ipsec.dll, btkrnl.dll "Trojans"?

View previous topic View next topic Go down

ipsec.dll, btkrnl.dll "Trojans"?

Post by moreyag on Thu 19 Apr 2012, 10:53 pm

good morning all.
I appear to have picked up a few backdoor trojans that keep popping up every time in spite of being quarantined and removed by AVG and removed by Malewarebytes Pro.
My laptop is running Win XP Pro SP3, AVG free a/v , Malewarebytes (paid version), Spybot S&D.
I keep getting the message move to vault, i click on move to vault, and it keeps popping up again. My WiFi & wired LAN connections just keep seeking a network address and i have no network connectivity.
These are the 3 files indicated as viruses:
ipsec.dll
btkrnl.dll
mssql$microsoftbcm.dll

Thanks in advance for any and all help.
Best regards as always,
Morey G
Regards
Morey

moreyag

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-12-06
Operating System : windows xp & xp pro

View user profile

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by DragonMaster Jay on Fri 20 Apr 2012, 12:21 am

Let's do some diagnostics...

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by moreyag on Fri 20 Apr 2012, 8:44 am

Status: Will be deleted when the computer is restarted (events: 2)
4/19/2012 4:37:17 PM Will be deleted when the computer is restarted Trojan program Backdoor.Win32.ZAccess.fln c:\WINDOWS\system32\pinnaclesys.mediaserver.dll High
4/19/2012 4:37:37 PM Will be deleted when the computer is restarted virus Virus.Win32.ZAccess.k c:\WINDOWS\system32\drivers\mrxsmb.sys High
Status: Deleted (events: 14)
4/19/2012 5:23:25 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP290\A0088566.sys High
4/19/2012 5:23:33 PM Deleted Trojan program Trojan.Win32.Scar.gfef C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP290\A0088573.exe High
4/19/2012 5:23:45 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP290\A0088593.sys High
4/19/2012 5:23:46 PM Deleted Trojan program Trojan.Win32.Scar.gfef C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP290\A0088601.exe High
4/19/2012 5:24:21 PM Deleted Trojan program Trojan.Win32.Scar.gfef C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088609.exe High
4/19/2012 5:25:22 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088720.sys High
4/19/2012 5:25:29 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088778.sys High
4/19/2012 5:25:28 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088806.sys High
4/19/2012 5:25:31 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088861.sys High
4/19/2012 5:25:39 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088907.sys High
4/19/2012 5:25:40 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088932.sys High
4/19/2012 5:25:40 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0088982.sys High
4/19/2012 5:25:46 PM Deleted virus Virus.Win32.ZAccess.k C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0089010.sys High
4/19/2012 5:36:37 PM Deleted Trojan program Backdoor.Win32.ZAccess.fln C:\WINDOWS\system32\pinnaclesys.mediaserver.dll High

moreyag

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-12-06
Operating System : windows xp & xp pro

View user profile

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by DragonMaster Jay on Fri 20 Apr 2012, 8:51 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by moreyag on Fri 20 Apr 2012, 10:03 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5a8085470497fc479b9854b61708a2b6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 11:00:01
# local_time=2012-04-19 07:00:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 73924260 73924260 0 0
# compatibility_mode=1024 16777175 100 0 16561397 16561397 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81082
# found=2
# cleaned=2
# scan_time=1961
C:\Documents and Settings\Morey G\Local Settings\Temporary Internet Files\Content.IE5\4W4X3OOV\mx_mainxu[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

moreyag

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-12-06
Operating System : windows xp & xp pro

View user profile

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by DragonMaster Jay on Fri 20 Apr 2012, 9:45 pm

Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by moreyag on Fri 20 Apr 2012, 10:28 pm

OK, here goes:
1 - CLEANED SYS RESTORE
2 - RAN OTC
3- COULD NOT RUN TFC- kept hanging for a long time and froze PC
4 - RAN SECURITY CHECK:
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
Windows Defender
HijackThis 2.0.2
Java(TM) 6 Update 24
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6.23) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

moreyag

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-12-06
Operating System : windows xp & xp pro

View user profile

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by DragonMaster Jay on Sun 22 Apr 2012, 2:12 am

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.


See this page for more info about malware and prevention.

Please feel free to get a good review of antivirus software here: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by moreyag on Sun 22 Apr 2012, 11:26 pm

Thanks so much for all the asistance. I updated Mozilla and Java as instructed.
I would like to get TFC to work if possible...i'm wondering why it freezes, any thoughts?
Thanks
MG

moreyag

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-12-06
Operating System : windows xp & xp pro

View user profile

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by DragonMaster Jay on Mon 23 Apr 2012, 5:40 am

It can do that on some PCs. Try this tool if you want to clean up, it works well:

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ipsec.dll, btkrnl.dll "Trojans"?

Post by Sponsored content Today at 6:08 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum