Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Serious Virus won't even let me search for help . . .

Reply
1 2 3 Last »

Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #11
Nov 14th, 2008
Oh yeah? What's the future like? Any flying cars yet? Oh that joke never gets old. So what country are you located in? I'm in the U.S.A. So, sometime in your recent past, I'll go through your steps and post the results. Okay, clearly I need to go to bed now. It's almost 4:00 AM here.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,989
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 756
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: Serious Virus won't even let me search for help . . .

 
0
  #12
Nov 14th, 2008
Western Australia. We only use our flying chariots on the weekend. I'll tell you the winning lotto numbers tomorrow
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #13
Nov 15th, 2008
I followed the first step regarding running hijackthis and marking those items you indicated and then clicking on "fix checked." But when I try to download SDFix, the virus won't allow that page to open. What can I do? I was going to try running the Malware removal in the hopes that that would enable me to download it so I could continue on, but I remembered I took a solemn oath to not do any additional steps.

Oh, and it would help if I had the winning lottery numbers yesterday, so I can play them tomorrow. Wait, does that make sense?

I was going to guess Australia. Did my username catch your eye?
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,989
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 756
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: Serious Virus won't even let me search for help . . .

 
0
  #14
Nov 15th, 2008
Originally Posted by inxs93 View Post
Did my username catch your eye?
Great group .


I have uploaded it for you.
Attached Files
File Type: zip SDFix.zip (1.80 MB, 61 views)
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #15
Nov 16th, 2008
Awesome group. But, as you can tell by my username, I'm rather biased. I have a bit of a, well, shrine, on my wall for lack of a better word. All of their autographs framed, with guitar picks, a drumstick, backstage pass, etc. Unfortunately I'll never get to meet Michael Hutchence.

And back to the task at hand. Thanks for uploading that file. You my friend, are a miracle worker! The slowdown appears to be gone, and google is no longer hijacked!

I'll post the logs below, but just so I can help prevent this from happening again, what do you recommend I use: IE7 or Firefox? I've heard good things about Firefox and that I should stay away from IE7, but that's all I've known and used for a long time. Also, what do you think about Kaspersky Anti-Virus 2009 versus Windows Live OneCare or any other program for that matter? Hopefully Kaspersky is good since I already opened it.

Hopefully this is the last of the virus. It sure was nasty. But you were amazing, and I never could have fixed it without your help, and for that, I am truly grateful. I'll wait and see if the logs revealed any more nasty surprises before I start the celebration though.

(I tried doing what you said about putting CODE tags around the SDFix log, but I'm not entirely sure I did it right. I hit the # sign icon that says "wrap [CODE] tags around selected text" and I'm not sure it did what it was supposed to. I did notice that it inserted a lot of emoticons in one part, and apparently the letter "d" became an emoticon, so I'm not sure how that happened. Let me know if I did something wrong and I'll be happy to try again. See, totally inept.)

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:41 PM, on 11/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Charlie Kierscht\Desktop\New Folder\Analysethis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195791662969
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7744 bytes



SDFIX Log

SDFix: Version 1.240 
Run by Administrator on Sat 11/15/2008 at 09:30 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\CHARLI~1\Desktop\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files : 

Trojan Files Found:

C:\WINDOWS\system32\TDSSnpvw.dll - Deleted
C:\WINDOWS\system32\TDSSierd.dat - Deleted
C:\WINDOWS\system32\TDSSofxh.log - Deleted


Could Not Remove C:\WINDOWS\system32\TDSSbvan.dll
Could Not Remove C:\WINDOWS\system32\TDSSurta.dll
Could Not Remove C:\WINDOWS\system32\TDSSaewi.dll
Could Not Remove C:\WINDOWS\system32\TDSSyyvb.dll



Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:51:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Charlie Kierscht\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"E:\\bin\\IA\\Core\\MDM_Util.exe"="E:\\bin\\IA\\Core\\MDM_Util.exe:*:Enabled:MDM_Util"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\system32\TDSSbvan.dll Found
C:\WINDOWS\system32\TDSSurta.dll Found
C:\WINDOWS\system32\TDSSaewi.dll Found
C:\WINDOWS\system32\TDSSyyvb.dll Found

File Backups: - C:\DOCUME~1\CHARLI~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 21 Jun 2005        45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sat  5 Jan 2008     4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Sat 30 Aug 2008         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  9 Jan 2007       165,376 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0003.tmp"
Tue 13 Apr 2004        36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0004.tmp"
Wed 10 Jan 2007        36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0005.tmp"
Tue 23 Nov 2004        25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0027.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0417.tmp"
Tue 23 Nov 2004        24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0507.tmp"
Mon 22 Nov 2004        25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0814.tmp"
Wed 21 Sep 2005        36,352 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL0943.tmp"
Tue 20 Sep 2005        29,184 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1087.tmp"
Wed 21 Sep 2005        38,912 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1307.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1392.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1441.tmp"
Tue 23 Nov 2004        24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1550.tmp"
Tue 23 Nov 2004        24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1591.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL1643.tmp"
Mon 22 Nov 2004        25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2298.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2452.tmp"
Wed 21 Sep 2005        34,816 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2628.tmp"
Mon  2 Jul 2007        38,400 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2648.tmp"
Tue 23 Nov 2004        24,064 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2655.tmp"
Mon  2 Apr 2007        81,408 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2713.tmp"
Mon 22 Nov 2004        25,088 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2777.tmp"
Thu 22 Sep 2005        41,984 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL2787.tmp"
Sat  7 Apr 2007        39,424 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3174.tmp"
Mon 22 Nov 2004        26,624 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3392.tmp"
Thu  7 Jul 2005        25,600 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3546.tmp"
Mon 22 Nov 2004        27,136 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\~WRL3814.tmp"
Mon 14 Mar 2005       299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe"
Mon 28 Feb 2005        61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.2\uinstrsc.dll"
Sat 14 Apr 2007        27,144 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R1E.tmp"
Sat 14 Apr 2007        27,640 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R20.tmp"
Sat 14 Apr 2007        26,440 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R22.tmp"
Sat 14 Apr 2007        14,128 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R24.tmp"
Sat 14 Apr 2007        25,820 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R26.tmp"
Sat 14 Apr 2007        23,468 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R28.tmp"
Sat 14 Apr 2007        23,456 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2A.tmp"
Sat 14 Apr 2007        27,440 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2C.tmp"
Sat 14 Apr 2007        28,596 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@R2E.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S1F.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S21.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S23.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S25.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S27.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S29.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2B.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2D.tmp"
Sat 14 Apr 2007         1,409 ...H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\Z@S2F.tmp"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 11 Jul 2003         1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu  6 Mar 2003         1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu  6 Mar 2003        12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Fri 11 Jul 2003        12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Mon 22 Nov 2004       303,104 ...H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\Microsoft\Word\~WRL3425.tmp"
Tue  9 Aug 2005       488,176 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\156f16c4104b0a36def834ec4ce48b9c\BIT25.tmp"
Tue 14 Feb 2006             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\438592bd0a35d9254fb9860cffa394f2\BITFE.tmp"
Wed 12 Oct 2005             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT698.tmp"
Tue  9 Aug 2005       494,832 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\99b05056a1cd02f2ee88def3c79553bb\BIT24.tmp"
Mon  9 Nov 1998         8,704 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL0701.tmp"
Sun  8 Nov 1998        26,112 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL1882.tmp"
Sun  8 Nov 1998        25,088 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Desktop\etc\Notes\Brief2.1\~WRL2390.tmp"
Tue 27 Nov 2007        24,663 ..SHR --- "C:\Documents and Settings\Charlie Kierscht\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe"
Mon 14 Aug 2006     1,070,008 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\321ca12b9fa3a6e84c5208a19d84f4b9\download\BIT1E9.tmp"
Thu 13 Nov 2008             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Thu 13 Nov 2008             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Thu 13 Nov 2008             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Thu 13 Nov 2008             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Thu 13 Nov 2008             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sun  8 Apr 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun  8 Apr 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun  8 Apr 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun  8 Apr 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Thu 17 May 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u8\lock.tmp"
Thu 18 Oct 2007             8 A..H. --- "C:\Documents and Settings\Charlie Kierscht\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u9\lock.tmp"
Fri 16 Mar 2007         1,004 ..SH. --- "C:\Documents and Settings\Charlie Kierscht\Local Settings\Application Data\NewSoft\PageManager\7.15.11A\Setting\PM65.BAK"

Finished!
Last edited by crunchie; Nov 16th, 2008 at 2:29 am.
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #16
Nov 16th, 2008
Oh, and after all of that, I forgot to ask if that error regarding SPRTCMD.EXE and LIBEAY32.DLL has anything to do with the virus. I still get that when the computer starts up. It's been doing that for at least a month now, and doesn't appear to have any effect on the computer as far as I can tell. but I suppose there's some reason for it. Maybe that's a whole other issue.
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #17
Nov 16th, 2008
So I did a little research on google, since I can now use it again, and I don't want to be totally useless, and read some interesting things regarding LIBEAY32.DLL and SPRTCMD.EXE and how they can be virus related, and I even saw something about the LIBEAY32.DLL being related to a program that captures keystrokes and screen captures and stuff, but that seemed isolated and may have been a scam to get you to download some other crap.

I also have two files, when I look at the properties it says "type of file: file" on my desktop that have been there for months, and I cannot delete them. The computer won't allow it. It says "cannot read from source." Not sure if that has anything to do with the problems or not.

Just trying to make sure there isn't something lurking waiting to rise up again.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 9,989
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 756
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is online now Online
Spyware Killer

Re: Serious Virus won't even let me search for help . . .

 
0
  #18
Nov 16th, 2008
Kaspersky or Nod32 if you wish to buy. I use Avast free edition and have never found a need to buy AV. Main reason for that is because I refuse to use Internet Explorer. My browser of choice is Opera and has been for the last 5-6 years.

==

I am not convinced your pc is yet clean.

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #19
Nov 18th, 2008
Yeah, unfortunately you're right. Google is hijacked again. It appears help sites are getting blocked, and the slowdown is returning.

Since the changes you had me made, I noticed that when I ran my Kodak Easyshare program, and it accessed the Internet for some update I'm assuming, and when I went to Facebook to upload some pictures, I had to install the pic uploader. But, I would assume both of those SHOULD be trustworthy.

I'll follow those steps and post the results.

Thanks.
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 31
Reputation: inxs93 is an unknown quantity at this point 
Solved Threads: 0
inxs93 inxs93 is offline Offline
Light Poster

Re: Serious Virus won't even let me search for help . . .

 
0
  #20
Nov 19th, 2008
Good grief. This stupid virus won't let me open either of those links. I can't do a right click and save as either. I'm starting to get really, really mad. Okay, madder than I was.
Reply With Quote Quick reply to this message  
Reply
1 2 3 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC