Thread: False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links
View Single Post
Old 12-15-2008, 02:33 PM   #16 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,326
OS: N/A


Re: False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links
Something about this machine still doesn't appear kosher to me. Stay with me till I give you the green light.


Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/320337-false-security-alerts-pop-ups-alleged-sinowal-trojan-suspicious-links.html#post1859487
Suspect::
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL
AWF::
C:\program files\Adobe\Photoshop Elements 5.0\bak\apdproxy.exe
C:\program files\Analog Devices\Core\bak\smax4pnp.exe
C:\program files\Analog Devices\SoundMAX\bak\Smax4.exe
C:\program files\ATI Technologies\ATI.ACE\bak\CLIStart.exe
C:\program files\Canon\MyPrinter\bak\BJMyPrt.exe
C:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
C:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
C:\program files\Lenovo\Client Security Solution\bak\cssauth.exe
C:\program files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
C:\program files\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe
C:\program files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
C:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
C:\program files\Synaptics\SynTP\bak\SynTPLpr.exe
C:\program files\ThinkPad\Utilities\bak\TpKmapAp.exe
C:\windows\system32\DLA\bak\DLACTRLW.EXE
FOLDER::
C:\program files\ThinkPad\Utilities\bak
C:\program files\Common Files\Adobe\Updater5\bak
C:\program files\Common Files\Lenovo\Scheduler\bak
C:\program files\ThinkVantage Fingerprint Software\bak
C:\program files\ThinkVantage\PrdCtr\bak
C:\program files\Tunebite\bak
C:\program files\Microsoft Office\Office12\bak
C:\program files\QuickTime\bak
C:\program files\Steam\bak
C:\program files\Symantec AntiVirus\bak
C:\program files\Common Files\Symantec Shared\bak
C:\program files\iTunes\bak
REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windpipe"=-
Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4
__________________

Question - what have you done for the community today?
sUBs is offline