win32.zafi.b pop AND connectivity issue

View previous topic View next topic Go down

Solved win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 2:09 am

I'm getting the win32.zafi.b pop up and since I received it and have been trying to fix it, I can no longer connect to the internet on that system.

I downloaded and ran "THe Cleaner" from moosoft (I had used that years ago to remove a different worm from my father's computer) and it found nothing.

Adaware found some items and removed them, however I still get the pop up.

AVG Found some items and removed them as well. Still I get the pop up.

I cannot update the database for either programs as that computer will no longer connect. I believe that something linked to the worm was removed and took out a component.

Having read other posts from earlier, I used MT Move it and it did remove some things, however it did say failed in the last segment. If you can post where to find the text I'll attempt to find it on the infected system so I can post it. I am currently running malwarebytes to see what that finds and I have run DDS on the infected system and I will post again with the logs from those shortly.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 3:33 am

DDS Log:


DDS (Ver_09-01-07.01) - NTFSx86 MINIMAL
Run by Administrator at 21:05:52.98 on Mon 01/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1269 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wclock] "c:\documents and settings\brad purcell\application data\google\yfijv17721328.exe" 2
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-12 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-12 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-12 81288]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-12 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-12 1079176]
S1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-1-12 160792]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2008-5-29 822400]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-1 24652]
S4 WMP300NSvc;WMP300NSvc;c:\program files\linksys\wmp300n\WLService.exe [2008-5-29 53307]

=============== Created Last 30 ================

2009-01-12 20:49 --d----- c:\documents and settings\Administrator
2009-01-12 20:40 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-01-12 20:40 --d----- c:\program files\common files\PC Tools
2009-01-12 20:40 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-12 20:40 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-12 20:40 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-12 20:40 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-12 20:40 --d----- c:\program files\Spyware Doctor
2009-01-12 20:40 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-01-12 20:01 --d----- C:\_OTMoveIt
2009-01-12 09:12 --d-h--- C:\$AVG8.VAULT$
2009-01-11 23:01 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-11 23:01 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-11 23:01 --d----- c:\windows\system32\drivers\Avg
2009-01-11 23:01 --d----- c:\program files\AVG
2009-01-11 23:01 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-11 22:57 --d----- c:\program files\Lavasoft
2009-01-11 22:46 2,204 a------- c:\windows\system32\TDSSfxmp.dll
2009-01-11 22:46 61,440 a------- c:\windows\system32\TDSScfum.dll
2009-01-11 22:46 31,232 a------- c:\windows\system32\TDSSriqp.dll
2009-01-11 22:46 29,696 a------- c:\windows\system32\TDSSnrsr.dll
2009-01-11 22:46 441 a------- c:\windows\system32\TDSSosvd.dat
2009-01-11 22:46 60,416 a------- c:\windows\system32\drivers\TDSSpaxt.sys
2009-01-11 22:46 35,840 a------- c:\windows\system32\TDSSofxh.dll
2009-01-11 22:30 5,376 a------- c:\windows\system32\drivers\MS1000.sys
2009-01-11 22:29 --d----- c:\program files\The Cleaner Demo
2009-01-11 22:21 49,152 a------- c:\windows\system32\drivers\svchost.exe
2009-01-02 19:52 --d----- c:\program files\Unity
2008-12-30 08:05 --d----- c:\program files\City of Heroes
2008-12-26 14:14 --d----- c:\program files\Bonjour
2008-12-26 14:12 --d----- c:\program files\iPod
2008-12-26 14:12 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll

============= FINISH: 21:06:22.98 ===============



Malware Log

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 2

1/12/2009 10:30:09 PM
mbam-log-2009-01-12 (22-30-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 120510
Time elapsed: 1 hour(s), 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> No action taken.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 3:35 am

Now I don't know why my infected system won't connet to the internet? I've tried repairing the connection and it can't seem to fix the issue.

Any recommendations?

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 3:40 am

rebooted in regular xp mode (not safe) and I am still getting the pop up.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 4:06 am

Tried uninstalling and reinstalling my wmp300n linksys drivers to see if that would fix the connectivity issue. Still getting "Cannot Associate with the Access Point". I'm still getting that cursed pop up too.

I really don't want to reformat.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 5:39 am

Another Log I received from AVG while in safe mode.

AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.9.10/1809 2008-11-24

C:\0eb827935d5935edb7f226facf6c20\update\ Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Brad Purcell\ Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\e085d1c2af81fb95f0\update\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.ilg Locked file. Not tested.
C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.ilg Locked file. Not tested.
C:\Program Files\Mozilla Firefox\uninstall\uninstall.update Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\es.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\499d88992cc178e259a7\msxml4-KB927978-enu.log Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 423164
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by Belahzur on 13th January 2009, 9:44 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    c:\documents and settings\p\application data\google\*.*
    c:\windows\system32\TDSSfxmp.dll
    c:\windows\system32\TDSScfum.dll
    c:\windows\system32\TDSSriqp.dll
    c:\windows\system32\TDSSnrsr.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\drivers\TDSSpaxt.sys
    c:\windows\system32\TDSSofxh.dll
    c:\windows\system32\drivers\svchost.exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wclock"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Please scan again with MBAM after the OTMoveIt run and remove anything found.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 10:07 am

Here's the OT Moveit Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\documents and settings\p\application data\google\*.* not found.
File/Folder c:\windows\system32\TDSSfxmp.dll not found.
File/Folder c:\windows\system32\TDSScfum.dll not found.
File/Folder c:\windows\system32\TDSSriqp.dll not found.
File/Folder c:\windows\system32\TDSSnrsr.dll not found.
c:\windows\system32\TDSSosvd.dat moved successfully.
File/Folder c:\windows\system32\drivers\TDSSpaxt.sys not found.
File/Folder c:\windows\system32\TDSSofxh.dll not found.
File/Folder c:\windows\system32\drivers\svchost.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d18.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_045958

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_d18.dat not found!


I'm currently scanning with MBAM.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 12:04 pm

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 2

1/13/2009 6:42:23 AM
mbam-log-2009-01-13 (06-42-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115715
Time elapsed: 44 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{548CF37A-A5A7-4972-BB06-DD83FE59E785}\RP163\A0050275.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{548CF37A-A5A7-4972-BB06-DD83FE59E785}\RP163\A0050273.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{548CF37A-A5A7-4972-BB06-DD83FE59E785}\RP163\A0050274.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{548CF37A-A5A7-4972-BB06-DD83FE59E785}\RP163\A0050276.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brad Purcell\Application Data\Google\mjkspc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brad Purcell\Application Data\Google\yfijv17721328.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


It looks like the pop up is gone and it seems to be loading quicker.

The only issue now is...I can't get it to connect. I've reinstalled the drivers for the wireless adapter and it says it "Cannot associate with access point"



and when I try repairing the adapter with windows...this is what I get.


aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 12:08 pm

Sorry, meant to post this image too so you could see what the windows network repair tool said.



Any ideas on what I can do?


And thank you SO much for helping me get rid of that win32.zafi trojan.

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by Belahzur on 13th January 2009, 3:48 pm

I actually didn't help you, OTMoveIt only deleted a run value, MBAM did the rest.
We can try the Winsock fix, but you may need to post in our networking forum and someone who knows more about network than I do will help you.

Try the Winsock fix from here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by aquaticmuse on 13th January 2009, 9:37 pm

Oh come now...you know you're a life saver ^_^

aquaticmuse
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-01-13
OS OS : windows xp
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by Belahzur on 13th January 2009, 9:40 pm

Haha.
Did the Winsock fix work?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: win32.zafi.b pop AND connectivity issue

Post by Doctor Inferno on 28th March 2009, 9:02 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum