Tech Support Forum - View Single Post - Infected with Trojan.Adclicker.HB & trojan generic 826214

KennyLegend · 11-12-2008, 03:40 AM

Hi and thanks for the reply.

My problem is my AV keeps alerting me to Trojan.Adclicker.HB and trojan.Generic 827614 being blocked and moved to quarantine. My Internet Browser is re-directing me to other sites (mainly ads) and even when the internet is closed it can open and go to various sites of its own accord.

I have 2 problems with your "first steps" request.
1. DDS is hanging when the dos screen opens and wont run.
2. I dont understand about attaching under the Management attachment buttons. Where are these located ?

Heres is the Gmer report anyway:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-12 10:24:40
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9F8E818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9F8E7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F82A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9F8E794]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xAB006B4C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xAB006C3A]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F832C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9F8E866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8E0B0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xAB006AB0]

---- Kernel code sections - GMER 1.0.14 ----

? System32\Drivers\6b11c0b9.sys The system cannot find the file specified. !
? System32\Drivers\4e3c06de.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[7504] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00A42487 c:\windows\system32\hurikupu.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7504] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A42A53 c:\windows\system32\hurikupu.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A079488

AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys

Device \FileSystem\Fastfat \FatCdrom 896F7FB0

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\Cdrom \Device\CdRom0 89FA8410
Device \FileSystem\Rdbss \Device\FsWrap 8996C030
Device \Driver\iastor \Device\Ide\iaStor0 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 8AA263C0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-2 8AA263C0
Device \Driver\Cdrom \Device\CdRom1 89FA8410
Device \FileSystem\Srv \Device\LanmanServer 89E37C40

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89927320
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89927320
Device \FileSystem\Npfs \Device\NamedPipe 899633D8
Device \FileSystem\Msfs \Device\Mailslot 89DFAC00
Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 89FAEC70
Device \Driver\d347prt \Device\Scsi\d347prt1 89FAEC70
Device \FileSystem\Fastfat \Fat 896F7FB0

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat trufos.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89E1B460
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89E1B460
Device \FileSystem\Cdfs \Cdfs 89F0C1A8

---- Threads - GMER 1.0.14 ----

Thread 4:2092 AC18BAB0
Thread 4:2156 AC1D3AB0
Thread 4:4248 9FA4EAB0
Thread 4:4332 A3A8BAB0
Thread 4:5516 AC1A3AB0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xC3 0xA5 0xFF 0xCC ...

---- EOF - GMER 1.0.14 ----

11-12-2008, 03:40 AM	#7 (permalink)
KennyLegend Registered User Join Date: Nov 2008 Posts: 30 OS: xp SP2	Re: Infected with Trojan.Adclicker.HB & trojan generic 826214 Hi and thanks for the reply. My problem is my AV keeps alerting me to Trojan.Adclicker.HB and trojan.Generic 827614 being blocked and moved to quarantine. My Internet Browser is re-directing me to other sites (mainly ads) and even when the internet is closed it can open and go to various sites of its own accord. I have 2 problems with your "first steps" request. 1. DDS is hanging when the dos screen opens and wont run. 2. I dont understand about attaching under the Management attachment buttons. Where are these located ? Heres is the Gmer report anyway: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-12 10:24:40 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9F8E818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9F8E7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F82A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9F8E794] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xAB006B4C] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xAB006C3A] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F832C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9F8E866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8E0B0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xAB006AB0] ---- Kernel code sections - GMER 1.0.14 ---- ? System32\Drivers\6b11c0b9.sys The system cannot find the file specified. ! ? System32\Drivers\4e3c06de.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[7504] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00A42487 c:\windows\system32\hurikupu.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[7504] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A42A53 c:\windows\system32\hurikupu.dll ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A079488 AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys Device \FileSystem\Fastfat \FatCdrom 896F7FB0 AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) Device \Driver\Cdrom \Device\CdRom0 89FA8410 Device \FileSystem\Rdbss \Device\FsWrap 8996C030 Device \Driver\iastor \Device\Ide\iaStor0 8AA263C0 Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8AA263C0 Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 8AA263C0 Device \Driver\iastor \Device\Ide\IAAStorageDevice-2 8AA263C0 Device \Driver\Cdrom \Device\CdRom1 89FA8410 Device \FileSystem\Srv \Device\LanmanServer 89E37C40 AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89927320 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89927320 Device \FileSystem\Npfs \Device\NamedPipe 899633D8 Device \FileSystem\Msfs \Device\Mailslot 89DFAC00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 89FAEC70 Device \Driver\d347prt \Device\Scsi\d347prt1 89FAEC70 Device \FileSystem\Fastfat \Fat 896F7FB0 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat trufos.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89E1B460 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89E1B460 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89E1B460 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89E1B460 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89E1B460 Device \FileSystem\Cdfs \Cdfs 89F0C1A8 ---- Threads - GMER 1.0.14 ---- Thread 4:2092 AC18BAB0 Thread 4:2156 AC1D3AB0 Thread 4:4248 9FA4EAB0 Thread 4:4332 A3A8BAB0 Thread 4:5516 AC1A3AB0 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0xC3 0xA5 0xFF 0xCC ... ---- EOF - GMER 1.0.14 ----