"XP Antivirus Pro 2010" infection...No success in deleting at all!

View previous topic View next topic Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by Belahzur on 5th March 2010, 8:25 pm

Please run TDSSKiller:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by PanzerschreckLeopard on 5th March 2010, 8:43 pm

It did not find anything infected.

PanzerschreckLeopard
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows XP
Points Points : 25657
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by Belahzur on 5th March 2010, 8:46 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by PanzerschreckLeopard on 5th March 2010, 8:47 pm

Said that windows could not find combofix. I think it worked the 1st time.

EDIT: Forgot the TDSS log!


15:41:55:656 1416 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:41:55:656 1416 ================================================================================
15:41:55:656 1416 SystemInfo:

15:41:55:656 1416 OS Version: 5.1.2600 ServicePack: 3.0
15:41:55:656 1416 Product type: Workstation
15:41:55:656 1416 ComputerName: USER-B76099523F
15:41:55:656 1416 UserName: User
15:41:55:656 1416 Windows directory: C:\WINDOWS
15:41:55:656 1416 Processor architecture: Intel x86
15:41:55:656 1416 Number of processors: 1
15:41:55:656 1416 Page size: 0x1000
15:41:55:671 1416 Boot type: Normal boot
15:41:55:671 1416 ================================================================================
15:41:55:671 1416 UnloadDriverW: NtUnloadDriver error 2
15:41:55:671 1416 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:41:55:812 1416 Initialize success
15:41:55:812 1416
15:41:55:828 1416 Scanning Services ...
15:41:55:828 1416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:41:55:828 1416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:55:843 1416 wfopen_ex: Trying to KLMD file open
15:41:55:843 1416 wfopen_ex: File opened ok (Flags 2)
15:41:55:843 1416 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:41:55:859 1416 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:55:859 1416 wfopen_ex: Trying to KLMD file open
15:41:55:859 1416 wfopen_ex: File opened ok (Flags 2)
15:41:56:968 1416 GetAdvancedServicesInfo: Raw services enum returned 329 services
15:41:56:968 1416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:41:56:968 1416 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:41:56:968 1416
15:41:56:968 1416 Scanning Kernel memory ...
15:41:56:968 1416 Devices to scan: 2
15:41:56:968 1416
15:41:56:968 1416 Driver Name: Disk
15:41:56:968 1416 IRP_MJ_CREATE : BA8EEBB0
15:41:56:968 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:56:968 1416 IRP_MJ_CLOSE : BA8EEBB0
15:41:56:968 1416 IRP_MJ_READ : BA8E8D1F
15:41:56:968 1416 IRP_MJ_WRITE : BA8E8D1F
15:41:56:968 1416 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:56:968 1416 IRP_MJ_SET_INFORMATION : 804F4562
15:41:56:968 1416 IRP_MJ_QUERY_EA : 804F4562
15:41:56:968 1416 IRP_MJ_SET_EA : 804F4562
15:41:56:968 1416 IRP_MJ_FLUSH_BUFFERS : BA8E92E2
15:41:56:968 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:56:968 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:56:968 1416 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:56:968 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:56:968 1416 IRP_MJ_DEVICE_CONTROL : BA8E93BB
15:41:56:968 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA8ECF28
15:41:56:968 1416 IRP_MJ_SHUTDOWN : BA8E92E2
15:41:56:968 1416 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:56:968 1416 IRP_MJ_CLEANUP : 804F4562
15:41:56:968 1416 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:56:968 1416 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:56:968 1416 IRP_MJ_SET_SECURITY : 804F4562
15:41:56:968 1416 IRP_MJ_POWER : BA8EAC82
15:41:56:968 1416 IRP_MJ_SYSTEM_CONTROL : BA8EF99E
15:41:56:968 1416 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:56:968 1416 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:56:968 1416 IRP_MJ_SET_QUOTA : 804F4562
15:41:56:968 1416 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:41:56:968 1416 sion
15:41:57:000 1416 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:41:57:000 1416
15:41:57:000 1416 Driver Name: atapi
15:41:57:000 1416 IRP_MJ_CREATE : BA7156F2
15:41:57:000 1416 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:41:57:000 1416 IRP_MJ_CLOSE : BA7156F2
15:41:57:000 1416 IRP_MJ_READ : 804F4562
15:41:57:000 1416 IRP_MJ_WRITE : 804F4562
15:41:57:000 1416 IRP_MJ_QUERY_INFORMATION : 804F4562
15:41:57:000 1416 IRP_MJ_SET_INFORMATION : 804F4562
15:41:57:000 1416 IRP_MJ_QUERY_EA : 804F4562
15:41:57:000 1416 IRP_MJ_SET_EA : 804F4562
15:41:57:000 1416 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:41:57:000 1416 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:41:57:000 1416 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:41:57:000 1416 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:41:57:000 1416 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:41:57:000 1416 IRP_MJ_DEVICE_CONTROL : BA715712
15:41:57:000 1416 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA711852
15:41:57:000 1416 IRP_MJ_SHUTDOWN : 804F4562
15:41:57:000 1416 IRP_MJ_LOCK_CONTROL : 804F4562
15:41:57:000 1416 IRP_MJ_CLEANUP : 804F4562
15:41:57:000 1416 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:41:57:000 1416 IRP_MJ_QUERY_SECURITY : 804F4562
15:41:57:000 1416 IRP_MJ_SET_SECURITY : 804F4562
15:41:57:031 1416 IRP_MJ_POWER : BA71573C
15:41:57:031 1416 IRP_MJ_SYSTEM_CONTROL : BA71C336
15:41:57:031 1416 IRP_MJ_DEVICE_CHANGE : 804F4562
15:41:57:031 1416 IRP_MJ_QUERY_QUOTA : 804F4562
15:41:57:031 1416 IRP_MJ_SET_QUOTA : 804F4562
15:41:57:031 1416 siohd: 0
15:41:57:062 1416 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
15:41:57:062 1416
15:41:57:062 1416 Completed
15:41:57:062 1416
15:41:57:062 1416 Results:
15:41:57:062 1416 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:41:57:062 1416 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:41:57:062 1416 File objects infected / cured / cured on reboot: 0 / 0 / 0
15:41:57:062 1416
15:41:57:062 1416 KLMD(ARK) unloaded successfully

PanzerschreckLeopard
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows XP
Points Points : 25657
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by Belahzur on 5th March 2010, 11:07 pm

Ah, well in any case, how's the machine running at the moment?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by PanzerschreckLeopard on 5th March 2010, 11:08 pm

Seems fine. Except AVG's scans really slow it. Would once a week be a good time for scheduled scans?

PanzerschreckLeopard
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows XP
Points Points : 25657
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by Belahzur on 5th March 2010, 11:17 pm

Yes. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by PanzerschreckLeopard on 5th March 2010, 11:19 pm

Thanks, it had it set to once a day. -_-'

I guess it's gone...but now I've gotten paranoid that any moment I'll get another...

PanzerschreckLeopard
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows XP
Points Points : 25657
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by Belahzur on 5th March 2010, 11:20 pm

Turn AVG's guard back on, keep it updated, and be careful what sites you surf.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "XP Antivirus Pro 2010" infection...No success in deleting at all!

Post by PanzerschreckLeopard on 5th March 2010, 11:25 pm

Okay. We plan on getting Norton. Big Grin

PanzerschreckLeopard
Intermediate
Intermediate

Posts Posts : 72
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows XP
Points Points : 25657
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum