|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-28-2009, 06:12 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 4
OS: xp
|
Please help - Trojan virus
Hello,
Three days ago I accidentally downloaded a suspicious file which has installed a trojan virus on my laptop. I have run the AVG computer scanner and i have run spybot (which cant remove one file) and trojanhunter which both find things but do not seem to cure the problem. When i turn on my laptop my firewall has been turned off and when i am surfing on firefox i get pop ups from avg telling me that i have a "trojan horse downloader.generic.8.AICH" when i click heal it tells me that the file is not there and cannot be deleted and when i click move to vault the warning disappears but when i look in the virus vault it is empty. Recently my firewall is no longer turning itself off however i am still receiving pop ups from avg telling me i have a trojan. I have disabled the windows system restore as i read so on another site. Any help would be appreciated. Today when i turned my laptop on it started playing the song "requium for a dream" which i dont even have on my laptop. which was pretty scary. Also i am no longer recieving notifications from AVG telling me i have problems, but i know i do. somtimes when i try to load a program it tells me i have insufficiant space to load it. Thanks in advance, josh here is the DDS, i have also attatched the other files: DDS (Ver_09-03-16.01) - NTFSx86 Run by Diane Kiff at 12:48:17.34 on 28.04.2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1461 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k eapsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k dot3svc C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\WINDOWS\dhcp\svchost.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PSIService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Diane Kiff\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe, TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://messenger.zone.msn.com/binary/ZAxRcMgr.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dianek~1\applic~1\mozilla\firefox\profiles\n6sphgta.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php? FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\diane kiff\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\diane kiff\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-26 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-3 27656] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-26 298264] R2 DhcpSrv;Dhcp server;c:\windows\dhcp\svchost.exe [2009-4-27 256512] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2007-9-19 467456] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2007-9-19 15488] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?] =============== Created Last 30 ================ 2009-04-27 08:59 <DIR> --d----- c:\windows\system32\3361 2009-04-27 08:59 108,336 a------- c:\windows\system32\MSWINSCK.OCX 2009-04-27 08:59 <DIR> --d----- c:\windows\dhcp 2009-04-26 19:42 <DIR> --d----- c:\documents and settings\diane kiff\DoctorWeb 2009-04-26 16:30 <DIR> --d----- c:\docume~1\dianek~1\applic~1\Malwarebytes 2009-04-26 16:29 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-26 16:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-26 16:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-04-26 16:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-04-26 16:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-04-26 16:28 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-04-26 16:28 <DIR> --d----- c:\docume~1\dianek~1\applic~1\SUPERAntiSpyware.com 2009-04-26 16:28 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-04-26 03:30 <DIR> --d----- c:\docume~1\dianek~1\applic~1\TrojanHunter 2009-04-26 03:14 <DIR> --d----- c:\program files\TrojanHunter 5.0 2009-04-25 19:08 132,608 -------- c:\windows\system32\VT100.EXE 2009-04-25 19:06 93 a------- c:\windows\BBW_INFO.INI 2009-04-25 19:06 <DIR> --d----- c:\docume~1\dianek~1\applic~1\Plogue 2009-04-25 18:52 <DIR> --d----- c:\program files\Songsmith 2009-04-20 13:38 <DIR> --d-h--- C:\BJPrinter 2009-04-20 13:37 7,680 a------- c:\windows\system32\CNMVS61.DLL 2009-04-20 13:37 116,736 a------- c:\windows\system32\CNMLM61.DLL 2009-04-18 14:08 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-04-18 14:08 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb 2009-04-18 14:07 236,032 -------- c:\windows\system32\dllcache\wordpad.exe 2009-04-18 14:06 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2009-04-18 14:06 55,808 -------- c:\windows\system32\dllcache\sc.exe 2009-04-18 14:06 401,408 -------- c:\windows\system32\dllcache\rpcss.dll 2009-04-18 14:06 131,072 -------- c:\windows\system32\dllcache\services.exe 2009-04-18 14:06 473,600 -------- c:\windows\system32\dllcache\fastprox.dll 2009-04-18 14:06 248,320 -------- c:\windows\system32\dllcache\wmiprvse.exe 2009-04-18 14:06 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-18 14:06 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-04-18 14:06 617,472 -------- c:\windows\system32\dllcache\advapi32.dll 2009-04-18 14:06 714,752 -------- c:\windows\system32\dllcache\ntdll.dll 2009-04-14 23:01 110,592 a------- c:\windows\unvise32.exe 2009-04-12 00:47 <DIR> --d----- c:\program files\WinSCP 2009-04-06 21:05 <DIR> --d----- c:\program files\iPod 2009-04-06 21:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-05 00:24 <DIR> --d----- c:\program files\GiPo@Utilities 2009-04-04 22:55 <DIR> --d----- c:\windows\system32\QuickTime 2009-04-04 22:54 <DIR> --d----- c:\docume~1\dianek~1\applic~1\DAEMON Tools Pro 2009-04-04 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2009-04-04 22:52 <DIR> --d----- c:\program files\DAEMON Tools Lite 2009-04-04 22:52 <DIR> --d----- c:\docume~1\dianek~1\applic~1\DAEMON Tools Lite ==================== Find3M ==================== 2009-04-25 19:08 2,145,280 ----h--- c:\windows\system32\ntoskrnl.exe 2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-06 00:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll 2009-03-06 00:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys 2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll 2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll 2009-02-28 05:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe 2009-02-20 11:20 91,136 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 11:20 34,304 a------- c:\windows\system32\dllcache\ieudinit.exe 2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll 2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll 2009-02-09 13:10 142,336 a----r-- c:\windows\system32\twext.exe 2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll 2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll 2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll 2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll 2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe 2009-02-06 12:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 12:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 11:39 55,808 a------- c:\windows\system32\sc.exe 2009-02-06 11:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-05 23:21 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll 2009-02-03 20:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2007-09-13 19:41 168 a--shr-- c:\windows\system32\265CF57462.sys 2006-10-13 00:03 56 a--shr-- c:\windows\system32\6274F55C26.sys 2007-09-13 19:48 12,208 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-08-18 15:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat ============= FINISH: 12:53:21.93 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-29-2009, 06:50 AM
|
#2 (permalink) | |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,548
OS: XP SP3
|
Re: Please help - Trojan virus
Hello and Welcome to TSF.
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud? ------------------------------------------------------ Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance. Quote:
------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Get help here Please post the C:\ComboFix.txt in your next reply for further review. ------------------------------------------------------ |
|
|
|
|
|
04-29-2009, 08:37 AM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 4
OS: xp
|
Re: Please help - Trojan virus
when i try to run combofix it cant open and tells me that i need to download a fresh version as i might have a file patching virus (virut)
I have tried downloading it on another computer then transfering it it to my laptop but i still get the same error. what do you suggest? thanks Last edited by jkneon; 04-29-2009 at 08:57 AM. |
|
|
|
|
04-29-2009, 09:58 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,548
OS: XP SP3
|
Re: Please help - Trojan virus
Hello jkneon.
Please go to: VirusTotal
|
|
|
|
|
04-29-2009, 10:44 AM
|
#5 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 4
OS: xp
|
Re: Please help - Trojan virus
after the file has finished scanning it says "Current status:Finished" however when i copy and past it it says "Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED". Not sure if this is normal. anyway here is what ive got:
File explorer.exe received on 04.29.2009 18:51:19 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 22/39 (56.42%) Loading server information... Your file is queued in position: 3. Estimated start time is between 50 and 72 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.29 Trojan.Win32.Patched!IK AhnLab-V3 5.0.0.2 2009.04.29 - AntiVir 7.9.0.156 2009.04.29 W32/Virut.Gen Antiy-AVL 2.0.3.1 2009.04.29 - Authentium 5.1.2.4 2009.04.29 W32/Virut.AI!Generic Avast 4.8.1335.0 2009.04.28 Win32:Vitro AVG 8.5.0.287 2009.04.29 Win32/Virut BitDefender 7.2 2009.04.29 - CAT-QuickHeal 10.00 2009.04.29 W32.Virut.G ClamAV 0.94.1 2009.04.29 - Comodo 1141 2009.04.29 - eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6482 2009.04.29 Win32/Virut.17408 F-Prot 4.4.4.56 2009.04.29 W32/Virut.AI!Generic F-Secure 8.0.14470.0 2009.04.29 Virus.Win32.Virut.ce Fortinet 3.117.0.0 2009.04.29 W32/Virut.CE GData 19 2009.04.29 Win32:Vitro Ikarus T3.1.1.49.0 2009.04.29 Trojan.Win32.Patched K7AntiVirus 7.10.719 2009.04.29 - Kaspersky 7.0.0.125 2009.04.29 Virus.Win32.Virut.ce McAfee 5600 2009.04.29 W32/Virut.n.gen McAfee+Artemis 5600 2009.04.29 W32/Virut.n.gen McAfee-GW-Edition 6.7.6 2009.04.29 Win32.Virut.Gen Microsoft 1.4602 2009.04.29 Virus:Win32/Virut.BM NOD32 4043 2009.04.29 Win32/Virut.NBP Norman 6.01.05 2009.04.29 - nProtect 2009.1.8.0 2009.04.29 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.29 - Prevx1 3.0 2009.04.29 - Rising 21.27.22.00 2009.04.29 - Sophos 4.41.0 2009.04.29 W32/Scribble-B Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.29 W32.Virut.CF TheHacker 6.3.4.1.317 2009.04.29 - TrendMicro 8.950.0.1092 2009.04.29 - VBA32 3.12.10.3 2009.04.29 - ViRobot 2009.4.29.1715 2009.04.29 Win32.Virut.AL VirusBuster 4.6.5.0 2009.04.29 Win32.Virut.Y.Gen Additional information File size: 1054208 bytes MD5...: cb477bd9e6775c359d0947a517894538 SHA1..: d2e4ed2c40a95cc7a2a6c174b751bb33f0af6b65 SHA256: d16ef05cb64801454bb799d0920ef3e290299ba738ab6d1944f8399f192b65ba SHA512: 477fc4a8eba59406d1755de13edbccc4fcf3762eba717e2bf220b81445676608 6ab36b8e2b54e09613ef24aafb0cf722ed74496f50e6aa172c5bcff2b0a1c9a2 ssdeep: 12288:uHmcoCUydtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMSl:UmftyDw AvN7lrvbkf8w0VnH1/g/J/kq PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1a55f timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x44c09 0x44e00 6.38 d0f559f8a2080d2bd9341a09f923fff5 .data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359 .rsrc 0x48000 0xb2268 0xb2400 6.63 95339c37646fa93e3695e06572a21889 .reloc 0xfb000 0x8800 0x8800 6.89 26327ec84f651d82ad9ce4d84e1ea607 ( 13 imports ) > ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW > BROWSEUI.dll: -, -, -, - > GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode > KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject > msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf > ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess > ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop > OLEAUT32.dll: -, - > SHDOCVW.dll: -, -, - > SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, - > SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, - > USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW > UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - File userinit.exe received on 04.29.2009 18:42:33 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 21/40 (52.5%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.29 - AhnLab-V3 5.0.0.2 2009.04.29 - AntiVir 7.9.0.156 2009.04.29 W32/Virut.Gen Antiy-AVL 2.0.3.1 2009.04.29 - Authentium 5.1.2.4 2009.04.29 W32/Virut.AI!Generic Avast 4.8.1335.0 2009.04.28 Win32:Vitro AVG 8.5.0.287 2009.04.29 Win32/Virut BitDefender 7.2 2009.04.29 - CAT-QuickHeal 10.00 2009.04.29 W32.Virut.G ClamAV 0.94.1 2009.04.29 - Comodo 1141 2009.04.29 - DrWeb 4.44.0.09170 2009.04.29 Win32.Virut.56 eSafe 7.0.17.0 2009.04.27 - eTrust-Vet 31.6.6482 2009.04.29 Win32/Virut.17408 F-Prot 4.4.4.56 2009.04.29 W32/Virut.AI!Generic F-Secure 8.0.14470.0 2009.04.29 Virus.Win32.Virut.ce Fortinet 3.117.0.0 2009.04.29 W32/Virut.CE GData 19 2009.04.29 Win32:Vitro Ikarus T3.1.1.49.0 2009.04.29 - K7AntiVirus 7.10.719 2009.04.29 - Kaspersky 7.0.0.125 2009.04.29 Virus.Win32.Virut.ce McAfee 5600 2009.04.29 W32/Virut.n.gen McAfee+Artemis 5600 2009.04.29 W32/Virut.n.gen McAfee-GW-Edition 6.7.6 2009.04.29 Win32.Virut.Gen Microsoft 1.4602 2009.04.29 Virus:Win32/Virut.BM NOD32 4043 2009.04.29 Win32/Virut.NBP Norman 6.01.05 2009.04.29 - nProtect 2009.1.8.0 2009.04.29 - Panda 10.0.0.14 2009.04.28 - PCTools 4.4.2.0 2009.04.29 - Prevx1 3.0 2009.04.29 - Rising 21.27.22.00 2009.04.29 - Sophos 4.41.0 2009.04.29 W32/Scribble-B Sunbelt 3.2.1858.2 2009.04.28 - Symantec 1.4.4.12 2009.04.29 W32.Virut.CF TheHacker 6.3.4.1.317 2009.04.29 - TrendMicro 8.950.0.1092 2009.04.29 - VBA32 3.12.10.3 2009.04.29 - ViRobot 2009.4.29.1715 2009.04.29 Win32.Virut.AL VirusBuster 4.6.5.0 2009.04.29 Win32.Virut.Y.Gen Additional information File size: 46592 bytes MD5...: c0f981ab16e993ee0154af488224ccb6 SHA1..: ff327569d22fedcb92709a7d83d8802b6c2de8d3 SHA256: 192863ab8932193a828b8032030452714d8c0451b5023c9322caec4bd061b0ca SHA512: cec5464fa089dfc397396670048999a73f41d193bda53f87522d0bc9c0ad7095 57968814c3679237e9a1ca8f06197665e6ffba5fb0bf3e0dbc1ca83ae18b1160 ssdeep: 768:URMJi8jDLIDSAaQFxfftjaLacSkLGKOqH19FHPllMTAKrs:URMJbDMDSA7Fx ffJaLaSLG9qHLFHPwAs PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x54ad timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x520e 0x5400 5.95 6519a0a7550cf2ad2af2847ba8c4e890 .data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf .rsrc 0x8000 0x5c00 0x5c00 6.15 4c3760bef794236cec90bf87c609178d ( 9 imports ) > USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW > ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA > CRYPT32.dll: CryptProtectData > WINSPOOL.DRV: SpoolerInit > ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken > NETAPI32.dll: DsGetDcNameW, NetApiBufferFree > WLDAP32.dll: -, -, -, -, -, - > msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit > KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - Last edited by jkneon; 04-29-2009 at 10:56 AM. |
|
|
|
|
04-29-2009, 11:37 AM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,548
OS: XP SP3
|
Re: Please help - Trojan virus
I hate to be the bearer of bad news, but your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.
Read here and here Virut is also a backdoor trojan. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. ------------------------------------------------------ You will have to wipe all your drives and reformat. Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares), screensavers (*.scr), .htm, or .html files. It attempts to infect any accessed .exe or .scr files by appending itself to the executable. Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. If you need help with a clean reformat and reinstall of Windows, I suggest you seek expert advice in our Windows XP Support Forum They are more knowledgeable about this procedure and can answer your questions or help you in case something goes wrong. Remember to immediately install an antivirus program and to then reinstall all the Windows Updates. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
|
|
|
|
| Thread Tools | |
|
|
