My computer has the Internet Security Tool virus...can you help me?

View previous topic View next topic Go down

My computer has the Internet Security Tool virus...can you help me?

Post by klapensee on Mon Jan 25, 2010 5:49 pm

Hery Guys,
looks like I have been infected with the Internet security tool virus. Can you help me clean it up? Thanks!
I am getting this error msg:
"X is infected with worm Lsas.blASTER.keylogger....etc"

klapensee
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-23
OS OS : Windows Vista
Points Points : 25847
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer has the Internet Security Tool virus...can you help me?

Post by Dr Jay on Mon Jan 25, 2010 6:04 pm

Please visit this webpage for instructions for downloading and running ComboFix:

[You must be registered and logged in to see this link.]

Post the log from ComboFix when you've accomplished that.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My computer has the Internet Security Tool virus...can you help me?

Post by klapensee on Mon Jan 25, 2010 7:10 pm

ComboFix 10-01-24.05 - Gary Kenyon 25/01/2010 10:34:19.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.2414 [GMT -8:00]
Running from: C:\Users\Gary Kenyon\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\$RECYCLE.BIN\S-1-5-21-1657970030-4244632918-4024502491-500
C:\$RECYCLE.BIN\S-1-5-21-1785644027-1836616090-1490803189-500
C:\Program Files\alot
C:\Program Files\alot\alotUninst.exe
C:\Program Files\alot\bin\alot.dll
C:\Program Files\alot\bin\ALOTSettings.exe
C:\Program Files\alot\bin\BHO\alotBHO.dll
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\ProgramData\74368735
C:\ProgramData\74368735\74368735.exe
C:\Users\Gary Kenyon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
C:\Users\Gary Kenyon\Desktop\Security Tool.lnk

klapensee
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-23
OS OS : Windows Vista
Points Points : 25847
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer has the Internet Security Tool virus...can you help me?

Post by Dr Jay on Mon Jan 25, 2010 7:11 pm

You did not post a full ComboFix log. Please re-run it, and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My computer has the Internet Security Tool virus...can you help me?

Post by klapensee on Mon Jan 25, 2010 7:49 pm

ComboFix 10-01-25.01 - Gary Kenyon 25/01/2010 11:41:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.1989 [GMT -8:00]
Running from: c:\users\Gary Kenyon\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 19:46 . 2010-01-25 19:46 -------- d-----w- c:\users\Gary Kenyon\AppData\Local\temp
2010-01-25 19:46 . 2010-01-25 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 09:39 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:39 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 16:53 . 2010-01-09 23:42 -------- d-----w- c:\users\Gary Kenyon\Our place improvements

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 19:10 . 2009-01-16 00:39 -------- d-----w- c:\users\Gary Kenyon\AppData\Roaming\LimeWire
2010-01-25 19:04 . 2009-02-21 01:14 1356 ----a-w- c:\users\Gary Kenyon\AppData\Local\d3d9caps.dat
2010-01-25 18:09 . 2008-09-03 00:17 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2010-01-17 19:52 . 2009-03-12 14:01 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-14 15:36 . 2008-09-29 02:06 -------- d-----w- c:\program files\HOTALBUMMyBOX
2010-01-13 11:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 00:37 . 2009-08-17 01:45 -------- d-----w- c:\users\Gary Kenyon\AppData\Roaming\HpUpdate
2010-01-09 22:43 . 2009-03-12 13:44 -------- d-----w- c:\program files\bfgclient
2009-12-24 03:42 . 2009-01-16 00:39 -------- d-----w- c:\program files\LimeWire
2009-12-22 14:02 . 2009-02-26 21:04 -------- d-----w- c:\program files\Google
2009-12-21 03:09 . 2009-12-21 03:03 77354 ----a-w- c:\windows\hpqins05.dat
2009-12-21 03:09 . 2008-04-17 21:40 -------- d-----w- c:\programdata\HP
2009-12-21 03:07 . 2008-09-03 00:06 82080 ----a-w- c:\users\Gary Kenyon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-21 03:04 . 2009-12-21 03:04 -------- d-----w- c:\programdata\HP Product Assistant
2009-12-10 11:03 . 2008-09-03 00:21 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 02:16 . 2009-02-26 21:04 -------- d-----w- c:\program files\Common Files\Real
2009-12-09 02:16 . 2009-12-09 02:16 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-06 00:42 . 2009-12-06 00:42 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-03 00:38 . 2009-11-26 00:38 439816 ----a-w- c:\users\Gary Kenyon\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-02 11:19 . 2009-12-02 11:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-02 11:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 11:19 . 2009-12-02 11:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-01 06:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-21 06:40 . 2009-12-09 14:30 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31 . 2009-12-10 11:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 11:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 11:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 11:01 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"D-Link Wireless G WDA-1320"="c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [2005-12-14 2711552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-09 198160]

c:\users\Gary Kenyon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-11-15 23:17 44168 ----a-w- c:\windows\SMINST\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-26 00:07 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-04-07 09:56 132760 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):31,bc,36,40,51,72,ca,01

R0 PzWDM;PzWDM;c:\windows\System32\drivers\PzWDM.sys [28/09/2008 6:07 PM 15172]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [09/07/2009 11:15 AM 26104]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [25/08/2005 2:00 PM 466880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/10/2009 4:38 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/01/2008 6:23 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-08 00:38]

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-08 00:38]

2010-01-25 c:\windows\Tasks\User_Feed_Synchronization-{2290F617-57FC-4A82-98E1-99BC0DE22C0E}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Gary Kenyon\AppData\Roaming\Mozilla\Firefox\Profiles\2b5f3b0p.default\
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-25 11:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5900)
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\A\ESBRes.DLL
.
Completion time: 2010-01-25 11:48:33
ComboFix-quarantined-files.txt 2010-01-25 19:48

Pre-Run: 399,100,993,536 bytes free
Post-Run: 399,034,396,672 bytes free

- - End Of File - - 0E38B09A15E724AC1BCDBD4C8BB017D6

klapensee
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-11-23
OS OS : Windows Vista
Points Points : 25847
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My computer has the Internet Security Tool virus...can you help me?

Post by Dr Jay on Tue Jan 26, 2010 12:37 am

I take it ComboFix did not warn you to disable the security software?

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    SecCenter::
    AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B

    DirLook::
    c:\users\Gary Kenyon\Our place improvements
    c:\program files\HOTALBUMMyBOX

    DDS::
    uStart Page = [You must be registered and logged in to see this link.]

    RegLockDel::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum