GBJIF Virus

View previous topic View next topic Go down

GBJIF Virus

Post by Sir $wat on 19th October 2010, 10:47 am

Hi, this is not for me, im helping out a friend here.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:43:21 AM, on 10/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ChgService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\p4\gbjif.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: msiebr Class - {7034E9F0-C72D-4EAF-AC6A-65CFF0808042} - C:\WINDOWS\system32\Direct3DX.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [gbjif] C:\Documents and Settings\p4\gbjif.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4900 bytes

Tell me how bad it is plz...



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Dr Jay on 19th October 2010, 6:12 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Sir $wat on 20th October 2010, 3:09 am

ComboFix 10-10-19.01 - p4 10/19/2010 22:59:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.664 [GMT -7:00]
Running from: c:\documents and settings\p4\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\p4\alg.exe
c:\documents and settings\p4\AUTORUN.INF
c:\documents and settings\p4\Cookies.lnk
c:\documents and settings\p4\gbjif.exe
c:\documents and settings\p4\gbjif.scr
c:\documents and settings\p4\xxx.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\direct3dx.dll
c:\windows\system32\host30.zip
c:\windows\system32\hostsb.db
c:\windows\system32\oobe\Dis.dll
c:\windows\system32\oobe\Drvn.dll
c:\windows\system32\oobe\rule
c:\windows\system32\oobe\rule\desktop.ini
c:\windows\system32\oobe\speed.dll
c:\windows\system32\Restore\ranback.dll
c:\windows\taobao.ico

.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-19 14:10 . 2010-10-19 14:10 74624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-19 14:10 . 2010-10-20 05:13 -------- d-----w- c:\program files\Prevx
2010-10-19 14:09 . 2010-10-19 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-10-19 13:41 . 2010-10-19 13:41 388096 ----a-r- c:\documents and settings\p4\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-19 13:41 . 2010-10-19 13:41 -------- d-----w- c:\program files\Trend Micro
2010-10-19 13:38 . 2010-10-19 13:38 -------- d-----w- c:\documents and settings\p4\Local Settings\Application Data\ESET
2010-10-18 23:47 . 2010-10-18 23:47 -------- d-----w- c:\documents and settings\p4\Application Data\ESET
2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\program files\ESET
2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-17 03:03 . 2010-10-17 03:03 -------- d-----w- c:\documents and settings\p4\Application Data\Malwarebytes
2010-10-17 01:56 . 2010-10-18 20:53 -------- d-----w- c:\windows\system32\NtmsData
2010-10-17 01:56 . 2010-10-17 01:56 -------- d-----w- c:\documents and settings\p4\Application Data\Avira
2010-10-17 01:50 . 2010-10-17 01:50 -------- d-----w- c:\program files\7-Zip
2010-10-17 01:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 01:49 . 2010-10-17 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 01:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 01:49 . 2010-10-17 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]

c:\documents and settings\p4\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-07-07 04:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 10:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 21:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-02-21 18:17 970752 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-02-21 18:19 819200 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 05:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 04:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 21:54 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"RichVideo"=2 (0x2)
"RegSrvc"=2 (0x2)
"InCDsrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [4/9/2009 3:19 PM 731840]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [6/28/2010 7:00 PM 135168]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [6/28/2010 7:00 PM 103424]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\"
"DataDir"="ESET\\ESET Smart Security\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\"
"LanguageId"=dword:00000409
"PackageTag"=dword:de882867
"ProductBase"=dword:00000001
"ProductCode"="{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.424.0"
"UniqueId"="0100AE344CBCDC46"
"ScannerBuild"=dword:00001283
"ScannerVersionId"=dword:00000f9d
"ScannerVersion"="3997 (20090409)"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-19 23:05:50
ComboFix-quarantined-files.txt 2010-10-20 06:05

Pre-Run: 19,250,974,720 bytes free
Post-Run: 19,211,870,208 bytes free

- - End Of File - - 47ABE595AD227D541CE02C0699B55950



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Dr Jay on 20th October 2010, 8:33 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Sir $wat on 20th October 2010, 10:33 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xF7ADB000 \WINDOWS\system32\KDCOM.DLL
0xF79EB000 \WINDOWS\system32\BOOTVID.dll
0xF74AC000 ACPI.sys
0xF7ADD000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF749B000 pci.sys
0xF75DB000 isapnp.sys
0xF79EF000 compbatt.sys
0xF79F3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BA3000 PCIIde.sys
0xF785B000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7ADF000 intelide.sys
0xF747D000 pcmcia.sys
0xF75EB000 MountMgr.sys
0xF745E000 ftdisk.sys
0xF7863000 PartMgr.sys
0xF75FB000 VolSnap.sys
0xF7446000 atapi.sys
0xF786B000 cercsr6.sys
0xF742E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF760B000 disk.sys
0xF761B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF740F000 fltMgr.sys
0xF73FD000 sr.sys
0xF73E6000 KSecDD.sys
0xF7359000 Ntfs.sys
0xF732C000 NDIS.sys
0xF7311000 Mup.sys
0xF770B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7152000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF713E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7114000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF78F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF70F1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6ED5000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF6E92000 \SystemRoot\system32\drivers\STAC97.sys
0xF6E6E000 \SystemRoot\system32\drivers\portcls.sys
0xF771B000 \SystemRoot\system32\drivers\drmk.sys
0xF6E4B000 \SystemRoot\system32\drivers\ks.sys
0xF6E18000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6D1B000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF6C6E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7903000 \SystemRoot\System32\Drivers\Modem.SYS
0xF772B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF790B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7913000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF773B000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6C5A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF774B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF775B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF776B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF791B000 \SystemRoot\system32\drivers\InCDPass.sys
0xF777B000 \SystemRoot\system32\drivers\InCDRm.sys
0xF778B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xF779B000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0xF7C04000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C43000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77CB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7923000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C32000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77DB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7933000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF793B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6BD9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B05000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77FB000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xF780B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF784B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AFF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B01000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D10000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B03000 \SystemRoot\System32\Drivers\Beep.SYS
0xF2A78000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF7963000 \SystemRoot\System32\drivers\vga.sys
0xF7B11000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B13000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF6C1A000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xF2A3C000 \SystemRoot\system32\drivers\InCDFs.sys
0xF796B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7973000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6C16000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2A29000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF29D1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF29BE000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
0xF2996000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF2974000 \SystemRoot\System32\drivers\afd.sys
0xF767B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2948000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF28D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF768B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF28B8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF769B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF27DF000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF27C7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B35000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF72B8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79BB000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF7D32000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA12000 \SystemRoot\System32\ati2cqag.dll
0xBFA44000 \SystemRoot\System32\atikvmag.dll
0xBFA76000 \SystemRoot\System32\ati3duag.dll
0xBFCAA000 \SystemRoot\System32\ativvaxx.dll
0xF0693000 \SystemRoot\system32\DRIVERS\eamon.sys
0xF0648000 \SystemRoot\system32\DRIVERS\epfw.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF0777000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xF04B0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF020B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF01F6000 \SystemRoot\system32\drivers\wdmaud.sys
0xF28A8000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B09000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF023C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEFF47000 \SystemRoot\system32\DRIVERS\srv.sys
0xEFB6E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF789B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEF964000 \SystemRoot\system32\drivers\kmixer.sys
0xEF941000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 28):
0 System Idle Process
4 System
1108 C:\WINDOWS\system32\smss.exe
1232 csrss.exe
1256 C:\WINDOWS\system32\winlogon.exe
1300 C:\WINDOWS\system32\services.exe
1312 C:\WINDOWS\system32\lsass.exe
1460 C:\WINDOWS\system32\svchost.exe
1560 svchost.exe
1596 C:\WINDOWS\system32\svchost.exe
1632 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1844 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1996 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
2004 C:\WINDOWS\explorer.exe
216 svchost.exe
400 svchost.exe
824 C:\WINDOWS\system32\spoolsv.exe
1020 svchost.exe
1032 C:\WINDOWS\system32\ChgService.exe
1060 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
1492 wdfmgr.exe
1732 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1828 C:\WINDOWS\system32\wuauclt.exe
1192 alg.exe
2412 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2424 C:\Program Files\ESET\ESET Smart Security\egui.exe
3220 C:\Documents and Settings\p4\Desktop\MBRCheck.exe
3340 wmiprvse.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Dr Jay on 20th October 2010, 9:21 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Sir $wat on 20th October 2010, 11:47 pm

Hi, I will be unable to do that because My ISP is having majpor probs... every few minutes i get disconnected. They r not sure when it will be fixed.



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: GBJIF Virus

Post by Dr Jay on 22nd October 2010, 3:13 am

Download [You must be registered and logged in to see this link.]

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum