New Folder Virus

View previous topic View next topic Go down

New Folder Virus

Post by novice on 15th January 2010, 1:08 am

Hello,

First of all, thank you for your site. I was able to remove many viruses that I had by reading your forums and downloading suggested programs. Worked when nothing else did! Great forum.

I have one last issue, what I believe is "new folder" virus. Whenever I boot up the computer I get folder after folder popping up. Once the computer finishes booting they stop popping up. I can then close them all and they won't return until the next reboot. There are some programs that are online that claim they remove this virus but I am worried that they are simply more viruses as the file is on different sites and different sizes (ie. 7.7 mb and 8.3 mb).

I have also downloaded and installed Microsoft Security Essentials, is this the best one? Do you recommend this or another one to protect my system?

Any help will be very much appreciated!

Thanks again,
Geoff

novice
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-14
Gender Gender : Male
OS OS : winxp
Points Points : 25246
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New Folder Virus

Post by Dr Jay on 15th January 2010, 4:41 am

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New Folder Virus

Post by novice on 16th January 2010, 1:27 am

ComboFix 10-01-14.06 - HP_Administrator 15/01/2010 5:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.984 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\documents and settings\HP_Administrator\Application Data\0200000064419859C.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859O.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859P.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859R.manifest
c:\documents and settings\HP_Administrator\Application Data\0200000064419859S.manifest
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1690789621-1034817131-943216132-1008
c:\windows\afecuhuh.dll
c:\windows\agaceris.dll
c:\windows\ahugugavopiwam.dll
c:\windows\apijehokonipuc.dll
c:\windows\apuzorijegozu.dll
c:\windows\asawepewapa.dll
c:\windows\awuliyojoqo.dll
c:\windows\axesiqaq.dll
c:\windows\ebisohunirum.dll
c:\windows\eduvugiy.dll
c:\windows\efufizosowuwule.dll
c:\windows\ehutozofan.dll
c:\windows\ejabuzix.dll
c:\windows\elorehegu.dll
c:\windows\eniwihepa.dll
c:\windows\exezaqawi.dll
c:\windows\ibabicitaqun.dll
c:\windows\icijebuqagetey.dll
c:\windows\ifexizuxawodafuv.dll
c:\windows\ifofaquz.dll
c:\windows\ipisaxogapoga.dll
c:\windows\iqojimonobap.dll
c:\windows\iwiwobeyitame.dll
c:\windows\iyodilakiz.dll
c:\windows\izojekumibol.dll
c:\windows\kb913800.exe
c:\windows\obuhabuc.dll
c:\windows\ocuvadazader.dll
c:\windows\omizuduqiyaloqe.dll
c:\windows\oqetapim.dll
c:\windows\oyenevozujitif.dll
c:\windows\system32\driVERs\vejlwom.sys
c:\windows\system32\ps2.bat
c:\windows\system32\warning.html
c:\windows\ubimanit.dll
c:\windows\ubunaduqiruhakuc.dll
c:\windows\udiganidesu.dll
c:\windows\ujimecusuramujo.dll
c:\windows\ukehujoj.dll
c:\windows\umerojewujo.dll
c:\windows\umeruburuyaxu.dll
c:\windows\uxuyajas.dll
c:\windows\uzuxawodaf.dll
c:\windows\WBDEK44I.DLL
C:\xcrashdump.dat
E:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vejlwom
-------\Service_vejlwom


((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 10:45 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-15 01:52 . 2010-01-15 01:52 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-01-15 01:30 . 2010-01-15 01:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-15 00:45 . 2010-01-15 00:45 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IECompatCache
2010-01-15 00:44 . 2010-01-15 00:44 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-01-15 00:17 . 2010-01-15 00:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-15 00:12 . 2010-01-15 00:12 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-14 23:46 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-14 23:46 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-14 23:46 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-14 20:38 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 20:37 . 2010-01-14 20:37 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-14 13:47 . 2010-01-14 13:47 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-01-14 07:05 . 2010-01-14 06:43 10038728 ----a-w- c:\documents and settings\windows-kb890830-v3.3.exe
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Comodo
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\program files\Comodo
2010-01-14 06:16 . 2010-01-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-01-14 05:03 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 05:03 . 2010-01-14 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 05:03 . 2010-01-14 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 05:03 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 23:50 . 2010-01-13 23:50 398696 ----a-w- c:\windows\WBDEG44I.DLL
2010-01-13 23:50 . 2010-01-13 23:50 151802 ----a-w- c:\windows\wwwnt34i.dll
2010-01-13 23:47 . 2010-01-13 23:47 -------- d-----w- c:\program files\Panda Security
2010-01-13 00:57 . 2010-01-13 15:45 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\QuickScan
2010-01-11 22:06 . 2010-01-12 22:06 27911 ----a-w- c:\windows\system32\49900LU80R.dat
2010-01-11 22:06 . 2010-01-12 22:06 1860 ----a-w- c:\windows\system32\KV9Y0L0ZJ.dat
2010-01-06 14:22 . 2010-01-06 14:22 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{E425937E-6549-41D3-9187-3E3FA50701A4}
2010-01-03 23:33 . 2010-01-15 10:43 120 ----a-w- c:\windows\Tsogadagakus.dat
2010-01-03 23:33 . 2010-01-15 08:22 0 ----a-w- c:\windows\Pxewivamebopevub.bin
2009-12-16 15:52 . 2009-12-16 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:48 . 2009-11-05 05:59 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\uTorrent
2010-01-15 03:49 . 2008-06-06 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-15 02:13 . 2005-12-02 23:40 89512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 21:07 . 2009-02-03 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 13:09 . 2005-12-03 00:09 -------- d-----w- c:\program files\Symantec
2010-01-09 03:24 . 2005-12-03 00:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-09 03:22 . 2005-12-03 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-29 20:25 . 2010-01-14 06:16 1143056 ----a-w- c:\documents and settings\All Users\Application Data\Comodo\AVScanner\DB\mach32.dll
2009-11-27 22:17 . 2009-11-13 19:38 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HpUpdate
2009-11-27 22:16 . 2005-01-25 01:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-11-25 15:25 . 2010-01-14 06:16 295184 ----a-w- c:\documents and settings\All Users\Application Data\Comodo\AVScanner\DB\pkann.dll
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 14:28 . 2009-11-21 14:28 79488 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 01:36 . 2005-08-31 12:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-16 01:36 . 2009-11-16 01:36 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-11-16 01:36 . 2009-11-16 01:36 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-11-16 01:36 . 2009-11-16 01:36 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-11-16 01:36 . 2009-11-16 01:36 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-11-16 01:36 . 2009-11-16 01:36 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-11-16 01:36 . 2009-11-16 01:36 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-11-16 01:36 . 2009-11-16 01:36 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-11-16 01:36 . 2009-11-16 01:36 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-11-15 23:13 . 2009-11-15 23:12 17217008 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-11-15 23:12 . 2009-11-15 23:12 8406648 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-15 23:12 . 2009-11-15 23:12 10309448 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-11-15 23:12 . 2009-11-15 23:12 64000 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-15 23:12 . 2009-11-15 23:12 52288 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-15 23:12 . 2009-11-15 23:12 50688 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-15 23:12 . 2009-11-15 23:12 114688 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-11-15 23:11 . 2009-11-15 23:11 488968 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup\setup.exe
2009-11-05 05:54 . 2009-11-05 05:53 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
2009-11-05 01:51 . 2009-11-05 01:51 242 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\rdaz.vbs
2009-10-29 07:45 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 04:02 . 2006-02-28 03:00 75 ----a-w- c:\windows\popcinfo.dat
2009-10-21 05:38 . 2004-08-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-16 20:38 . 2009-08-16 20:38 5516800 --sha-w- c:\program files\ehthumbs.db
2006-02-20 22:11 . 2006-02-20 20:11 22 --sha-w- c:\windows\SMINST\HPCD.sys

novice
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-14
Gender Gender : Male
OS OS : winxp
Points Points : 25246
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New Folder Virus

Post by novice on 16th January 2010, 1:34 am

How much of the log do you need? It is very very long, the part above is just a small portion.

novice
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-01-14
Gender Gender : Male
OS OS : winxp
Points Points : 25246
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New Folder Virus

Post by Origin on 16th January 2010, 1:47 am

Please post all the log, use as many posts as it takes.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum