Tech Support Forum - View Single Post - Virut.j and Mariofev!mem Infection UPDATE! HELP!

mjbosko · 03-02-2009, 09:31 PM

After running Malwarebytes' Anti-Malware, my firewall seemed to be restored. However, upon reboot, I ran another McAfee virus scan to make sure everything was taken care of, but the problem was worse.

Virut.j and Mariofev!mem are rampid throughout my system. During the scan, my computer had to shutdown. I managed to jot down some of the viruses that were detected.

system32\svchost.exe was infected with Virut.j
also system32\7.tmp was infected

I do not know where else to turn. I have updated log files appropriately attached. Please help!

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Administrator at 23:05:40.56 on Mon 03/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.289 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/lib/liu/support/plugins/ebraryRdr.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155469679595
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://download.microsoft.com/download/c/d/c/cdc1ac44-d0db-4723-a092-33be8b4f6d9d/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
S1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-10-22 104000]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 191488]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-21 1247600]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-23 24576]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-10-22 72264]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-10-22 34152]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-10-22 168776]

=============== Created Last 30 ================

2009-03-02 22:56 578,560 a------- c:\windows\system32\btzuztf
2009-03-02 22:56 105,984 a------- c:\windows\system32\3.tmp
2009-03-02 22:56 40 a------- c:\windows\system32\2.tmp
2009-03-02 22:42 262,144 a------- c:\windows\system32\nvtpm32.dll
2009-03-02 22:42 40 a------- c:\windows\system32\4.tmp
2009-03-02 22:32 105,984 a------- c:\windows\system32\azton.mt
2009-03-02 22:32 105,984 a------- c:\windows\system32\6.tmp
2009-03-02 22:32 40 a------- c:\windows\system32\5.tmp
2009-03-02 21:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-03-02 21:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-02 21:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-02 21:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-02 21:41 578,560 a------- c:\windows\system32\ckvpy
2009-03-02 21:41 105,984 a------- c:\windows\system32\12.tmp
2009-03-02 21:41 40 a------- c:\windows\system32\11.tmp
2009-03-02 21:39 578,560 a------- c:\windows\system32\svtfhd
2009-03-02 19:54 105,984 a------- c:\windows\system32\10.tmp
2009-03-02 18:11 250 a------- c:\windows\gmer.ini
2009-03-02 17:42 578,560 a------- c:\windows\system32\jqwerz
2009-03-02 17:29 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 15:56 578,560 a------- c:\windows\system32\fegpfzs
2009-03-02 14:15 552 a------- c:\windows\system32\d3d8caps.dat
2009-03-02 00:03 0 a------- c:\windows\mqcd.dbt
2009-03-02 00:02 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-03-02 00:02 32,768 a------- c:\windows\system32\odjan.wa
2009-03-02 00:02 32,768 a------- c:\windows\system32\kei1w.an
2009-03-02 00:02 28,672 a------- c:\windows\system32\doqkm.zt
2009-03-02 00:02 77,312 a------- c:\windows\system32\rkoq.pxf
2009-03-02 00:02 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-03-01 21:31 0 a------- c:\windows\system32\25.tmp
2009-03-01 21:31 105,984 a------- c:\windows\system32\24.tmp
2009-03-01 21:31 40 a------- c:\windows\system32\21.tmp
2009-02-26 18:10 260 a------- c:\windows\xccwinsys.ini
2009-02-26 18:10 <DIR> --d----- c:\windows\system32\inf
2009-02-26 18:10 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-26 18:10 155,227 a------- c:\windows\system32\adx.exe
2009-02-26 18:09 11,531 a------- c:\windows\system32\load.exe

==================== Find3M ====================

2009-03-02 22:42 578,560 a------- c:\windows\system32\user32.DLL
2009-03-02 22:38 364,544 a------- c:\windows\system32\ati2evxx.exe
2009-03-01 23:32 35,328 a------- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-03-01 23:31 169,984 a------- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-03-01 23:31 18,432 a------- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-03-01 23:31 99,840 a------- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-03-01 23:31 769,024 a------- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-03-01 23:22 52,808 a------- c:\windows\help\sbsi\training\usersid.exe
2009-03-01 23:22 233,472 a------- c:\windows\help\sbsi\training\ounins32_s.exe
2009-03-01 22:53 283,648 a------- c:\windows\winhlp32.exe
2009-03-01 22:53 149,504 a------- c:\windows\UNWISE.EXE
2009-03-01 22:53 299,520 a------- c:\windows\uninst.exe
2009-03-01 22:53 25,600 a------- c:\windows\twunk_32.exe
2009-03-01 22:53 15,360 a------- c:\windows\TASKMAN.EXE
2009-03-01 22:52 32,768 a------- c:\windows\slrundll.exe
2009-03-01 22:52 67,736 a------- c:\windows\setpwrcg.exe
2009-03-01 22:52 69,120 a------- c:\windows\notepad.exe
2009-03-01 22:52 306,688 a------- c:\windows\IsUninst.exe
2009-03-01 22:52 98,304 a------- c:\windows\dla.exe
2009-02-28 11:54 229,376 a------- c:\windows\system32\fxscover.exe
2009-02-28 11:52 123,392 a------- c:\windows\system32\mplay32.exe
2009-02-28 11:52 102,912 a------- c:\windows\system32\clipbrd.exe
2009-02-28 11:05 150,528 a------- c:\windows\system32\imapi.exe
2009-02-28 11:00 744,448 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-02-28 10:47 146,432 a------- c:\windows\regedit.exe
2009-02-28 09:37 677,888 a------- c:\windows\system32\mstsc.exe
2009-02-28 09:37 343,040 a------- c:\windows\system32\mspaint.exe
2009-02-28 09:37 78,848 a------- c:\windows\system32\msiexec.exe
2009-02-28 09:36 15,360 a------- c:\windows\system32\ctfmon.exe
2009-02-28 09:36 69,120 a------- c:\windows\system32\notepad.exe
2009-02-28 09:35 28,672 a------- c:\windows\system32\verclsid.exe
2009-02-28 09:34 44,544 a------- c:\windows\system32\alg.exe
2009-02-28 09:34 22,528 a------- c:\windows\system32\wscntfy.exe
2009-02-27 11:53 26,112 a------- c:\windows\system32\userinit.exe
2009-02-27 11:52 135,680 a------- c:\windows\system32\taskmgr.exe
2009-02-27 11:52 57,856 a------- c:\windows\system32\spoolsv.exe
2009-02-27 11:52 12,800 a------- c:\windows\system32\spiisupd.exe
2009-02-27 11:51 95,744 a------- c:\windows\system32\scardsvr.exe
2009-02-27 11:51 33,280 a------- c:\windows\system32\rundll32.exe
2009-02-27 11:51 76,800 a------- c:\windows\system32\nslookup.exe
2009-02-27 11:50 514,560 a------- c:\windows\system32\logonui.exe
2009-02-27 11:50 7,680 a------- c:\windows\system32\hostname.exe
2009-02-27 11:50 267,776 a------- c:\windows\system32\fxssvc.exe
2009-02-27 11:50 10,752 a------- c:\windows\system32\dumprep.exe
2009-02-27 11:50 45,568 a------- c:\windows\system32\drwtsn32.exe
2009-02-27 11:49 10,752 a------- c:\windows\system32\doskey.exe
2009-02-27 11:49 466,944 a------- c:\windows\system32\dlbucoms.exe
2009-02-27 11:48 184,320 a------- c:\windows\system32\accwiz.exe
2009-02-27 11:39 10,752 a------- c:\windows\hh.exe
2009-02-27 10:39 100,864 a------- c:\windows\system32\logagent.exe
2009-02-27 10:39 135,168 a------- c:\windows\system32\cscript.exe
2009-02-27 10:39 1,077,248 a------- c:\windows\help\sbsi\training\orun32.exe
2009-02-27 10:39 155,648 a------- c:\windows\system32\wscript.exe
2009-02-27 10:38 1,033,728 a------- c:\windows\explorer.exe
2009-02-26 23:41 704,512 a------- c:\windows\system32\ss3dfo.scr
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10 79,360 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 22,528 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2006-03-25 22:43 774,144 a------- c:\program files\RngInterstitial.dll
2008-08-05 12:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 23

21.93 ===============