Computer Infected With A Virus Or Some Type Of Malware

View previous topic View next topic Go down

Computer Infected With A Virus Or Some Type Of Malware

Post by thejimster on 27th July 2009, 9:33 pm

The problem that I am having with my computer is that I am unable to visit any sites which offer free anti virus programs like avg, etc. If i am able to reach these sites then the virus won't let me download any of them. I did manage to download avg's free version but when I attempted to install the program it attempted to establish a connection with the avg server and came back with an error that said, "you do not have a connection to the internet." an as you see i'm on the internet. To make matters worse the virus has also turned off my firewall an i have tried numberous things such as going into xp's group policy editor to see if the settings for my firewall was changed in there. I have also had images replace my existing background image urging me to buy an anti virus program, but i ran a spyware remover an it seems to have fixed that problem but not the others. I ran hijackthis and saved the log file and would appreciate any help in resolving this issue because i am very frustrated. I am also running Windows XP S2. thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:15 PM, on 27/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [N@] N@
O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\Administrator\ms18_word.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKCU\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\17.tmp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DigiFast] C:\WINDOWS\system32\config\systemprofile\Application Data\digifast\digifast.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIPuSpdc] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\rjhsjj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [pridl] "C:\WINDOWS\system32\config\systemprofile\Application Data\pridl\pridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Monopod] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ms18_word] C:\Documents and Settings\Administrator\ms18_word.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [systemprofile] C:\WINDOWS\system32\config\systemprofile\systemprofile.exe /i (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [do_not_delete] C:\WINDOWS\system32\do_not_delete.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\35184kou.dll

--
End of file - 4577 bytes

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by Belahzur on 27th July 2009, 9:37 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

DDS LOG

Post by thejimster on 27th July 2009, 9:53 pm

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by DavisJ at 17:47:32.45 on 27/07/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.254.83 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT15.tmp
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Comcast
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ms18_word] c:\documents and settings\administrator\ms18_word.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [services] c:\windows\services.exe
mRun: [ms18_word] c:\windows\system32\ms18_word.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [N@] dd4e4000
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [cft] c:\windows\system32\config\systemprofile\application data\cft\cft.exe
dRun: [Cognac] c:\windows\temp\17.tmp.exe
dRun: [DigiFast] c:\windows\system32\config\systemprofile\application data\digifast\digifast.exe
dRun: [SfKg6wIPuSpdc] c:\windows\system32\config\systemprofile\application data\microsoft\rjhsjj.exe
dRun: [pridl] "c:\windows\system32\config\systemprofile\application data\pridl\pridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
dRun: [Monopod] c:\windows\temp\b.exe
dRun: [ms18_word] c:\documents and settings\administrator\ms18_word.exe
dRun: [systemprofile] c:\windows\system32\config\systemprofile\systemprofile.exe /i
uExplorerRun: [do_not_delete] c:\windows\system32\do_not_delete.exe
mExplorerRun: [do_not_delete] c:\windows\system32\do_not_delete.exe
dExplorerRun: [do_not_delete] c:\windows\system32\do_not_delete.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 1 (0x1)
uPolicies-explorer: MaxRecentDocs = 11 (0xb)
uPolicies-explorer: NoInternetIcon = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: Microsoft XML Parser for Java
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
AppInit_DLLs: c:\windows\system32\wmfhotfix.dll,c:\docume~1\admini~1\locals~1\temp\35184kou.dll

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by thejimster on 27th July 2009, 9:53 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\o2gjjm7p.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by thejimster on 27th July 2009, 9:54 pm

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-7-27 18944]
S2 i386si;i386si;c:\windows\system32\drivers\i386si.sys [2005-12-19 40576]
S2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2006-5-18 3712]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2006-5-16 11935]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\ma763004.sys --> c:\windows\system32\drivers\MA763004.sys [?]
S3 MADFU804;MADFU804;c:\windows\system32\drivers\madfu804.sys --> c:\windows\system32\drivers\MADFU804.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

=============== Created Last 30 ================

2009-07-27 16:47 35,840 a------- c:\windows\system32\4B.tmp
2009-07-27 16:47 44 a------- c:\windows\system32\4A.tmp
2009-07-27 15:52 0 a------- c:\windows\system32\49.tmp
2009-07-27 15:52 44 a------- c:\windows\system32\48.tmp
2009-07-27 15:49 0 a------- c:\windows\system32\47.tmp
2009-07-27 15:49 66,560 a------- c:\windows\system32\drivers\vsfocepmpowbsv.sys
2009-07-27 15:39 --d----- c:\docume~1\admini~1\applic~1\AVG8
2009-07-27 15:09 35,840 a------- c:\windows\system32\46.tmp
2009-07-27 15:09 44 a------- c:\windows\system32\45.tmp
2009-07-27 09:39 40,960 a------- c:\windows\system32\44.tmp
2009-07-27 09:39 35,840 a------- c:\windows\system32\43.tmp
2009-07-27 09:39 27,733 a------- c:\windows\system32\42.tmp
2009-07-27 09:39 120 a------- c:\windows\system32\41.tmp
2009-07-27 09:37 40,960 a------- c:\windows\system32\40.tmp
2009-07-27 09:37 35,840 a------- c:\windows\system32\3F.tmp
2009-07-27 09:37 27,732 a------- c:\windows\system32\3E.tmp
2009-07-27 09:37 120 a------- c:\windows\system32\3D.tmp
2009-07-27 08:52 39,936 a------- c:\windows\system32\3C.tmp
2009-07-27 08:52 35,840 a------- c:\windows\system32\3B.tmp
2009-07-27 08:52 27,733 a------- c:\windows\system32\3A.tmp
2009-07-27 08:52 120 a------- c:\windows\system32\39.tmp
2009-07-27 08:26 39,936 a------- c:\windows\system32\38.tmp
2009-07-27 08:26 35,840 a------- c:\windows\system32\37.tmp
2009-07-27 08:26 27,733 a------- c:\windows\system32\36.tmp
2009-07-27 08:26 120 a------- c:\windows\system32\35.tmp
2009-07-27 08:26 88,576 a------- c:\windows\system32\lmpsdop.exe
2009-07-27 08:26 44,884 a------- c:\windows\system32\aowzyjgh.exe
2009-07-27 08:17 --d----- c:\program files\SpywareBlaster
2009-07-27 07:26 --d----- c:\program files\Lavasoft
2009-07-27 07:25 40,960 a------- c:\windows\system32\34.tmp
2009-07-27 07:25 35,840 a------- c:\windows\system32\33.tmp
2009-07-27 07:25 27,732 a------- c:\windows\system32\32.tmp
2009-07-27 07:24 180,736 a------- c:\windows\system32\31.tmp
2009-07-27 07:24 168 a------- c:\windows\system32\30.tmp
2009-07-27 07:08 38,664 a------- c:\windows\system32\MRT.INI
2009-07-27 07:02 40,960 a------- c:\windows\system32\2F.tmp
2009-07-27 07:02 35,840 a------- c:\windows\system32\2E.tmp
2009-07-27 07:02 27,733 a------- c:\windows\system32\2D.tmp
2009-07-27 07:02 120 a------- c:\windows\system32\2C.tmp
2009-07-27 06:46 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-27 06:18 53,248 a------- c:\windows\system32\2B.tmp
2009-07-27 06:18 40,960 a------- c:\windows\system32\2A.tmp
2009-07-27 06:18 35,840 a------- c:\windows\system32\29.tmp
2009-07-27 06:18 27,733 a------- c:\windows\system32\28.tmp
2009-07-27 06:18 160 a------- c:\windows\system32\27.tmp
2009-07-27 05:49 104,448 a------- c:\windows\services.exe
2009-07-27 05:49 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-07-27 05:49 53,248 a------- c:\windows\system32\26.tmp
2009-07-27 05:49 39,936 a------- c:\windows\system32\25.tmp
2009-07-27 05:49 47,701 a------- c:\windows\system32\ms18_word.exe
2009-07-27 05:49 35,840 a------- c:\windows\system32\24.tmp
2009-07-27 05:49 27,733 a------- c:\windows\system32\23.tmp
2009-07-27 05:49 160 a------- c:\windows\system32\22.tmp
2009-07-26 23:31 224 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-26 23:29 35,840 a------- c:\windows\system32\21.tmp
2009-07-26 23:29 44 a------- c:\windows\system32\20.tmp
2009-07-26 19:39 35,840 a------- c:\windows\system32\1F.tmp
2009-07-26 19:38 44 a------- c:\windows\system32\1E.tmp
2009-07-26 19:08 35,840 a------- c:\windows\system32\1C.tmp
2009-07-26 19:08 44 a------- c:\windows\system32\16.tmp
2009-07-26 15:51 35,840 a------- c:\windows\system32\F.tmp
2009-07-26 15:51 44 a------- c:\windows\system32\E.tmp
2009-07-26 15:51 0 a------- c:\windows\SC.INS
2009-07-26 15:51 0 a------- c:\windows\sc.exe
2009-07-26 15:51 --d----- c:\program files\Protection System
2009-07-26 00:36 84 a------- c:\windows\system32\D.tmp
2009-07-26 00:25 61,440 a------- c:\windows\system32\drivers\xbae.sys
2009-07-25 22:57 444 a------- c:\windows\system32\d3d8caps.dat
2009-07-25 22:53 84 a------- c:\windows\system32\1D.tmp
2009-07-25 22:48 84 a------- c:\windows\system32\1B.tmp
2009-07-25 22:43 84 a------- c:\windows\system32\1A.tmp
2009-07-25 22:27 84 a------- c:\windows\system32\19.tmp
2009-07-25 20:50 84 a------- c:\windows\system32\18.tmp
2009-07-25 19:18 84 a------- c:\windows\system32\17.tmp
2009-07-25 18:36 84 a------- c:\windows\system32\15.tmp
2009-07-25 03:55 40 a------- c:\windows\system32\14.tmp
2009-07-24 23:05 --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-07-24 23:04 40 a------- c:\windows\system32\13.tmp
2009-07-24 22:52 40 a------- c:\windows\system32\12.tmp
2009-07-23 15:39 6 a------- c:\windows\system32\_id.dat
2009-07-23 07:59 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 03:19 40 a------- c:\windows\system32\11.tmp
2009-07-22 20:51 48 a------- C:\xcrashdump.dat
2009-07-22 00:02 40 a------- c:\windows\system32\10.tmp
2009-07-19 18:50 2,291,734 a------- c:\windows\system32\TmpA698524
2009-07-19 01:03 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-19 00:15 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-18 17:35 --d----- c:\docume~1\alluse~1\applic~1\13900684
2009-07-18 17:34 73,728 a------- C:\db.exe
2009-07-18 00:12 --d----- c:\program files\Sony Setup
2009-07-16 07:51 --d----- c:\windows\ie8updates
2009-07-15 16:23 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-06 18:23 --d----- c:\program files\Stardock
2009-07-06 18:10 24 a------- c:\windows\LogonStudio.ini
2009-07-06 18:09 187,392 a------- c:\windows\system32\JPGUtils.dll
2009-07-06 18:09 --d----- c:\program files\common files\Stardock

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by thejimster on 27th July 2009, 9:54 pm

==================== Find3M ====================

2009-07-27 08:28 40,576 a------- c:\windows\system32\drivers\i386si.sys
2009-07-26 19:07 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-07-06 18:12 1,034,752 a------- c:\windows\system32\logonuiX.exe
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 11:44 344,064 ac------ c:\windows\system32\localspl.dll
2008-04-22 09:22 13 -c--h--- c:\docume~1\alluse~1\applic~1\113.sys
2008-07-18 21:26 88 -c-shr-- c:\windows\system32\07C5EDEF05.sys
2008-07-18 21:27 4,026 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:48:20.09 ===============

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by Origin on 28th July 2009, 5:00 pm

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer Infected With A Virus Or Some Type Of Malware

Post by thejimster on 28th July 2009, 7:50 pm

Ok here is the issue. I bought this computer from someone an i don't have the OEM disc an on top of that I was going to reinstall by using my i386 file but I am unable to locate it on my C:\ drive. I've searched for it, so that is why I was asking if someone could zip a antivirus program and send it so my email address, so i can try and install it in hopes that my machine will at least allow me to go to microsoft's web page to get an OEM cd sent to my home because I have my validation sticker.

thejimster
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-07-27
OS OS : XPS2
Points Points : 26955
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum