desot.exe

View previous topic View next topic Go down

desot.exe

Post by RomeWarrior88 on Fri Aug 07, 2009 9:05 pm

hi my computer recently got, a virus i suppose of some sort. anytime i try to open a program it a black box comes up saying "Program is too big to fit in memory" and the title says desot.exe.....can anyone help me? is this removable so i can open my programs again?

RomeWarrior88
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-08-07
OS OS : xp
Points Points : 26790
# Likes # Likes : 0

View user profile

Back to top Go down

Re: desot.exe

Post by Belahzur on Fri Aug 07, 2009 11:33 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: desot.exe

Post by RomeWarrior88 on Fri Aug 07, 2009 11:36 pm

i wont let me run it....just says program too big for memory...in a black box.. Let me think

RomeWarrior88
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-08-07
OS OS : xp
Points Points : 26790
# Likes # Likes : 0

View user profile

Back to top Go down

Re: desot.exe

Post by Belahzur on Fri Aug 07, 2009 11:49 pm

Hello.
You have a new piece of malware and we can't see to get much info on it yet, please stick with me till tomorrow or so, we are working on it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: desot.exe

Post by RomeWarrior88 on Fri Aug 07, 2009 11:56 pm

okay perfect. thank you so much appreciate it. ill check up every now and again =)

RomeWarrior88
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-08-07
OS OS : xp
Points Points : 26790
# Likes # Likes : 0

View user profile

Back to top Go down

Re: desot.exe

Post by Belahzur on Sat Aug 08, 2009 3:20 pm

Hello.
We have a little more information on this from what my source gives me.

I need you to check something for me, if the malware will let you.
Locate this file in bold:

C:\Windows\system32\scecli.dll

Right click and select Properties, can you tell me what it's filesize is in bytes please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: desot.exe

Post by RomeWarrior88 on Sat Aug 08, 2009 3:52 pm

hey, yes i have found it, the size is 180,224 bytes

RomeWarrior88
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-08-07
OS OS : xp
Points Points : 26790
# Likes # Likes : 0

View user profile

Back to top Go down

Re: desot.exe

Post by Belahzur on Sun Aug 09, 2009 12:55 am

Please download SilentRunners from here:
[You must be registered and logged in to see this link.]
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: desot.exe

Post by playmaker302 on Tue Aug 25, 2009 8:01 pm

hey Belahzur..i have the same virus on my computer and i ran the zip file..and this is what i got:


"Silent Runners.vbs", revision 59, [You must be registered and logged in to see this link.]
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Google Update" = ""C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Microsoft Default Manager" = ""C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume" [MS]
"NielsenOnline" = "C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" ["The Nielsen Company"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
-> {HKLM...CLSID} = "Search Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]
{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ICQSys (IE PlugIn)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dddesot.dll" ["ASC - AntiSpyware"]
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MSN Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

playmaker302
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-08-25
OS OS : XP
Points Points : 26601
# Likes # Likes : 0

View user profile

Back to top Go down

Re: desot.exe

Post by Origin on Fri Aug 28, 2009 3:29 pm

See if you can run this, I want to check something.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum