Oh dear god please help me!

[rocketaudi]

Whatever is in my computer is absolutely out of hand. I'm working and posting from my new laptop while the other one sits next to me getting worse by the minute. I read the instructions for asking a question. I downloaded DDS and I've attached the log files as requested. I tried the GMER application and it wouldn't run. So I don't have that particular log file.

As far as describing my problem in detail.. To start, this is the product of my own stupidity. I'm very aware of what to do and not do on the internet, and what to download and what not to.. but everyone makes mistakes. I downloaded something on limewire, opened it and poof, trouble. Please don't berate me, I've beaten myself up enough. The symptopms started with a very cliche maximized firefox window screaming 'free porn', and a bunch of error messages. I ran AVG and ad-aware, which found a load of stuff and supposedly cleaned it. After restarting, the computer would freeze after half a minute or so. I started opening the task manager as soon as possible, and ridiculous processes like lijeh9r78y.exe would start themselves and it would freeze at about 70 running processes. Sooo, I started the task manager on startup and just ended processes until i got to the familiar ones. This made it stable enough to work on. I ran hijack this and found some odd registry entries. I looked up a few and found out they were bad, such as reader_s.exe, twext.exe, sbinagifi.dll. Madness ensued, now it will randomly open the my documents folder over and over, I have about 20 svchost processes running, multiple winlogonn.exe, I get a lot of letters/numbers.tmp, the wallpaper doesnt show up and I'm getting frustrated. Thats all i can think of so far, I attached the DDS logs that I got. Please advise.

Edit: After reading through a few threads I feel i should add: IE and Firefox both redirected me from google and were generally unhelpful. I am downloading all applications from the good laptop and flash driving them over.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Justin Rauch at 16:25:30.47 on Sun 02/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.87 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Zune\ZuneNss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
svchost.exe C:\WINDOWS\TEMP\VRT22.tmp
C:\WINDOWS\system32\taskmgr.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\rdl9A.tmp
C:\WINDOWS\TEMP\winlognn.exe
C:\Documents and Settings\Justin Rauch\My Documents\My Downloads\dds.scr
C:\WINDOWS\system32.exe
C:\WINDOWS\TEMP\382169600.exe
"C:\Program Files\Microsoft Common\svchost.exe" explorer.exe
C:\WINDOWS\winsock32.exe
C:\WINDOWS\TEMP\winlognn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\rdl9C.tmp
C:\WINDOWS\explorer.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\temp\init.exe,c:\windows\system32\twext.exe,
BHO: c:\windows\system32\gyuvgfytre56yftyd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gyuvgfytre56yftyd.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [gpl8ggzyvecm23ttcr8o9hs] c:\windows\temp\vqdffxb.exe
uRun: [xs1sbw9kp3i3wiwf781pcq3tldibm11n4] c:\windows\temp\t0f2xd7esw.exe
uRun: [vx5iy2k505r8g9b7hicfmzjc2s6ouiwu1dzd3gxffbb4s7] c:\windows\temp\v21ipm.exe
uRun: [jk1fqp3sh69k7q5ge8wyti9ykc7r] c:\windows\temp\eys12xh.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [services] c:\windows\services.exe
dRun: [reader_s] c:\documents and settings\justin rauch\reader_s.exe
dRun: [services] c:\windows\services.exe
dRun: [Win32load] \sysrc32.exe -lds
uExplorerRun: [services] c:\windows\services.exe
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: crypt - crypts.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: xfvfxy.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hs78344kjkfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hs78344kjkfd.dll
STS: c:\windows\system32\gyuvgfytre56yftyd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gyuvgfytre56yftyd.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQHbAs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\lfw2kza9.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxps://mail.umdnj.edu/uwc/auth
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\justin rauch\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: XUL Cache: {73966D5B-F404-4A4B-9E70-0CF17AFB1961} - c:\documents and settings\justin rauch\local settings\application data\{73966D5B-F404-4A4B-9E70-0CF17AFB1961}

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-14 64160]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-14 325128]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-14 27656]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-14 107272]
R1 nwwmusbb;nwwmusbb;c:\windows\system32\drivers\NWWMUSBB.sys [2009-2-14 86144]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-14 298264]
R2 ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-11-15 14336]
R3 bfastfao;bfastfao;c:\docume~1\justin~1\locals~1\temp\bfastfao.sys [2004-2-2 15872]
S1 554c745b;554c745b;c:\windows\system32\drivers\554c745b.sys [2009-2-14 0]
S1 nfr.sys;nfr.sys;\??\c:\windows\system32\drivers\nfr.sys --> c:\windows\system32\drivers\nfr.sys [?]
S2 ccevtsvc;CcEvtSvc;c:\windows\system32\ccevtsvc.exe -k netsvcs --> c:\windows\system32\CcEvtSvc.exe -k netsvcs [?]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S2 network monitor;Network Monitor;c:\program files\network monitor\netmon.exe service --> c:\program files\network monitor\netmon.exe service [?]
S2 nfragent;nfragent;c:\windows\system32\svchost.exe -k nfrsvc [2004-11-15 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 nidsdrv;nidsdrv;\??\c:\windows\system32\nidsdrv.sys --> c:\windows\system32\nidsdrv.sys [?]
S3 protect;protect;c:\windows\system32\drivers\protect.sys [2009-2-22 18944]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2005-8-9 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2005-8-9 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2005-8-9 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2005-8-9 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2005-8-9 69632]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2009-2-22 6656]

=============== Created Last 30 ================

2009-02-22 16:25 15,000 a------- c:\windows\system32\gyuvgfytre56yftyd.dll
2009-02-22 16:25 64,512 a------- c:\windows\winsock32.exe
2009-02-22 15:39 55,809 a------- c:\windows\services.exe
2009-02-22 15:39 37,376 a------- c:\windows\system32\2B.tmp
2009-02-22 15:39 64,000 a------- c:\windows\system32\actcontroller.exe
2009-02-22 15:39 67,585 a------- c:\windows\system32\29.tmp
2009-02-22 15:39 168 a------- c:\windows\system32\23.tmp
2009-02-22 15:30 64,000 a------- c:\windows\system32\breakin.exe
2009-02-22 15:29 67,585 a------- c:\windows\system32\22.tmp
2009-02-22 15:29 38,913 a------- c:\windows\system32\1D.tmp
2009-02-22 15:29 168 a------- c:\windows\system32\1A.tmp
2009-02-22 15:23 <DIR> --d----- c:\windows\ERUNT
2009-02-22 14:37 6,656 a------- c:\windows\system32\drivers\restore.sys
2009-02-22 14:37 47,104 a------- c:\documents and settings\justin rauch\reader_s.exe
2009-02-22 14:37 47,616 a------- c:\windows\system32\reader_s.exe
2009-02-22 14:37 37,888 a------- c:\windows\system32\39.tmp
2009-02-22 14:36 0 a------- c:\windows\system32\28.tmp
2009-02-22 14:36 25,601 a------- c:\windows\system32\27.tmp
2009-02-22 14:36 168 a------- c:\windows\system32\26.tmp
2009-02-22 14:04 38,912 a------- c:\windows\Sbinagifi.dll
2009-02-22 14:03 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-02-22 14:03 41,985 a------- c:\windows\services.ex_
2009-02-22 14:03 64,000 a------- c:\windows\system32\hhw.exe
2009-02-22 14:03 37,888 a------- c:\windows\system32\21.tmp
2009-02-22 14:03 67,585 a------- c:\windows\system32\1B.tmp
2009-02-22 14:03 168 a------- c:\windows\system32\19.tmp
2009-02-22 13:50 <DIR> --dsh--- c:\windows\system32\twain_32
2009-02-22 13:25 32,256 a------- c:\windows\system32\crypts.dll
2009-02-22 13:25 102,912 a------- c:\windows\kernel32.exe
2009-02-22 13:06 15,000 a------- c:\windows\system32\eawdh3hbg87dkjn.dll
2009-02-22 11:20 37,376 a------- c:\windows\system32\24.tmp
2009-02-22 11:20 64,000 a------- c:\windows\system32\vmware-ufad.ex_
2009-02-22 11:20 30,208 a------- c:\windows\system32\22.tm_
2009-02-22 11:20 25,601 a------- c:\windows\system32\20.tmp
2009-02-22 11:19 45,056 a------- c:\windows\system32\18.tmp
2009-02-22 11:19 212 a------- c:\windows\system32\17.tmp
2009-02-21 10:10 40,960 a------- c:\windows\kj
2009-02-21 10:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-21 10:09 1 a------- c:\windows\system32\1F.tmp
2009-02-21 10:09 88 a------- c:\windows\system32\1E.tmp
2009-02-21 09:23 1 a------- c:\windows\system32\15.tmp
2009-02-21 09:23 88 a------- c:\windows\system32\14.tmp
2009-02-21 09:19 1 a------- c:\windows\system32\13.tmp
2009-02-21 09:19 88 a------- c:\windows\system32\F.tmp
2009-02-21 09:16 1 a------- c:\windows\system32\1C.tmp
2009-02-21 09:16 88 a------- c:\windows\system32\16.tmp
2009-02-20 16:31 37,888 a------- c:\windows\system32\12.tmp
2009-02-20 16:31 2,560 a------- c:\windows\system32\11.tmp
2009-02-20 16:30 88,065 a------- c:\windows\system32\E.tmp
2009-02-20 16:30 24,577 a------- c:\windows\system32\C.tmp
2009-02-20 16:30 208 a------- c:\windows\system32\A.tmp
2009-02-20 16:28 616 a------- c:\windows\system32\10.tmp
2009-02-20 16:28 6 a------- c:\windows\_id.dat
2009-02-20 16:27 130 a------- c:\windows\adobe.bat
2009-02-20 16:27 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-02-20 16:27 2,560 a------- c:\windows\system32\D.tmp
2009-02-20 16:27 105,030 a------- c:\windows\system32\CcEvtSvc.exe
2009-02-20 16:27 88,065 a------- c:\windows\system32\B.tmp
2009-02-20 16:27 208 a------- c:\windows\system32\9.tmp
2009-02-20 16:27 <DIR> --d----- c:\program files\Microsoft Common
2009-02-15 13:30 <DIR> --d----- c:\windows\LastGood.Tmp
2009-02-15 13:07 133,632 a------- c:\windows\ayufbukuk.dll
2009-02-15 12:56 99,696 a------- c:\windows\system32\drivers\65c088d8.sys
2009-02-15 12:55 40,448 a------- C:\xyephkl.exe
2009-02-15 12:55 102,912 a------- C:\dykhyp.exe
2009-02-15 12:55 148,992 a------- C:\cxfagn.exe
2009-02-15 12:55 64,512 a------- C:\flirxnj.exe
2009-02-15 12:55 60,928 a------- C:\cwxwwgtl.exe
2009-02-15 10:27 0 a------- c:\windows\system32\mcrh.tmp
2009-02-15 09:21 1,481 a------- C:\nfr.bat
2009-02-15 00:09 0 a------- c:\windows\system32\drivers\nfr.dll.gpref
2009-02-14 23:57 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-14 23:48 0 a------- c:\windows\system32\drivers\nfr.dll.assembly
2009-02-14 18:42 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-14 18:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-14 14:08 94,208 a------- c:\windows\system32\TOCRdll.dll
2009-02-14 14:08 95 a------- c:\windows\TOCR.ini
2009-02-14 14:08 3 a------- c:\windows\system32\bversion.dll
2009-02-14 14:08 <DIR> --d----- c:\program files\LanqiEngine
2009-02-14 14:08 94,208 a------- c:\windows\system32\TRSOCR.dll
2009-02-14 14:08 95 a------- c:\windows\system32\TRSOCR.ini
2009-02-14 14:05 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-14 14:04 32,137,216 a------- c:\windows\system32\TRSOCR.dat
2009-02-14 14:04 565,248 a------- c:\windows\system32\IPHACTION.dll
2009-02-14 14:01 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-14 14:01 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-14 14:01 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-14 14:01 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-14 14:00 <DIR> --d----- c:\program files\AVG
2009-02-14 13:51 0 a------- c:\windows\system32\IpSvchostF.dll
2009-02-14 13:43 18,432 a------- c:\windows\system32\AUTMGR.EXE
2009-02-14 13:43 989,696 a------- c:\windows\system32\kernel32_check.dll
2009-02-14 13:42 10,240 a------- c:\windows\system32\Packer.dll
2009-02-14 13:42 9 a------- c:\windows\system32\iphy.dll
2009-02-14 13:42 3 a------- c:\windows\system32\fhpatch.dll
2009-02-14 13:42 0 a------- c:\windows\system32\fiplock.dll
2009-02-14 13:42 197 a------- c:\windows\system32\xcchit32.ini
2009-02-14 13:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-14 12:55 1,583,467 ---sh--- c:\windows\system32\vctoffds.ini
2009-02-14 12:55 73,728 a------- c:\windows\system32\sdffotcv.dll
2009-02-14 12:54 43,456 a--sh--- c:\windows\system32\sAbHQXyb.ini2
2009-02-14 12:54 32,068 a--sh--- c:\windows\system32\sAbHQXyb.ini
2009-02-14 12:54 303,104 a------- c:\windows\system32\byXQHbAs.dll.vir
2009-02-14 12:53 134,144 a------- c:\windows\ulitoxol.dll
2009-02-14 09:56 29,184 a------- C:\vsuirwl.exe
2009-02-14 09:52 <DIR> --d----- c:\program files\Network Monitor
2009-02-14 09:51 932 a------- c:\windows\system32\drivers\core.cache.dsk
2009-02-14 09:51 <DIR> --dsh--- c:\windows\system32\sysproc64
2009-02-14 09:51 86,144 a------- c:\windows\system32\drivers\NWWMUSBB.sys
2009-02-14 09:51 44,032 a------- C:\ainhkx.exe
2009-02-14 09:51 <DIR> --d----- c:\temp\1cb
2009-02-14 09:51 <DIR> --d----- c:\windows\system32\th3
2009-02-14 09:51 <DIR> --d----- c:\windows\system32\mem5
2009-02-14 09:51 <DIR> --d----- c:\windows\system32\ghu02
2009-02-14 09:51 <DIR> --d----- c:\temp\itmp2
2009-02-14 09:50 44,032 ---sh--- c:\documents and settings\justin rauch\winlogon.exe
2009-02-14 09:50 <DIR> --d----- c:\temp\sTMP3
2009-02-14 09:47 <DIR> --dsh--- c:\documents and settings\justin rauch\Localdir
2009-02-14 09:41 82 a------- c:\docume~1\alluse~1\applic~1\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat

==================== Find3M ====================

2009-02-20 16:27 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-02-15 10:19 0 a------- c:\windows\system32\drivers\554c745b.sys
2009-02-14 13:58 147,456 a------- c:\windows\system32\vbzip10.dll
2009-02-14 09:50 3,182 a------- c:\windows\ios.dat
2009-02-14 09:50 44,032 a------- C:\sapcrdco.exe
2009-01-08 19:37 50,832 a------- c:\docume~1\justin~1\applic~1\GDIPFONTCACHEV1.DAT
2006-07-05 07:37 8 a------- c:\docume~1\justin~1\applic~1\usb.dat.bin
1998-11-17 12:09 45,056 a------- c:\windows\inf\Vizpnpin.exe
1998-10-12 12:23 40,960 a------- c:\windows\inf\vizpnp\Vipersti.dll
1998-07-30 13:44 19,112 a------- c:\windows\inf\vizpnp\Pmxscan.sys

============= FINISH: 16:27:17.42 ===============

[rocketaudi]

I got gmer to run this morning, i renamed it gmer1 after reading a few posts that recommended doing somthing similar. I've attached the zip file requested with both ark.txt and attach.txt. Thanks

[tetonbob]

Hello -

I'd like to confirm what I think to be bad news for you. if I'm right, it means a complete format of the machine.

Please go to: VirusTotal

• On the page you'll find a "Browse" button.
  
• Next to the browse button you'll see a box to enter text.
• Please copy/paste the following:
  
  c:\windows\system32\reader_s.exe
  
  
• Then click the "Send File " button just below.
• This will scan the file. Please be patient.
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Once scanned, copy and paste the results in your next reply.
  
• Please repeat for the following files:
  
  • c:\documents and settings\justin rauch\reader_s.exe
    
    C:\WINDOWS\explorer.exe
    

[rocketaudi]

Done. Here are the results for each:

c:\windows\system32\reader_s.exe
File reader_s.exe received on 02.23.2009 21:01:08 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 16/39 (41.03%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 Win32:Small-MRB
AVG 8.0.0.237 2009.02.23 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 -
F-Secure 8.0.14470.0 2009.02.23 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 Win32:Small-MRB
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 Virus.Win32.Virut.ce
McAfee 5534 2009.02.23 W32/Virut.n.gen
McAfee+Artemis 5534 2009.02.23 W32/Virut.n.gen
Microsoft 1.4306 2009.02.23 Virus:Win32/Virut.BM
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 W32/Sality.AO
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 Win32.Virut.Gen
Sophos 4.39.0 2009.02.23 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.23 W32.Virut.CF
TheHacker 6.3.2.5.263 2009.02.23 W32/Virut.gen
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 Virus.Win32.Virut.X5
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 47616 bytes
MD5...: 498719f9456f1d52fd0ba91da22a0339
SHA1..: 5d187b6a9e09c362d4efb34f3fd83a98f7f2233d
SHA256: 34137d60a04cdb967c615dc781e90df57c626b8b0717b7e307aee6296d545dba
SHA512: 5587edfdea7278058812409db7ab11af747f91a2b1a4498071844af29bbc87de
fb55858131eb1f2248f2c43c38628269ee96fad98abcbf3568bfeb8f2d2322fb
ssdeep: 768:01G/GforqGQJwLCKjFxzPx5sd+EX8Z9UbgdtZh8TT6YKuf/0bH7meP2qLgxm
OlId:0A/oorqGQeuKBx7xkPMZybgdDh8TO03a

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401351
timedatestamp.....: 0x481e349c (Sun May 04 22:11:40 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x400 0x400 6.03 b919702bdf0ad81ea0cc0a30e1d1f307
.rsrc 0x2000 0xbe00 0xb200 7.93 b9b4844def6615afa8d4c9c575b61cb7

( 1 imports )
> KERNEL32.dll: GetFileType, GetTickCount

( 0 exports )

c:\documents and settings\justin rauch\reader_s.exe
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 Win32:Small-MRB
AVG 8.0.0.237 2009.02.23 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 -
F-Secure 8.0.14470.0 2009.02.23 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 Win32:Small-MRB
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 Virus.Win32.Virut.ce
McAfee 5534 2009.02.23 W32/Virut.n.gen
McAfee+Artemis 5534 2009.02.23 W32/Virut.n.gen
Microsoft 1.4306 2009.02.23 Virus:Win32/Virut.BM
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 W32/Sality.AO
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 Win32.Virut.Gen
Sophos 4.39.0 2009.02.23 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.23 W32.Virut.CF
TheHacker 6.3.2.5.263 2009.02.23 W32/Virut.gen
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 Virus.Win32.Virut.X5
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 47104 bytes
MD5...: 350a1c8cf309992e92c1a0a7e359506f
SHA1..: a67dd233b5a25b087000875c209785f0ad38bcbb
SHA256: 9490b632b1613a4e735381962e469bdb0cc802f0a1fc38dd8cbdc7ab4dff0d97
SHA512: 40e44f1a1a72c8f7f77584fc4f3d339d8045f130c060058242f4d07590e1672a
876cee981bc9db712f946901a271547453ec696b5d6c2e9eb63a123e4820f174
ssdeep: 768:EPG/GforqGQJwLCKjFxzPx5sd+EX8Z9UbgdtZh8TT6YK+6Hrx3Cxe/4cmM8G
jvJj:E+/oorqGQeuKBx7xkPMZybgdDh8TOBLF

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4012f8
timedatestamp.....: 0x481e349c (Sun May 04 22:11:40 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x400 0x400 6.02 96d5cac8a0c116d4922a42b588ee9ead
.rsrc 0x2000 0xbe00 0xb000 7.96 990d92a6d47ed9ed6768a67f03c6c428

( 1 imports )
> KERNEL32.dll: GetFileType, GetTickCount

( 0 exports )

C:\WINDOWS\explorer.exe
File explorer.exe received on 02.23.2009 2112 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 16/39 (41.03%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 Trojan.Win32.Patched!IK
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 W32/Virut.Gen
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 -
AVG 8.0.0.237 2009.02.23 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 W32/Patched.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.23 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 Trojan.Win32.Patched
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 Virus.Win32.Virut.ce
McAfee 5534 2009.02.23 W32/Virut.n.gen
McAfee+Artemis 5534 2009.02.23 W32/Virut.n.gen
Microsoft 1.4306 2009.02.23 Virus:Win32/Virut.BM
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 W32/Sality.AO
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 Win32.Virut.Gen
Sophos 4.39.0 2009.02.23 W32/Scribble-A
Sunbelt 3.2.1855.2 2009.02.17 Win32.Virut.cf (v)
Symantec 10 2009.02.23 W32.Virut.CF
TheHacker 6.3.2.5.263 2009.02.23 W32/Virut.gen
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 Virus.Win32.Virut.X5
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 1050624 bytes
MD5...: 83c7c846a27ee5110dedfff6b66168e5
SHA1..: c3e2fc00a90f4d510c87009431fe7505e73c564a
SHA256: b9e406b78b6327fc965b192b2350c24dfe34254565f1ad592377cd49385f1e72
SHA512: c2a1378118418c781184e267f24720b4a856fc4deec3894f29b29bd096bb4c66
7c429c85e899f9fcb8fccde7f24239b14e7d2bf8d70eaab9a19dba3c296703ca
ssdeep: 12288:pHmcoCUyZtwAvAs4wTCyrPTPoHWYUrkf8w0Vnzac1/g/J/vMSsU:tmfty/
wAvN7lrVbkf8w0VnH1/g/J/kl

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1045c81
timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44e00 0x44e00 6.39 8a0c340880f7f3a2be4dafda54a3023b
.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 0x48000 0xb2268 0xb2400 6.63 95339c37646fa93e3695e06572a21889
.reloc 0xfb000 0x8800 0x7a00 7.65 7c146d5e2b59d66eca35b5dd5fff8d56

( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )



I apologize for the lousy text format, but I'm working from my good computer via a flash drive. Is that safe btw? I have autorun turned off and im only opening the text files.. Thanks so much for your help

[tetonbob]

Hello, the format is fine....but the results are as I expected, and you're not going to like it.

Quote:

I'm working from my good computer via a flash drive. Is that safe btw?

Possibly not....

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:

http://miekiemoes.blogspot.com/2009/...-throwing.html

[rocketaudi]

All my important files are backed up on an external hd prior to the infection. im ready now to do whatever i have to to clean this up. Where do I go from here?

[rocketaudi]

tetonbob, i really appreciate your help here. unfortunately i have to run, i have class till 9 tonight. i will be available then or all tomorrow morning to get this resolved. if a format is in order, its been years since ive been involved with that and i could use some guidance, or a point in the right direction. i also have a few questions regarding how to avoid this in the future on the xp machine, and especially on the new vista laptop. i look forward to hearing from you, and thanks for your patience with my school schedule. education is key right?

[tetonbob]

You can read here for a guide to reinstall Windows

http://web.mit.edu/ist/products/winx...ll-format.html

If you need further assistance, ask the folks in the Windows XP support forum. The staff and members in that area will be better able to assist you with that.

To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

Surf Safely, and Think Prevention!

[rocketaudi]

Thanks so much for your help. What you folks do for people here is epic. Feel appreciated.

[tetonbob]

I would have liked to have done more, but sometimes we have to be the bearers of bad news.

Thanks for the kind words, and stay safe out there, the internet's a jungle.

Think Prevention!

Since this issue is resolved, this topic will be archived.