|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-16-2009, 05:00 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2009
Posts: 1
OS: xp
|
Comodo reporting malware
Comodo is reporting malware in system32\wpa.dll, instsrv.exe and svrany.exe
I started to run DDS, but contrary to the guidance, it tried to modify registry entries. I ran Spybot and allowed it to clear wpa.dll, but next time I started, I had to go through re-validating Windows XP by phone (the laptop doesn't have an ethernet port, and as I couldn't log in it wouldn't start the wireless networking) HijackThis log follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:31:37, on 16/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer soft button\wsbklite.exe C:\Program Files\Acer soft button\SB.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vsnp2uvc.exe C:\WINDOWS\tsnp2uvc.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Wise Backlight] "C:\Program Files\Acer soft button\wsbklite.exe" O4 - HKLM\..\Run: [Software Button] "C:\Program Files\Acer soft button\SB.exe" O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [ChkMail] PY O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1220040368194 O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 6379 bytes COMODO Internet Security Logs Table : Antivirus Logs Date Created : 16/03/2009 22:57:52 Log Scope : Today Records count : 37 Date/Time Action Location Malware Name Status 16/03/2009 21:39:51 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 21:40:18 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:29:46 Detect C:\WINDOWS\srvany.exe Backdoor.Win32.Agent.~EWC@423249 Success 16/03/2009 22:30:01 Ignore C:\WINDOWS\srvany.exe Backdoor.Win32.Agent.~EWC@423249 Success 16/03/2009 22:31:40 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:31:48 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:31:53 Detect C:\WINDOWS\srvany.exe Backdoor.Win32.Agent.~EWC@423249 Success 16/03/2009 22:31:59 Ignore C:\WINDOWS\srvany.exe Backdoor.Win32.Agent.~EWC@423249 Success 16/03/2009 22:32:05 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:32:12 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:32:19 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:32:26 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:32:27 Detect C:\WINDOWS\srvany.exe Backdoor.Win32.Agent.~EWC@423249 Success 16/03/2009 22:34:38 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:34:45 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:34:58 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:35:40 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:06 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:39:10 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:39:10 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:39:14 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:39:36 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:40 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:40 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:45 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:45 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:48 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:48 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:51 Ignore C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:39:51 Detect C:\WINDOWS\system32\wpa.dll Unclassified Malware@5370232 Success 16/03/2009 22:41:55 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:16 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:16 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:20 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:20 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:24 Ignore C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success 16/03/2009 22:42:24 Detect C:\WINDOWS\instsrv.exe Unclassified Malware@6421737 Success End of The Report Help and guidance much appreciated! Regards Robert |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-25-2009, 09:22 AM
|
#2 (permalink) | ||
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 8,169
OS: XP SP3
|
Re: Comodo reporting malware
Hello and welcome to TSF.
Sorry for the delay in response. Quote:
HijackThis is no longer the preferred initial analysis tool in this forum. If you still require assistance, we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a Quote:
Please follow our pre-posting process outlined here: http://www.techsupportforum.com/secu...oval-help.html After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
My services are free. However, you can donate to TSF to help keep it running.   Member of ASAP since 2005 Member of UNITE since 2006 |
||
|
|
|
| Thread Tools | |
|
|
