Tech Support Forum banner
Status
Not open for further replies.

Got a Virus but dunno even its name!

1K views 2 replies 1 participant last post by  PG5 
#1 ·
Hi there!
A couple of days ago, in trying to download a torrent I think I caught a malware. I thought BitDefender 2010, my AntiVirus, had put it in quarantine but for the past two days, everytime I boot into Windows 7, before I do anything, some crash-report window appears (today they were 3!) I ran a BitDefender "deep scan" but after some 2 hrs it came up clean. Clearly there's something wrong because as soon as I boot Win7 the windows keep popping up. See picture attached.
Can anyone suggest some solution to this problem?
Thank you for your time.
P.
 

Attachments

See less See more
1
#2 ·
I'm posting the DDS.txt and attaching the Attach.zip files. I also downloaded and ran gmer.exe but for some unknown reason it stops working after sometime, maybe it's the virus' effect (I first turned off BitDefender Antivirus).
I am therefore unable to post the ark.txt file. Hope someone can help me. Thanks.

Code:
 .
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Pooja at 17:21:25 on 2011-12-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1033.18.2046.1257 [GMT 1:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>] 
uRun: [4G4I8F7I8C3X2D8AMGYYIEDLSM] c:\gfweq23.bi\C08436D14F4.exe /q
uRun: [{35F17893-74FC-1280-CC47-48617E40B898}] c:\users\pooja\appdata\roaming\xafu\enzar.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\pooja\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\pooja\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\pooja\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{C56F50D1-E75F-4E1A-83A8-CFE604E49A8F} : NameServer = 213.205.32.70,213.205.36.70
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pooja\appdata\roaming\mozilla\firefox\profiles\hefpyisu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72784]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79952]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 85128]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
.
=============== Created Last 30 ================
.
2011-12-07 10:05:55	--------	d-----w-	c:\users\pooja\appdata\roaming\Yvaciz
2011-12-07 10:05:55	--------	d-----w-	c:\users\pooja\appdata\roaming\Xafu
2011-12-06 19:48:11	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-12-06 19:47:57	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-12-02 15:16:03	--------	d-----w-	c:\program files\Packet Tracer 5.2
2011-11-17 12:57:29	--------	d-----w-	c:\program files\InfraRecorder
2011-11-11 19:21:56	708608	----a-w-	c:\program files\common files\system\wab32.dll
2011-11-11 19:21:54	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-11 19:21:52	2341888	----a-w-	c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2011-11-17 09:39:42	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:22:52.10 ===============
 

Attachments

#3 · (Edited)
"Windows Explorer has stopped working"? Now shut down!

After a lot of problems I managed to get GMER.exe working (see attached zip file). I turned off the Antivirus, renamed GMER.exe into xyz.exe (thought it might help get to the end), then unchecked "Sections", "IAT/EAT","D:" and "Show all". Told it to SCAN and crossed my fingers hoping it would go till the end.
Please someone help me solve this one!
 

Attachments

Status
Not open for further replies.
You have insufficient privileges to reply here.
Top