|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
01-07-2009, 06:34 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 2
OS: Windows XP Pro
|
TrojanDownloader:Win32/Renos:EE HELP!!!
I'm having a problem with a Trojan virus that creates a pop-up every ten seconds and disrupts the computer. I downloaded Microsoft's Defender but it does not eliminate the problem. I'm running Windows XP Pro on a Dell Demension 8300 machine. We currently use BitDefender as virus protection. Microsoft's site claims that this is not a true virus but merely an advertisemnet scam but regardless I can't get rid of it. I've tried to restore the pc to an earlier date but it didn't take care of the issue. Can you help me as soon as possible?
Thanks DDS (Version 1.1.0) - NTFSx86 Run by Jeff at 17  31.23 on Tue 01/06/2009Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT -5:00] AV: BitDefender Client Professional Plus *On-access scanning disabled* (Updated) FW: BitDefender Client Professional Plus *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Enterprise Update Service\livesrv_em.exe C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe C:\Program Files\QuickTime\QTTask.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\Program Files\Portrait Displays\Pivot Software\floater.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\jeff\LOCALS~1\Temp\yyy74.exe C:\DOCUME~1\jeff\LOCALS~1\Temp\~tmpb.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\DOCUME~1\jeff\LOCALS~1\Temp\~tmpd.exe C:\Program Files\Research In Motion\BlackBerry\Redirector.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\pn6Di2Y4.exe C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\MW6HD7OP\dds[1].com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?referrer=theme_ign uDefault_Page_URL = hxxp://companyweb mDefault_Page_URL = hxxp://companyweb uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll BHO: NoExplorer - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Cognac] c:\docume~1\jeff\locals~1\temp\~tmpb.exe uRun: [MSFox] c:\docume~1\jeff\locals~1\temp\yyy74.exe uRun: [Installer] c:\documents and settings\jeff\local settings\temporary internet files\content.ie5\d0efcp1q\setup_241_3777_[1].exe mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe" mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe" mRun: [BDOESRV] "c:\program files\softwin\bitdefender8\bdoesrv.exe" mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blackb~1.lnk - c:\program files\research in motion\blackberry\Redirector.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) mPolicies-explorer: NoWelcomeScreen = 1 (0x1) mPolicies-system: disablecad = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll AppInit_DLLs: sockspy.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli scecli ============= SERVICES / DRIVERS =============== R4 BDLM;BitDefender Local Manager;c:\program files\common files\softwin\bitdefender local manager\bdlm.exe [2006-9-12 360448] R4 LIVESRV_EM;BitDefender Enterprise Update Service;c:\program files\common files\softwin\bitdefender enterprise update service\livesrv_em.exe [2006-7-12 245760] R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-4-29 106559] R4 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\visioneer\onetouch 4.0\OtService.exe [2007-12-21 131072] R4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?] S3 nenum13E;nenum13E;\??\c:\docume~1\john\locals~1\temp\nenum13e.sys --> c:\docume~1\john\locals~1\temp\nenum13E.sys [?] =============== Created Last 30 ================ 2009-01-05 17:16 <DIR> --d----- c:\docume~1\jeff\applic~1\VirusRemover2008 2009-01-05 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Solt Lake Software 2009-01-05 16:50 77,824 a------- c:\windows\system32\pn6Di2Y4.exe 2009-01-05 16:50 0 a------- c:\windows\system32\pn6Di2Y4.exe.a_a 2009-01-05 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd 2008-12-26 09:39 <DIR> --d----- c:\docume~1\jeff\applic~1\Blackberry Desktop 2008-12-26 09:23 256 a------- c:\windows\system32\pool.bin 2008-12-26 09:23 <DIR> --d----- c:\docume~1\jeff\applic~1\Research In Motion 2008-12-26 09:14 <DIR> --d----- c:\program files\common files\Sonic Shared 2008-12-26 09:14 <DIR> --d----- c:\program files\Roxio 2008-12-26 09:06 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys 2008-12-26 09:05 <DIR> --d----- c:\program files\common files\Research In Motion 2008-12-26 09:05 <DIR> --d----- c:\program files\Research In Motion 2008-12-26 09:01 <DIR> --dsh--- c:\windows\ftpcache ==================== Find3M ==================== 2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll 2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr 2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll 2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll 2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll 2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll 2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe 2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll 2008-10-10 07:25 89,087 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2003-09-19 16:02 61,224 a------- c:\documents and settings\jeff\GoToAssistDownloadHelper.exe ============= FINISH: 17:07:08.28 =============== |
|
     |
| Sponsored Links |
|
01-07-2009, 07:54 AM
|
#2 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 2
OS: Windows XP Pro
|
Re: TrojanDownloader:Win32/Renos:EE HELP!!!
I have found the temporary files and delete as they reoccur. They are identified as tmpa.exe and keep scrolling through the alphabet about every 5 minutes now. Each time I delete from the folders and give myself a small break. tmpb.exe, tmpc.exe, tmpd.exe...etc.
|
|
|
|
|
01-10-2009, 01:17 PM
|
#3 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 6,344
OS: XP Home SP3, XP MCE SP3, XP Pro SP3
|
Re: TrojanDownloader:Win32/Renos:EE HELP!!!
Hello and welcome to TSF.
If you still require assistance, please post a fresh DDS.txt as it has been a few days since you posted. We would also need the GMER log. GMER: =====  Download GMER Rootkit Scanner from here or here.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Pleas post the DDS.txt and the ark.txt.
__________________
My services are free. However, you can donate to TSF to help keep it running.   Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
01-14-2009, 11:43 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 6,344
OS: XP Home SP3, XP MCE SP3, XP Pro SP3
|
Re: TrojanDownloader:Win32/Renos:EE HELP!!!
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
http://www.techsupportforum.com/secu...oval-help.html
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
| Thread Tools | |
|
|
