Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible trojan virus infection, please help me.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 26th, 2009, 12:29 pm

Disable ALL Anti-virus & Anti-spyware programs. Start GMER again, but this time un-check the Devices check box then try to run the scan. If it runs, post me the log.
Close all browser windows & don't run any programs while Gmer is scanning
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 29th, 2009, 4:39 am

Hi, thanks for the hint. here is the log


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-29 09:38:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT spun.sys ZwCreateKey [0xB9EAA0E0]
SSDT AECE6054 ZwCreateThread
SSDT spun.sys ZwEnumerateKey [0xB9EC7CA2]
SSDT spun.sys ZwEnumerateValueKey [0xB9EC8030]
SSDT spun.sys ZwOpenKey [0xB9EAA0C0]
SSDT AECE6040 ZwOpenProcess
SSDT AECE6045 ZwOpenThread
SSDT spun.sys ZwQueryKey [0xB9EC8108]
SSDT spun.sys ZwQueryValueKey [0xB9EC7F88]
SSDT spun.sys ZwSetValueKey [0xB9EC819A]
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA513CF20]
SSDT AECE604A ZwWriteVirtualMemory

INT 0x62 ? 8A911BF8
INT 0x63 ? 8A605BF8
INT 0x63 ? 8A605BF8
INT 0x63 ? 8A605BF8
INT 0x82 ? 8A911BF8
INT 0x83 ? 8A914BF8
INT 0x83 ? 8A605BF8
INT 0x83 ? 8A914BF8
INT 0x84 ? 8A605BF8
INT 0xA4 ? 8A605BF8
INT 0xB4 ? 8A911BF8
INT 0xB4 ? 8A911BF8
INT 0xB4 ? 8A605BF8
INT 0xB4 ? 8A911BF8

---- Kernel code sections - GMER 1.0.14 ----

? spun.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8FFF62C 5 Bytes JMP 8A6051D8
.text a0rv5fe5.SYS B8EFE384 1 Byte [ 20 ]
.text a0rv5fe5.SYS B8EFE386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a0rv5fe5.SYS B8EFE3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a0rv5fe5.SYS B8EFE3C4 3 Bytes [ 00, 00, 00 ]
.text a0rv5fe5.SYS B8EFE3C9 1 Byte [ 00 ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAB046] spun.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAB142] spun.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAB0C4] spun.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAB7CE] spun.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAB6A4] spun.sys
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\a0rv5fe5.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x0E 0x11 0x88 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xC0 0x62 0x78 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x13 0xA3 0x52 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xF5 0x6A 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x51 0x28 0x19 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x16 0xBC 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x0E 0x11 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0xC0 0x62 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF5 0xF6 0x5B 0xE9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xF5 0x6A 0xFF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x51 0x28 0x19 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0x16 0xBC 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xE2 0xE4 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x7D 0xC2 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x5D 0xAB 0x61 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0xE2 0xE4 0x07 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x7D 0xC2 0x9F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x5D 0xAB 0x61 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION B0A37BE125709858BA9218F611DD20AA02255BC1EB9DE18A74006A81796443BDEBA040F93D34915B1D7B3A6137AD169D1EF72A1AADAA2E8CF43C00430738FEEA3BC07C9035CDB1824FBB7AFA2FE340329DD6473CFCD359D6683C8396508449FB32E99D78316E79642F5F596635EB035BC390E1344F57C8DB9BB37516A37EA600C85517FA78E0324C7A45D837ABC187C139C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808BA7FD869164D6794CA38809CC21AC92181AC8D2AA3F379BC16F5DB866495B35EC2D1F0662F2CDC1BEF0295B553911C52FAF8D8AD8BE420E68ED11330626EEA41052483FE1BD0BA3166997AB5B48F7A8BE45E949D79E5C1AD7C5D054E17E86C3D154AED1C52FB39473800CE5CC5947BA2592D79EFACD2E0ADAD5224AA44DF43D30F89FB7DB92789E5F427D5FCA8D91B447AA564ADA841E1D7F25F85A26EE55D57169E9B76760245E32FF8770145C8BB6D68FAD4F237F78F6E2025632A5FBD8D724FB7DE6DF1EC6770FCD1C0664600A0714D5871F1647215890EBA1BC6A4E0892263787E5E5B7B4E8D7A7FDF391B527277D4DA0370FE6185169A2B30130E7B6BB501775458A4F93E11C4C72B217645BD7A2D11F4479C27D6522471463C32ED335259BF5F7F846

---- EOF - GMER 1.0.14 ----
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 29th, 2009, 7:17 am

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirSCAN or VirusTotal
(Just use one or the other. No need to use both.)

If you use VirSCAN click Browse
In the File Upload box that opens navigate to C:\Windows\System32\Drivers\a0rv5fe5.SYS, & double click on a0rv5fe5.SYS
Then click Upload
Wait for scans to finish then copy & paste the results into your next reply

If you use VirusTotal click Browse
In the Choose File box that opens navigate to C:\Windows\System32\Drivers\a0rv5fe5.SYS, & double click on a0rv5fe5.SYS
Then click Send File
Wait for scans to finish then copy & paste the results into your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby NonSuch » February 4th, 2009, 7:42 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware