Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected by Torpig

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected by Torpig

Unread postby tartunta » May 7th, 2011, 9:06 am

I got a message from my internet operator that my computer is infected by torpig virus. They have now closed my internet connection because of this virus. I am able to write this message from my workplace. I have scanned my computer with several anti-virus programs and haven't been able to remove or even find the virus. I hope you can help me with my problem.

Here's the logs from dds:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Olli at 14:04:46,93 on la 07.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.3070.2422 [GMT 3:00]
.
AV: F-Secure Client Security 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Olli.LISSU\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\olli~1.lis\startm~1\programs\startup\gigaby~1.lnk - c:\docume~1\olli~1.lis\applic~1\microsoft\installer\{d27bdb5d-3b4c-44f0-a648-bd00b0e79b39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/ ... /CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\olli~1.lis\applic~1\mozilla\firefox\profiles\ziloxyax.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/
FF - component: c:\documents and settings\olli.lissu\application data\mozilla\firefox\profiles\ziloxyax.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\olli.lissu\application data\mozilla\firefox\profiles\ziloxyax.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-4-21 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-2-25 80080]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-4-21 68144]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2008-2-25 219824]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2010-11-29 14416]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-2-1 65536]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2008-2-25 130728]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2008-2-25 166576]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-4-21 63992]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 i1;i1 Pro;c:\windows\system32\drivers\i1.sys [2010-11-29 26045]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2009-10-15 22232]
S3 RDID1093;UM-1G;c:\windows\system32\drivers\Rdwm1093.sys [2010-8-29 60672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2008-2-25 39856]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2008-2-25 25264]
.
=============== Created Last 30 ================
.
2011-05-02 19:36:03 -------- d-----w- c:\program files\iPod
2011-05-02 19:36:00 -------- d-----w- c:\program files\iTunes
2011-05-02 19:31:15 -------- d-----w- c:\program files\Bonjour
2011-04-29 21:02:03 -------- d-----w- c:\windows\system32\KB905474
2011-04-29 19:26:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-29 19:26:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-29 19:26:15 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-29 19:26:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-29 19:26:15 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-29 19:26:15 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-29 19:26:15 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-29 19:26:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-27 07:42:32 388096 ----a-r- c:\docume~1\olli~1.lis\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-27 07:42:31 -------- d-----w- c:\program files\Trend Micro
2011-04-26 15:50:31 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2011-04-26 15:39:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-26 15:39:57 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-04-21 17:25:04 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-04-21 17:23:44 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\fssg
2011-04-20 19:45:58 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Emotum
2011-04-20 19:45:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Elisa
2011-04-14 00:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-11 22:29:07 -------- d-----w- c:\docume~1\olli~1.lis\applic~1\Malwarebytes
2011-04-11 22:28:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 22:28:57 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-04-11 22:28:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 22:28:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-04-06 13:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 13:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 13:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 13:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 14:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 14:05:05,81 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7.5.2005 18:24:05
System Uptime: 7.5.2011 12:46:59 (2 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | IP35-E (Intel P35+ICH7)
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2244/204mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 67,037 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 152 GiB total, 126 GiB free.
F: is FIXED (FAT32) - 149 GiB total, 46,694 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 768,408 GiB free.
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP773: 29.4.2011 0:12:33 - System Checkpoint
RP774: 29.4.2011 0:24:26 - Software Distribution Service 3.0
RP775: 30.4.2011 0:01:41 - Software Distribution Service 3.0
RP776: 1.5.2011 13:44:55 - System Checkpoint
RP777: 2.5.2011 13:59:35 - System Checkpoint
RP778: 6.5.2011 0:29:32 - Software Distribution Service 3.0
RP779: 7.5.2011 13:05:45 - System Checkpoint
.
==== Installed Programs ======================
.
888poker
AC3Filter (remove only)
ACID Pro 7.0
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Digital Editions
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 3.3
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARIA Engine v1.0.6.5
ASIO4ALL
AutoUpdate
AVS DVD Player version 2.4
BitTorrentBar Toolbar
Bonjour
Cake Poker
CCleaner
CDBurnerXP
Conduit Engine
Connect
CoreVorbis Audio Decoder (remove only)
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Direct Show Ogg Vorbis Filter (remove only)
DivX Player
DivX Pro Trial
DNA
Eye-One Match 3.6.2
EZdrummer Lite Installer
F-Secure Client Security - DeepGuard
F-Secure Client Security - Internet-suojaus
F-Secure Client Security - Selaussuojaus
F-Secure Client Security - Sähköpostin tarkistus
F-Secure Client Security - Web-liikenteen tarkistus
F-Secure Client Security - Virus- ja vakoilusuojaus
F-Secure PSC Prerequisites
ffdshow (remove only)
FileZilla Client 3.3.0.1
FL Studio 9
Full Tilt Poker
GEAR 32bit Driver Installer
Hardcore
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huffyuv AVI lossless video codec (Remove Only)
i1_driver_installer_utility_i1Match version 1.0
i1Diagnostics
ICM Trainer Light
IL Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Korg Kontrol Editor
KORG USB-MIDI Driver Tools for Windows
kuler
Last.fm 1.5.1.29527
Logitech Harmony Remote Software
Malwarebytes' Anti-Malware
MansionPoker
Marvell Miniport Driver
microKORG SoundEditor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mixed In Key 4
MixMeister Studio 7.2.2
Mixxx 1.7.2
Morgan Stream Switcher
Mozilla Firefox 4.0.1 (x86 fi)
MSXML 6.0 Parser (KB933579)
Multimedia Xplorer 2
Native Instruments Service Center
Nero - Burning Rom
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 2.3
OpenVPN 2.1_rc4-gui-1.0.3
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PoiZone
PokerStrategy Equilator
PokerStrategy.com Elephant
PostgreSQL 8.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Reason 5.0
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Civilization 4
Skype™ 4.2
Spotify
Suite Shared Configuration CS4
System Requirements Lab
Titan Poker
Toxic Biohazard
UM-1G Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
VGA Utility
VideoLAN VLC media player 0.8.6f
William Hill Poker
Winamp
Winamp Toolbar for Firefox
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Liven valokuvavalikoima
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
7.5.2011 13:32:46, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7.5.2011 13:02:46, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6.5.2011 0:28:13, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
30.4.2011 0:06:16, error: Service Control Manager [7000] - The TVICHW32 service failed to start due to the following error: The system cannot find the file specified.
30.4.2011 0:06:09, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
2.5.2011 8:32:47, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
.
==== End Of File ===========================
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am
Advertisement
Register to Remove

Re: Infected by Torpig

Unread postby Alander » May 10th, 2011, 4:11 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 10th, 2011, 4:59 am

Hi Alander!

Thank you for your help. There might also be some delay in my posts since I can't use the internet at home because of this malware.
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Alander » May 11th, 2011, 9:12 am

Hi tartunta, don't worry but take note that you must reply within 72 hours or your topic will be locked due to lack of activity

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrentBar Toolbar

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Conduit Engine, as part of uTorrent and BitTorrent toolbar, hijacks the homepage in FireFox.
  • In general, toolbars that use the Conduit Engine have a reputation for bundling adware.


Poker sites
Online Poker sites are well known for placing all manner of Internet parasites on their visitors' computers and continue to do so. In a lot of cases, these Poker plugins are also getting installed without your asking for it. You can read Poker gamers targeted by a rootkit backdoor regarding the risk involved with visiting the Poker games web sites. Some Poker sites are related to criminal offense, you can read them Sites charged with gambling offenses A safe alternatives is Pogo.com.
Remove the following programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
    888Poker
    CakePoker
    Full Tilt Poker
    MansionPoker
    PokerStrategy Equilator
    PokerStrategy.com Elephant
    Titan Poker
    William Hill Poker
    BitTorrentBar Toolbar
    Conduit Engine

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Do you know of the following programs installed on your computer?
DNA
Hardcore


Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 12th, 2011, 5:11 am

Hi!

I Removed the bittorrent toolbar. When I was trying to remowe the Conduit Engine it said "problem removing, might be already removed". So I think it was remowed when I uninstalled bittorrent. I remowed all the poker programs which I don't use anymore but I left PokerStrategy Equilator, PokerStrategy.com Elephant and William Hill Poker. I trust all these programs and they haven't caused me any problems. None of these programs have been associated with any criminal activity. These softwares are totally legitimate and it is legal to play internet poker in Finland where I live.

DNA is part of bittorrent and I removed it.
Hardcore is a music software made by imageline so it's legitimate.

Here's the CKScanner text file:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.BD.11
----- EOF -----
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Alander » May 12th, 2011, 8:58 pm

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.
Adobe premiere pro cs4

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system, then run CKScanner again and post the new log.

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to closed this thread.

Reset Host File

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: (Do not include the word Code:)
    Code: Select all
    @Echo off
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    del %0
  • Go to File >> Save As.
  • Save File name as FixHosts.bat
  • Change Save as Type to All Files and save the file to your Desktop.
Now double click on the desktop FixHosts.bat to run the batch file. It will self-delete when completed.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby Alander » May 15th, 2011, 9:29 am

Hi It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 16th, 2011, 4:34 am

Hi!

Sorry I haven't been able to access the internet during weekend. I Will do these operations today. How long do you think it takes to make the computer clean this way? I have started to consider that I might just make some backups, format c and install windows again.
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Alander » May 17th, 2011, 12:53 am

Hi, I am unable to give u an answer on how long it will take to clean your computer, as I am still uncertain on what you are infected with at this point of time (Torpig might just be 1 of them, there might be others things amongst this nasty virus).

As you have pointed out, your ISP has identified you that you have Torpig which is also known as Sinowal trojan, this trojan has a backdoor capability

BACKDOOR TROJAN
Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous


You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.


How do I respond to a possible identity theft and how do I prevent it


Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 18th, 2011, 4:17 am

Hi!

I asked because I see no reason to first search the virus from the computer for over 2 weeks and then end up to format it anyway. I think I will just do back up from the files and re-install windows. Does it format the hard-drive well enough if I install windows again or should I format the hard drives with some kind of boot cd?

Heres the ckfiles.txt you asked:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Alander » May 19th, 2011, 8:11 am

Hi, installing the OS with the windows operating disc will suffice, if you encounter any problems during your reinstallation, you can visit Tech Support Guys for help

How to keep yourself safe after reinstallation
Update internet explorer 9

You can find information and install IE 9 from Here

Update Firefox
  • Your version of Firefox is outdated.
  • In the Firefox browser click Help > Check for updates to install the latest version.


Here are some free programs I recommend that could help you improve your computer's security.
Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Please read the article below which will give you a few suggestions for how to minimize your chances of getting another infection.
Computer Security - a short guide to staying safer online

Also please read this great article How to prevent Malware by miekiemoes.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 19th, 2011, 8:39 am

Thank you for your help! I Think I can follow these instructions. I have one more question.

I have two internal hard disks and one external. Is it enough that I format the C: hard drive, or can there be some infections also in the root of the other hard drives? Is it a good idea if I:

1. Move all my back up files to the external hard drive, then format both internal hard drives
2. Install windows again
3. Move back up files from the external hard drive to the internal hard drive and format the external hard drive

Is this smart or just waste of time?
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Alander » May 20th, 2011, 8:26 am

Hi, you don't need to format your non system drives, formatting the C:\ drive would suffice

However, what I would suggest is that you scan all non system drives (Note not C:\) and external drives with your F-Secure Anti-virus and Malwarebytes Anti malware to remove infected files (if any), following a backup of your files

if you feel that you need more scan u can visit ESET online for a second opinion of your non system drives, but this in my opinion is optional

Once done, you can just format your C:\ drive
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Infected by Torpig

Unread postby tartunta » May 20th, 2011, 8:56 am

Hi!

Thank you for all your help! I will install windows again this weekend. You can close the topic.

All the best,
Olli
tartunta
Active Member
 
Posts: 7
Joined: May 6th, 2011, 9:19 am

Re: Infected by Torpig

Unread postby Carolyn » May 21st, 2011, 9:43 am

As the resolution of this issue involves a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 482 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware