Lill problem..

View previous topic View next topic Go down

Lill problem..

Post by Nazzgull on Sat Mar 28, 2009 10:22 am

Guys, i got some problem with my friend computer.. Anyway, i remove a lot of malware, but cant find one who doing this

Code:
2009-03-27 23:08 28,672 a------- c:\windows\system32\11.tmp
2009-03-27 23:08 162,304 a------- c:\windows\system32\D.tmp
2009-03-27 23:08 128 a------- c:\windows\system32\B.tmp
2009-03-27 23:05 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-03-27 23:05 37,376 a------- c:\windows\system32\reader_s.exe
2009-03-27 23:05 28,672 a------- c:\windows\system32\1A.tmp
2009-03-27 23:03 128 a------- c:\windows\system32\E.tmp
2009-03-27 20:52 37,376 a------- c:\documents and settings\administrator\reader_s.exe
2009-03-27 20:50 28,672 a------- c:\windows\system32\1E.tmp
2009-03-27 20:47 128 a------- c:\windows\system32\3.tmp
2009-03-27 20:30 11,451,347 a------- c:\windows\services.exe
2009-03-27 20:30 28,672 a------- c:\windows\system32\28F.tmp
2009-03-27 20:28 128 a------- c:\windows\system32\287.tmp
2009-03-27 18:56
--d----- c:\program files\Valve
2009-03-27 16:47 29,696 a------- c:\windows\system32\F.tmp
2009-03-27 16:46 71,680 a------- c:\windows\system32\A.tmp
2009-03-27 16:46 124 a------- c:\windows\system32\9.tmp
2009-03-27 15:32 36,864 a------- c:\windows\system32\dxonool32.sys
2009-03-27 15:32 8 a------- c:\windows\system32\comsa32.sys
2009-03-27 15:32 212,992 a------- c:\windows\system32\w.exe
2009-03-27 15:32 212,992 a------- c:\windows\system32\tpszxyd.sys
2009-03-27 15:32 195,072 a------- c:\windows\system32\afisicx.exe
2009-03-27 15:32 0 a------- c:\windows\system32\371.tmp
2009-03-27 15:32 31,744 a------- c:\windows\system32\370.tmp
2009-03-27 15:32 80 a------- c:\windows\system32\36D.tmp
2009-03-27 14:59 4,767 a------- c:\windows\Irremote.ini
2009-03-26 21:13 1,757,184 a------- c:\windows\system32\imagX7.dll
2009-03-26 21:13 802,816 a------- c:\windows\system32\imagXRA7.dll
2009-03-26 21:13 497,296 a------- c:\windows\system32\imagXpr7.dll
2009-03-26 21:13 368,640 a------- c:\windows\system32\TwnLib4.dll
2009-03-26 21:13 258,048 a------- c:\windows\system32\imagXR7.dll

Is that some kind of Vundo or i don't know.. Because create some stupid files name 370.tmp and somehting like that for 100 times.. Already removed some Trojan horse, and a lot of Spyware with Hijack and Malwarebytes. But when DSS scan his computer, only i can't find is that one.

Tell me if you need whole log file.



Nazzgull
Top Dog
Top Dog

Status :
Online
Offline

Posts : 2343
Joined : 2008-08-03
Gender : Male
OS : Windows 7 Professional

View user profile

Back to top Go down

Re: Lill problem..

Post by Belahzur on Sat Mar 28, 2009 2:34 pm

Hello Nazz.
Bad news, it's not Vundo.

It's Virut. I see these files all too often. Virut is a file infecter, infecting every single .exe and .scr type files on the machine.

Sorry, but for this machine, it's game over.
See here:
[You must be registered and logged in to see this link.]

Backup anything the user doesn't want to lose and format the machine.

DO NOT backup any of these file types because they are infected.
htm/html/asp/php/exe/scr


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lill problem..

Post by Nazzgull on Sat Mar 28, 2009 3:53 pm

WoW. Really bad news.. Okay, thanks Belazur. You can lock this..



Nazzgull
Top Dog
Top Dog

Status :
Online
Offline

Posts : 2343
Joined : 2008-08-03
Gender : Male
OS : Windows 7 Professional

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum