bankerfox.a niguel and wuaudt.exe virus

View previous topic View next topic Go down

bankerfox.a niguel and wuaudt.exe virus

Post by hanhbuip on 4th March 2010, 5:40 am

I got this virus like a week ago, google how to do, read couple of your topics, tried to kill it but could not. So today I restored my laptop and everything seems fine, no pop-ups. Feel very happy!

However I still feel kind of weird because the computer is rather unstable- fast, slow, slow, fast then hung up... I just got it back from Dell a month ago( I sent to them for a repair).

I ran the combofix and hijackit things and have the logs. How can you make sure that the virus is removed? How to prevent thing like this happen in the future. This is my first time to see a virus appear like this on my laptop.
Thank you every much.

hanhbuip
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-03-02
OS OS : Windows XP
Points Points : 24748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.a niguel and wuaudt.exe virus

Post by Belahzur on 4th March 2010, 11:38 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: bankerfox.a niguel and wuaudt.exe virus

Post by hanhbuip on 10th March 2010, 6:18 pm

OTL logfile created on: 3/7/2010 11:03:27 PM - Run 2
OTL by OldTimer - Version 3.1.34.0 Folder = D:\
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 88.10 Gb Free Space | 78.81% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 1.54 Gb Free Space | 20.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OSU-7FA3964EFFE
Current User Name: Hanh Bui
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 12:53:34 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010/02/20 03:10:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/11/01 07:10:10 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2006/02/27 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 12:53:34 | 000,553,984 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2006/02/27 15:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/02/27 15:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2006/02/27 15:00:00 | 000,250,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPTIP.dll
MOD - [2006/02/27 15:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\SPGRMR.dll
MOD - [2004/08/03 15:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll
MOD - [2002/08/29 03:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/12/19 11:59:56 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\SigmaTel\DellXPM_5921v137\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2009/01/05 15:59:10 | 001,229,949 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/11/02 00:52:06 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/16 18:10:42 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 17:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/28 12:47:50 | 000,000,000 | ---D | M]

[2009/11/28 21:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanh Bui\Application Data\Mozilla\Extensions
[2010/03/01 15:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanh Bui\Application Data\Mozilla\Firefox\Profiles\0kpxik3h.default\extensions
[2010/01/16 03:29:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Hanh Bui\Application Data\Mozilla\Firefox\Profiles\0kpxik3h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanh Bui\Application Data\Mozilla\Firefox\Profiles\0kpxik3h.default\extensions\searchrecs@veoh.com
[2010/03/01 15:40:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/02/27 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (IDT, Inc.)
O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Hanh Bui\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clubbox.co.kr ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/28 14:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/06 11:19:54 | 000,000,461 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{31a0099a-dec6-11de-b7a6-001f3a30d824}\Shell\AutoRun\command - "" = PLATI///tibre.exe
O33 - MountPoints2\{31a0099a-dec6-11de-b7a6-001f3a30d824}\Shell\open\command - "" = PLATI///tibre.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 00:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/04 00:17:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/04 00:16:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/04 00:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/03 23:54:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/03 23:54:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/03 23:54:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/03 23:54:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/03 23:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/03 23:54:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/03 22:39:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/02 07:13:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/01 22:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/01 22:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/28 12:49:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hanh Bui\My Documents\My Music
[2010/02/28 12:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanh Bui\Application Data\Apple Computer
[2010/02/28 12:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/28 12:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/28 12:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/28 12:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/28 12:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/02/28 12:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\Apple Computer
[2010/02/25 13:08:42 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/02/25 13:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/02/25 13:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/25 13:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/02/25 13:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\Microsoft Help
[2010/02/25 13:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/25 13:04:01 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/02/16 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/02/16 12:54:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hanh Bui\My Documents\My Videos
[2009/11/28 14:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/28 14:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/28 14:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/28 14:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 23:01:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 22:52:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 22:41:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 00:27:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\HijackThis.lnk
[2010/03/04 00:21:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/04 00:17:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/04 00:13:56 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 00:13:56 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/04 00:13:56 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 00:05:17 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\Shortcut (2) to ComboFix.lnk
[2010/03/04 00:05:05 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\Shortcut to ComboFix.lnk
[2010/03/03 23:50:33 | 002,695,892 | -H-- | M] () -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\IconCache.db
[2010/03/01 22:15:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/01 22:12:12 | 000,032,256 | R--- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\Resume_HanhBui.doc
[2010/02/28 16:37:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\SharePodSettings.xml
[2010/02/28 13:06:24 | 000,237,507 | ---- | M] () -- C:\ituneslib.itl
[2010/02/27 03:16:40 | 000,027,488 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/27 03:16:09 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/26 13:46:30 | 001,851,392 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\ntuser.dat
[2010/02/24 23:50:47 | 001,972,584 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\g.jpg
[2010/02/24 23:50:43 | 001,972,584 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\g
[2010/02/24 23:47:25 | 001,687,608 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\f.jpg
[2010/02/24 23:47:21 | 001,687,608 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\f
[2010/02/24 23:42:04 | 001,687,608 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4460.jpg
[2010/02/23 21:36:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Hanh Bui\ntuser.ini
[2010/02/17 00:37:53 | 001,362,044 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4419.jpg
[2010/02/17 00:35:02 | 001,070,054 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4418.jpg
[2010/02/17 00:32:00 | 000,561,447 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4350.jpg
[2010/02/16 12:56:35 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Hanh Bui\Desktop\Veoh.com.lnk
[2010/02/15 23:50:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 00:27:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\HijackThis.lnk
[2010/03/04 00:17:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/04 00:17:28 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/04 00:05:17 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\Shortcut (2) to ComboFix.lnk
[2010/03/04 00:05:05 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\Shortcut to ComboFix.lnk
[2010/03/03 23:54:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/03 23:54:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/03 23:54:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/03 23:54:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/03 23:54:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/01 22:18:18 | 000,032,256 | R--- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\Resume_HanhBui.doc
[2010/02/28 16:37:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\SharePodSettings.xml
[2010/02/28 13:06:24 | 000,237,507 | ---- | C] () -- C:\ituneslib.itl
[2010/02/26 13:46:29 | 001,851,392 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\ntuser.dat
[2010/02/24 23:50:47 | 001,972,584 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\g.jpg
[2010/02/24 23:50:43 | 001,972,584 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\g
[2010/02/24 23:47:25 | 001,687,608 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\f.jpg
[2010/02/24 23:47:21 | 001,687,608 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\f
[2010/02/24 23:42:03 | 001,687,608 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4460.jpg
[2010/02/17 00:37:53 | 001,362,044 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4419.jpg
[2010/02/17 00:35:02 | 001,070,054 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4418.jpg
[2010/02/17 00:32:00 | 000,561,447 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\IMG_4350.jpg
[2010/02/16 12:56:35 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Desktop\Veoh.com.lnk
[2009/12/28 14:41:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/17 00:18:34 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 20:54:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/11/28 20:54:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/28 14:51:25 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Hanh Bui\Local Settings\Application Data\fusioncache.dat
[2006/02/27 15:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >

Here is the report. I'll try to get the other. Now the computer has a problem with the Internet. It just stop browsing after a couple of minutes, can't use the Crtl Alt Del, too
Thanks

hanhbuip
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-03-02
OS OS : Windows XP
Points Points : 24748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.a niguel and wuaudt.exe virus

Post by Belahzur on 10th March 2010, 10:11 pm

Hello.

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O32 - AutoRun File - [2010/03/06 11:19:54 | 000,000,461 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{31a0099a-dec6-11de-b7a6-001f3a30d824}\Shell\AutoRun\command - "" = PLATI///tibre.exe
    O33 - MountPoints2\{31a0099a-dec6-11de-b7a6-001f3a30d824}\Shell\open\command - "" = PLATI///tibre.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum