\combofix - Attribcf.exe c:\windows\I386 - attrib.ex_ c:\windows\system32 - attrib.exe c:\windows\system32\dllcache - attrib.exe