 [Resolved] Help! Trojan virus, Trojan-spy.Win32.banker.aiw |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Nov 17 2008, 02:27 PM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 23 Joined: 13-November 08 Member No.: 82,375 Operating System: XP  |
Hi There,
My flatmate had a virus recently and told me how helpful this forum was!! Now my compuer is infected (different virus). Basically, everytime I turn on my computer I'm greeted with a sign from "Windows Security Alert" saying that "Wondows firewall has blocked some features of this program". I'm told the virus is called Trojan-spy.Win32. Banker.aiw, has a risk level of High and is likely to steal information from users of a range of online payment systems. There is also a link to buy some 'handy' spyware removal software. I've been told that this virus isn't as serious as it makes itself out to be and is just trying to get me to buy the software from the link. Not sure if this is true, but the pop-ups are irritating and slowing my computer and causing it to crash. Have since down a clean up of useless junk and gotten rid of P2P programs like Limewire. An AVG scan and Malwarebyte anti-malware scan don't show the virus so can someone please help me out!!! Many thanks!! |
 |
 
|
|
Replies
|
Nov 27 2008, 01:48 PM
Post
#2
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 13-November 08 Member No.: 82,375 Operating System: XP |
Hi JP,
Here is the data from both tests. I've also disabled User Account Control. This has stopped my computer crashing as often. ComboFix Log ComboFix 08-11-27.01 - seannewton2000 2008-11-27 17:49:21.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.278 [GMT 0:00] Running from: c:\users\seannewton2000\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Dcads Advanced Toolbar c:\windows\system32\dcads-remove.exe . ((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 ))))))))))))))))))))))))))))))) . 2008-11-27 03:08 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll 2008-11-27 03:08 . 2008-08-02 01:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys 2008-11-27 03:08 . 2008-06-26 03:29 565,248 --a------ c:\windows\System32\emdmgmt.dll 2008-11-27 03:08 . 2008-05-20 02:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys 2008-11-27 03:08 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-11-27 03:08 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-11-27 03:08 . 2008-06-26 03:29 45,056 --a------ c:\windows\System32\dataclen.dll 2008-11-27 03:08 . 2008-08-02 03:26 36,864 --a------ c:\windows\System32\cdd.dll 2008-11-27 03:07 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys 2008-11-27 03:07 . 2008-05-08 21:59 430,080 --a------ c:\windows\System32\vbscript.dll 2008-11-27 03:07 . 2008-05-08 21:59 180,224 --a------ c:\windows\System32\scrobj.dll 2008-11-27 03:07 . 2008-05-08 21:59 172,032 --a------ c:\windows\System32\scrrun.dll 2008-11-27 03:07 . 2008-05-08 21:59 155,648 --a------ c:\windows\System32\wscript.exe 2008-11-27 03:07 . 2008-05-08 21:58 135,168 --a------ c:\windows\System32\wshom.ocx 2008-11-27 03:07 . 2008-05-08 21:58 135,168 --a------ c:\windows\System32\cscript.exe 2008-11-27 03:07 . 2008-05-08 21:59 90,112 --a------ c:\windows\System32\wshext.dll 2008-11-27 03:07 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys 2008-11-27 03:07 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll 2008-11-26 22:06 . 2008-11-26 22:06 <DIR> d-------- C:\PerfLogs 2008-11-26 21:01 . 2008-11-26 21:01 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-11-26 20:13 . 2008-11-26 20:13 <DIR> d-------- C:\c3d6c22010c10b7a9c55552e 2008-11-26 20:12 . 2008-11-26 20:12 <DIR> d-------- c:\windows\CheckSur 2008-11-25 22:28 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-25 22:28 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-25 22:28 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-25 22:27 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-23 20:40 . 2008-11-23 20:40 249,592 --a------ c:\windows\System32\cssdll32.dll 2008-11-23 20:36 . 2008-11-24 06:54 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy 2008-11-23 20:36 . 2008-11-24 06:54 <DIR> d-------- c:\programdata\Spybot - Search & Destroy 2008-11-23 20:36 . 2008-11-23 20:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-23 20:35 . 2008-11-23 20:35 <DIR> d-------- c:\users\All Users\comodo 2008-11-23 20:35 . 2008-11-23 20:35 <DIR> d-------- c:\programdata\comodo 2008-11-23 20:35 . 2008-11-23 20:40 <DIR> d-------- c:\program files\COMODO 2008-11-23 20:30 . 2008-11-26 20:11 <DIR> d-a------ c:\users\All Users\TEMP 2008-11-23 20:30 . 2008-11-26 20:11 <DIR> d-a------ c:\programdata\TEMP 2008-11-23 20:30 . 2008-11-23 20:33 <DIR> d-------- c:\program files\SpywareBlaster 2008-11-23 20:27 . 2008-11-23 20:27 <DIR> d-------- c:\users\seannewton2000\AppData\Roaming\WinPatrol 2008-11-23 20:27 . 2008-11-23 20:27 <DIR> d-------- c:\program files\BillP Studios 2008-11-22 20:21 . 2008-11-22 20:21 250 --a------ c:\windows\gmer.ini 2008-11-19 22:44 . 2008-11-19 22:44 <DIR> d-------- c:\windows\Sun 2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\users\All Users\NortonInstaller 2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\programdata\NortonInstaller 2008-11-16 20:56 . 2008-11-18 20:33 <DIR> d-------- C:\My Documents 2008-11-16 20:36 . 2008-11-16 20:36 <DIR> d-------- c:\users\seannewton2000\AppData\Roaming\Malwarebytes 2008-11-16 20:36 . 2008-11-16 20:36 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-16 20:36 . 2008-11-16 20:36 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-16 20:36 . 2008-11-16 20:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-16 20:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-16 20:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-16 09:53 . 2008-11-26 19:43 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-16 09:28 . 2008-11-19 21:05 <DIR> d-------- c:\windows\System32\drivers\Avg 2008-11-16 09:28 . 2008-11-16 09:28 <DIR> d-------- c:\users\All Users\avg8 2008-11-16 09:28 . 2008-11-16 09:28 <DIR> d-------- c:\programdata\avg8 2008-11-16 09:28 . 2008-11-16 09:28 <DIR> d-------- c:\program files\AVG 2008-11-16 09:28 . 2008-11-16 09:28 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-11-16 09:28 . 2008-11-16 09:28 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys 2008-11-16 09:28 . 2008-11-16 09:28 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-11-14 18:32 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-14 18:32 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-14 18:32 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-14 18:32 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-14 18:31 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-14 18:31 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-11 19:25 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-11 19:25 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 19:10 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-03 19:06 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-11-03 19:06 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-11-03 19:06 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-11-03 19:06 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-11-03 19:06 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-11-01 15:22 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-11-01 15:22 . 2008-01-19 07:36 37,888 --a------ c:\windows\System32\printcom.dll 2008-11-01 11:05 . 2004-08-04 02:56 28,672 -ra------ C:\setupSNK.exe 2008-11-01 11:01 . 2008-11-01 11:01 <DIR> d-------- C:\Setup 2008-11-01 10:44 . 2008-11-01 11:24 <DIR> d-------- c:\temp\aol 2008-11-01 10:44 . 2008-11-01 10:44 <DIR> d-------- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-26 22:22 174 --sha-w c:\program files\desktop.ini 2008-11-26 22:11 --------- d-----w c:\program files\Windows Sidebar 2008-11-26 22:11 --------- d-----w c:\program files\Windows Photo Gallery 2008-11-26 22:11 --------- d-----w c:\program files\Windows Mail 2008-11-26 22:11 --------- d-----w c:\program files\Windows Journal 2008-11-26 22:11 --------- d-----w c:\program files\Windows Defender 2008-11-26 22:11 --------- d-----w c:\program files\Windows Collaboration 2008-11-26 22:11 --------- d-----w c:\program files\Windows Calendar 2008-11-26 21:21 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-11-26 21:20 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-11-26 20:27 --------- d-----w c:\program files\Java 2008-11-19 21:35 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-19 03:02 --------- d-----w c:\programdata\Microsoft Help 2008-11-18 21:01 --------- d-----w c:\program files\MestRe-C 2008-11-16 22:51 --------- d-----w c:\program files\Roxio 2008-11-16 22:50 --------- d-----w c:\program files\Common Files\Roxio Shared 2008-11-16 21:58 --------- d-----w c:\program files\LimeWire 2008-11-16 09:53 --------- d-----w c:\users\seannewton2000\AppData\Roaming\CyberLink 2008-11-15 22:16 --------- d-----w c:\users\seannewton2000\AppData\Roaming\dvdcss 2008-11-15 22:16 --------- d-----w c:\users\seannewton2000\AppData\Roaming\DivX 2008-11-15 22:16 --------- d-----w c:\users\seannewton2000\AppData\Roaming\Dcads Advanced Toolbar 2008-11-15 22:16 --------- d-----w c:\users\seannewton2000\AppData\Roaming\Apple Computer 2008-11-10 20:13 --------- d-----w c:\users\seannewton2000\AppData\Roaming\LimeWire 2008-11-01 11:32 --------- d-----w c:\program files\Common Files\aol 2008-11-01 11:24 --------- d-----w c:\program files\AOL 9.0 VR 2008-11-01 11:23 --------- d-----w c:\users\seannewton2000\AppData\Roaming\AOL 2008-10-06 22:03 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2007-09-03 21:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-03 21:15 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-03 21:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-05-30 18:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007053020070531\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "dwm"="c:\users\seannewton2000\AppData\Roaming\Google\dwm.exe" [2008-11-15 104960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-16 1234712] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-23 278264] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll [HKLM\~\startupfolder\C:^Users^seannewton2000^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\seannewton2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwm] --a------ 2008-11-15 22:15 104960 c:\users\seannewton2000\AppData\Roaming\Google\dwm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-11-14 14:01 50736 c:\program files\Common Files\aol\1162935776\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0678C884-EF29-43B1-9E9F-44CF6697BDAD}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler "{A62410DC-C2D0-4457-900F-5C80B89B6775}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler "{8D94E4FA-5BF1-440A-A519-A7135C502689}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services "{96EDA1EC-7431-4391-9B53-05A77C28C05C}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services "{E6789982-A79C-4E1C-9601-01ADEBBBD8E8}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{C94A6AA5-DFA7-4935-9219-591B182DA88A}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{5576A35F-04A7-45FA-BA04-EFA5E5B72396}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{6C4795E3-B2C7-4644-8CB3-20C8D52954C3}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{1291996B-6B06-44D1-800D-443A990EF8C5}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{A14D9158-390D-476E-B374-5BED29CF6B24}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{65D01209-EDBA-4196-B910-F346E2244BC5}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{865A7ACB-A2CD-4E5E-9DA9-939A279C7D1F}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{68F03D5E-EB23-4D13-A41E-39EDEFBD8B4C}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{6000986C-783B-463C-B8E2-52992BB66098}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{56053D74-28CF-442F-9E87-61C0CF8DA20B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5F7475CD-5381-4FA6-8EEA-CE5751E27BAC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7830D4E8-825C-4002-B6B4-0DF4B10FBD7B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{6D9AC027-6AED-4D04-B7DD-279EEADDFF2C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{4A2E6FF3-AC11-4A23-9CC1-15E7864BB9DD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{0FADF910-A6DD-4AC4-99D5-9B61DACB850D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{9AB72BDD-4608-4A2E-A2DF-E1349BAFD193}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{323AFA42-BC43-49F0-8E58-04A0C570C682}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{3EBD1D14-F0BE-49E1-AFCB-8AAD22BE85F5}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{6744131A-B65F-48F1-9C87-3EA56B8CD9AB}c:\\program files\\morpheus\\morpheus.exe"= UDP:c:\program files\morpheus\morpheus.exe:Morpheus "UDP Query User{3E4A4E32-0CB1-49D6-A72B-5D8E24D12B23}c:\\program files\\morpheus\\morpheus.exe"= TCP:c:\program files\morpheus\morpheus.exe:Morpheus "TCP Query User{50E51F9B-3884-4006-8709-AEA289E4781D}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{3A225376-D739-4B4E-A396-F86FB278A3BF}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{EDB83FFE-9247-486D-932E-54953F36AAFB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{FDAB6926-8875-4658-BE84-1BBE0BC8C4D2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{56727467-E860-4F94-A8EA-DDDEC63746C2}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{687695D2-DC09-47C2-A302-006C55724B0F}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{2BA83A9E-E043-45E3-A298-5BB07734FAB4}"= UDP:c:\program files\Common Files\aol\1162935776\ee\aolsoftware.exe:AOL Shared Components "{ACC1D7A3-CAF4-4A93-99FA-FC5E36C0F3AF}"= TCP:c:\program files\Common Files\aol\1162935776\ee\aolsoftware.exe:AOL Shared Components "{C929B45F-4CC6-47B1-9B96-42681AAF7860}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{C667EEAC-EE06-4A00-B31C-5BC2F20B38C8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{874FB900-58E0-426C-96E5-A7132A246ABA}"= UDP:c:\users\seannewton2000\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool "{6BFF08F2-2560-45E5-A007-2F5FF3088170}"= TCP:c:\users\seannewton2000\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-16 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-16 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-23 809296] R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-16 69128] R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2007-09-28 316928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\DTSP_Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a03f894-2c5b-11dd-a363-00038a000015}] \shell\AutoRun\command - F:\DTSP_Launcher.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-27 c:\windows\Tasks\User_Feed_Synchronization-{FBC99B10-8A1F-45FD-8052-3CA227D0B311}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 07:33] . - - - - ORPHANS REMOVED - - - - HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\users\seannewton2000\AppData\Roaming\Mozilla\Firefox\Profiles\hmf7hwxg.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-27 17:53:28 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP0000006082A975D3A0E2FEC4 524288 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(748) c:\windows\system32\avgrsstx.dll c:\windows\system32\cssdll32.dll - - - - - - - > 'lsass.exe'(708) c:\windows\system32\avgrsstx.dll c:\windows\system32\cssdll32.dll . Completion time: 2008-11-27 17:55:13 ComboFix-quarantined-files.txt 2008-11-27 17:55:10 Pre-Run: 31,864,483,840 bytes free Post-Run: 31,688,105,984 bytes free 261 --- E O F --- 2008-11-27 04:33:45 HiJackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:51, on 27/11/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\seannewton2000\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [dwm] "C:\Users\seannewton2000\AppData\Roaming\Google\dwm.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1227563474827 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227683734235 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 6886 bytes Many Thanks!!!! This post has been edited by richard_w_2002uk: Nov 27 2008, 01:50 PM |
|
|
|
Posts in this topic
richard_w_2002uk [Resolved] Help! Trojan virus Nov 17 2008, 02:27 PM
richard_w_2002uk These are the results from the anti-malware scan
... Nov 17 2008, 02:46 PM jpshortstuff Hi, and Welcome to WhatTheTech
My name is jpshor... Nov 18 2008, 10:09 AM richard_w_2002uk DDS report!!
DDS (Version 1.0) - NTFSx86... Nov 18 2008, 12:52 PM richard_w_2002uk Reults from Hijack this
Logfile of Trend Micro Hi... Nov 18 2008, 01:00 PM jpshortstuff Hi.
I notice you have both AVG and Norton on your... Nov 19 2008, 04:19 AM richard_w_2002uk Hi there,
My apologies for not replying sooner bu... Nov 21 2008, 12:07 PM jpshortstuff Hi
I'm not an expert at troubleshooting tech... Nov 22 2008, 04:42 AM richard_w_2002uk Hi JP,
Really appreciate all your help. Apart fro... Nov 22 2008, 03:04 PM jpshortstuff Hi.
Log looks good
You can now delete any other... Nov 23 2008, 04:36 AM richard_w_2002uk Hi JP,
Thanks for all your help. I dowloaded all ... Nov 25 2008, 04:34 PM jpshortstuff Hang on, I didn't know you were still getting ... Nov 26 2008, 01:12 AM richard_w_2002uk My apologies for not being more clear!!... Nov 26 2008, 12:28 PM jpshortstuff Hi.
Yes, it would appear that you are still infec... Nov 27 2008, 12:47 AM jpshortstuff Run ATF-Cleaner again and empty all.
Still gettin... Nov 27 2008, 01:54 PM richard_w_2002uk Sorry for the delay!!
Still getting the w... Nov 30 2008, 01:23 PM jpshortstuff This is a tricky one, very new so isn't detect... Dec 1 2008, 01:27 AM richard_w_2002uk Please don't apologise, I really appreciate yo... Dec 2 2008, 03:49 PM jpshortstuff Bear with me on this I am just going to consult so... Dec 3 2008, 01:07 AM jpshortstuff Hi
Let's check a file out.
You need to show... Dec 3 2008, 03:03 AM richard_w_2002uk Could be onto a winner here!!!!
... Dec 3 2008, 01:51 PM jpshortstuff Hi
Do'h! My apologies, that was staring ... Dec 3 2008, 04:57 PM richard_w_2002uk Done and done
Everything seems to be working r... Dec 4 2008, 02:03 PM jpshortstuff Glad things are back to normal, stay clean Dec 5 2008, 12:54 AM
jpshortstuff Since this issue appears to be resolved ... this T... Dec 5 2008, 12:54 AM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
4 | Azzy221 | 62 | 6 minutes ago Last post by: Azzy221 |
|||
|
 |
7 | shawnav | 185 | Today, 02:06 AM Last post by: ken545 |
||
|
5 | ladykrimson | 103 | Today, 01:16 AM Last post by: oldman960 |
|||
|
8 | ZeroMovement | 134 | Today, 12:39 AM Last post by: ZeroMovement |
|||
|
Time is now: 22nd March 2010 - 07:07 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
