Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 18th, 2012, 10:30 pm

Askey127,

Thanks for that, I sent you a PM separately on another matter! Here is the log as requested:-

********************************** begin log **************************************
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f10a46830b7d69439bc3bd22dd8ec2f4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-19 02:05:48
# local_time=2012-06-18 07:05:48 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 888443 888443 0 0
# compatibility_mode=770 16774141 100 100 15299741 115853596 0 0
# compatibility_mode=5892 16776573 100 100 0 176672852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=417538
# found=1
# cleaned=0
# scan_time=6224
C:\Windower.34\FinalFisher\FinalFisher.exe probably a variant of Win32/Agent.GVUEPJO trojan (unable to clean) 00000000000000000000000000000000 I
********************************** end log **************************************

I know what the application is with the infection, and it is no longer used. I was about to say I can delete the entire folder structure starting at C:\Windower.34 when I noticed that the date on C:\Windower.34\FinalFisher (the folder itself) is 6/13/2012 while I know for sure that the folder has not been accessed since 12/17/2009 when C:\Windower.341 was installed and took over the duties. All other files and folders have dates from 2008 and 2009. Here is a DOS listing of the folder and it's contents:

DOS wrote: Directory of C:\Windower.34

04/26/2009 12:10 AM <DIR> .
04/26/2009 12:10 AM <DIR> ..
04/17/2009 03:37 PM <DIR> FFXI Crafter 2.0
06/13/2012 05:13 AM <DIR> FinalFisher
04/26/2009 12:10 AM <DIR> LogMod3
11/30/2009 01:41 AM <DIR> plugins
05/02/2010 08:01 PM <DIR> screenshots
07/23/2010 11:37 PM <DIR> scripts
0 File(s) 0 bytes

DOS wrote: Directory of C:\Windower.34\FinalFisher

06/13/2012 05:13 AM <DIR> .
06/13/2012 05:13 AM <DIR> ..
08/30/2010 10:36 PM 296,448 FinalFisher.exe
12/17/2009 04:44 PM 8,395 FinalFisherPreRelease.rar
04/11/2009 04:58 PM 98,304 WindowerHelper.dll
3 File(s) 403,147 bytes


If it helps, the entire folder structure under C:\Windower.34 - including the top level directory - can be deleted. I would have taken care of it, but something about that date tells me that something isn't right, so I'll bow to your expertise in this matter and leave it alone! (hides hands behind back!!)

Dave
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!
Advertisement
Register to Remove

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 19th, 2012, 7:19 am

daveyb,
I don't know whether FinalFisher might be installed by or related to Final fantasy in any way.
FinalFisher is known to phone home for updates. If it is still doing so, that may account for the file dates.

I would delete the entire folder tree, or transfer it temporarily to a flash drive, in case it turns out to be important for some obscure reason..
If you care, we can do a Reg search for FinalFisher and remove any startups or other references. Your call.

Your machine looks clean, but I can't explain why we get BSODs when using TFC or the [EMPTYTEMP] command in OTL.
I would go ahead and use cleanmgr on the "Start" command line and see if it can clean up the C: drive without a BSOD.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 19th, 2012, 8:29 pm

OK, cleanmgr ran without error. I'll delete finalfisher completely - its a 3rd party utility for keeping track of fishing in Final Fantasy, so it won't break anything.

I think you can close this ticket for now, if anything else comes up I will open a new ticket.

Thanks for your patience and help with this! It is much appreciated!

Dave
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 20th, 2012, 7:48 am

As an aside, found out what was going on with those BSODs.
It was a change in OTL and TFC.
If you erase your copies, and download new copy of TFC, it should work fine.
It's very thorough at cleaning. Keep it and use it every week or so.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby daveyb » June 20th, 2012, 8:56 pm

Thanks for following through with that, I've deleted all the downloaded software and re-downloaded TFC - it ran flawlessly this time!

Thanks again!

DaveyB
User avatar
daveyb
Regular Member
 
Posts: 90
Joined: June 13th, 2012, 6:56 pm
Location: Somewhere warm and sunny!

Re: DDS Unavailable, CainAbel.AA PSWTool.RAS.A Agent.GVUEPJO

Unread postby askey127 » June 21st, 2012, 6:56 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware