:: Trojan horse PSW.Generic7.BBEQ ::

View previous topic View next topic Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 26th January 2010, 6:25 am

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 26th January 2010, 8:05 am

ComboFix 10-01-25.05 - FlavorInnovator 01/25/2010 23:56:41.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1667 [GMT -8:00]
Running from: c:\documents and settings\FlavorInnovator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll
c:\windows\system32\wupd.dat
c:\windows\Tasks\ibzrwzxd.job

.
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-25 19:30 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 19:29 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 18:39 . 2010-01-25 18:39 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\OnlineArmor
2010-01-25 18:39 . 2010-01-25 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-01-25 18:39 . 2009-12-05 15:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-01-25 18:39 . 2009-12-05 15:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-01-25 18:39 . 2010-01-25 18:39 -------- d-----w- c:\program files\Tall Emu
2010-01-25 18:39 . 2009-12-05 15:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-01-25 18:35 . 2010-01-25 18:35 -------- d-----w- C:\$AVG
2010-01-25 18:35 . 2010-01-25 18:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-25 18:35 . 2010-01-25 18:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-25 18:34 . 2010-01-25 18:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-25 18:34 . 2010-01-25 18:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-25 18:34 . 2010-01-25 18:34 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-25 18:34 . 2010-01-25 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-25 18:34 . 2010-01-25 19:19 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-06 17:02 . 2010-01-06 17:02 388096 ----a-r- c:\documents and settings\FlavorInnovator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-05 21:03 . 2010-01-26 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 08:49 . 2010-01-05 08:49 -------- d-----w- c:\program files\TrendMicro
2010-01-05 08:42 . 2010-01-05 08:42 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\Malwarebytes
2010-01-05 08:42 . 2010-01-05 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 08:00 . 2009-02-06 00:33 13949 ----a-w- c:\windows\system32\tablet.dat
2010-01-26 06:15 . 2009-02-05 19:43 70088 ----a-w- c:\documents and settings\FlavorInnovator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 19:11 . 2009-02-18 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-25 18:34 . 2009-02-05 23:40 -------- d-----w- c:\program files\AVG
2010-01-25 18:28 . 2009-02-06 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 18:25 . 2009-02-06 00:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-23 02:12 . 2009-05-05 00:56 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\U3
2010-01-21 01:00 . 2009-02-05 22:40 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\uTorrent
2010-01-18 22:23 . 2009-04-25 01:31 -------- d-----w- c:\program files\DL_cats
2010-01-09 04:57 . 2009-02-06 05:46 -------- d---a-w- c:\program files\__ New Apps Install Files
2010-01-04 23:03 . 2009-02-05 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 04:26 . 2009-12-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Genie-Soft
2009-12-12 18:14 . 2009-12-12 21:15 1109 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Genie-soft\GBMPro8\Jobs\Data Backup\00000000\maindata.sys
2009-12-12 18:08 . 2009-12-12 18:08 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\Genie-soft
2009-12-12 18:05 . 2009-12-12 18:05 -------- d-----w- c:\program files\Genie-Soft
2009-11-25 16:10 . 2009-11-25 16:10 152576 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 16:10 . 2009-11-25 16:10 79488 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:54 . 2009-07-12 04:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 03:41 . 2009-07-12 03:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-01-26 08:00 . 2010-01-26 08:00 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
+ 2001-08-23 12:00 . 2010-01-25 18:39 38808 c:\windows\system32\perfc009.dat
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2001-08-23 12:00 . 2010-01-25 18:39 308552 c:\windows\system32\perfh009.dat
+ 2010-01-25 18:34 . 2010-01-25 18:34 424448 c:\windows\Installer\5d93d.msi
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-02-05 11:23 . 2010-01-26 08:00 1854984 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-06 17:02 . 2010-01-06 17:02 1093632 c:\windows\Installer\3883f7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7561216]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-25 2033432]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\grtHfTCRz.exe" [2010-01-26 1394000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to Suitcase.exe.lnk - c:\program files\Extensis\Suitcase 9.2\Suitcase.exe [2009-2-5 3145728]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-5 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-25 18:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^FlavorInnovator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\FlavorInnovator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-07-28 18:05 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 21:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Extensis\\Suitcase 9.2\\Suitcase.exe"=
"c:\\WINDOWS\\system32\\Tablet.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/25/2010 10:34 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/25/2010 10:35 AM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/25/2010 10:39 AM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/25/2010 10:39 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/25/2010 10:39 AM 29776]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/25/2010 10:34 AM 285392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [1/25/2010 10:39 AM 1282248]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/7/2009 1:02 PM 23200]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [1/25/2010 10:39 AM 3291336]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\FlavorInnovator\Application Data\Mozilla\Firefox\Profiles\x1x4x21c.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-26 00:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(980)
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\Tablet.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-26 00:02:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 08:02
ComboFix2.txt 2010-01-05 19:53

Pre-Run: 36,802,883,584 bytes free
Post-Run: 37,145,477,120 bytes free

- - End Of File - - 0B5567F365043B0957ADF414221A4BBA


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 26th January 2010, 3:54 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Mia::
    c:\windows\system32\drivers\iaStor.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 26th January 2010, 7:27 pm

When trying to run combofix again, after disabling my AVG and Online Armor, it would just freeze. So I uninstalled both of those programs and was able to get combofix to run all the way through.

-----------------

ComboFix 10-01-26.01 - FlavorInnovator 01/26/2010 11:14:38.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1578 [GMT -8:00]
Running from: c:\documents and settings\FlavorInnovator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\FlavorInnovator\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

-- Previous Run --

c:\windows\system32\drivers\iaStor.sys . . . is missing!!

--------

c:\windows\system32\drivers\iaStor.sys . . . is missing!!

--------

c:\windows\system32\drivers\iaStor.sys . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-25 19:30 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 19:29 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 18:35 . 2010-01-25 18:35 -------- d-----w- C:\$AVG
2010-01-25 18:35 . 2010-01-25 18:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-25 18:35 . 2010-01-25 18:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-25 18:34 . 2010-01-25 18:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-25 18:34 . 2010-01-25 18:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-25 18:34 . 2010-01-26 19:08 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-25 18:34 . 2010-01-26 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-25 18:34 . 2010-01-25 19:19 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-06 17:02 . 2010-01-06 17:02 388096 ----a-r- c:\documents and settings\FlavorInnovator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-05 21:03 . 2010-01-26 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 08:49 . 2010-01-05 08:49 -------- d-----w- c:\program files\TrendMicro
2010-01-05 08:42 . 2010-01-05 08:42 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\Malwarebytes
2010-01-05 08:42 . 2010-01-05 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 19:06 . 2009-02-05 23:40 -------- d-----w- c:\program files\AVG
2010-01-26 19:05 . 2009-02-06 00:33 13949 ----a-w- c:\windows\system32\tablet.dat
2010-01-26 18:30 . 2009-02-05 19:43 70088 ----a-w- c:\documents and settings\FlavorInnovator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 19:11 . 2009-02-18 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-25 18:28 . 2009-02-06 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 18:25 . 2009-02-06 00:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-23 02:12 . 2009-05-05 00:56 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\U3
2010-01-21 01:00 . 2009-02-05 22:40 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\uTorrent
2010-01-18 22:23 . 2009-04-25 01:31 -------- d-----w- c:\program files\DL_cats
2010-01-09 04:57 . 2009-02-06 05:46 -------- d---a-w- c:\program files\__ New Apps Install Files
2010-01-04 23:03 . 2009-02-05 22:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 04:26 . 2009-12-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Genie-Soft
2009-12-12 18:14 . 2009-12-12 21:15 1109 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Genie-soft\GBMPro8\Jobs\Data Backup\00000000\maindata.sys
2009-12-12 18:08 . 2009-12-12 18:08 -------- d-----w- c:\documents and settings\FlavorInnovator\Application Data\Genie-soft
2009-12-12 18:05 . 2009-12-12 18:05 -------- d-----w- c:\program files\Genie-Soft
2009-11-25 16:10 . 2009-11-25 16:10 152576 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 16:10 . 2009-11-25 16:10 79488 ----a-w- c:\documents and settings\FlavorInnovator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:54 . 2009-07-12 04:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 03:41 . 2009-07-12 03:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-01-26 19:05 . 2010-01-26 19:05 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
+ 2001-08-23 12:00 . 2010-01-25 18:39 38808 c:\windows\system32\perfc009.dat
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2001-08-23 12:00 . 2010-01-25 18:39 308552 c:\windows\system32\perfh009.dat
+ 2010-01-25 18:34 . 2010-01-25 18:34 424448 c:\windows\Installer\5d93d.msi
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-02-05 11:23 . 2010-01-26 08:00 1854984 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-06 17:02 . 2010-01-06 17:02 1093632 c:\windows\Installer\3883f7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7561216]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to Suitcase.exe.lnk - c:\program files\Extensis\Suitcase 9.2\Suitcase.exe [2009-2-5 3145728]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-5 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-25 18:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^FlavorInnovator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\FlavorInnovator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-07-28 18:05 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 21:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Extensis\\Suitcase 9.2\\Suitcase.exe"=
"c:\\WINDOWS\\system32\\Tablet.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/25/2010 10:34 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/25/2010 10:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/25/2010 10:34 AM 285392]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/7/2009 1:02 PM 23200]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\FlavorInnovator\Application Data\Mozilla\Firefox\Profiles\x1x4x21c.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\grtHfTCRz.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-26 11:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\tabhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-26 11:17:49
ComboFix-quarantined-files.txt 2010-01-26 19:17
ComboFix2.txt 2010-01-26 08:02
ComboFix3.txt 2010-01-05 19:53

Pre-Run: 37,141,958,656 bytes free
Post-Run: 37,148,123,136 bytes free

- - End Of File - - 48491355ED8FCAE1C60188D900A07BA3


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 26th January 2010, 7:50 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    iastor.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 26th January 2010, 8:21 pm

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:21 on 26/01/2010 by FlavorInnovator (Administrator - Elevation successful)

========== filefind ==========

Searching for "iastor.sys"
No files found.

-=End Of File=-


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 26th January 2010, 8:41 pm

Do you have your Vista disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 26th January 2010, 8:53 pm

I am using Windows XP 32-bit .... not using Vista. My Windows XP was installed by another person.


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 26th January 2010, 9:25 pm

Ok. So no disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 26th January 2010, 9:35 pm

No disc.


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 27th January 2010, 6:22 pm

hey so any word on going about this?


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 27th January 2010, 10:01 pm

Does your computer boot ok?

Shutdown ok?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 27th January 2010, 10:14 pm

it boots okay ... when it shut downs it takes a bit and sometimes stalls ....


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 27th January 2010, 11:49 pm

That's normal. How is your computer running otherwise?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 28th January 2010, 12:29 am

Its running okay i guess. a bit slow when loading programs and using them. I know that iastor.sys is a very crucial file but not sure exactly how it's going to affect my computer.

however, is the trojan gone?


.


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 28th January 2010, 1:21 am

Actually, iastor.sys is an Intel driver. If your system is not Intel based, then it does not need the driver. So, that is fine.

The infection is gone.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Namski on 28th January 2010, 2:31 am

okay thanks so can you tell if i have an Intel based system from the logs I posted?

Is there any further action required or you tired of me asking you questions? haha. Thanks DragonMaster Jay!


Stimulus Overload.


.

Namski
Intermediate
Intermediate

Posts Posts : 74
Joined Joined : 2010-01-05
Gender Gender : Male
OS OS : Windows XP
Points Points : 26228
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :: Trojan horse PSW.Generic7.BBEQ ::

Post by Dr Jay on 28th January 2010, 4:29 pm

You can ask all the questions you want.

I could tell you had a non-intel based system, because I compared your system files to another non-intel system.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum