Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

win poly 32

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

next step

Unread postby lynjeff22 » October 14th, 2007, 8:22 pm

ComboFix 07-10-12.4 - Jeff 2007-10-14 19:15:06.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\prx.exe
C:\WINDOWS\system32\h.exe
C:\WINDOWS\system32\wkssvc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\prx.exe
C:\WINDOWS\system32\wkssvc.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 19:06 225,509 --a------ C:\WINDOWS\system32\ifspcag.exe
2007-10-14 19:03 225,509 --a------ C:\WINDOWS\system32\fokjbzskezsc.exe
2007-10-14 18:54 225,509 --a------ C:\WINDOWS\system32\ojqnbfddki.exe
2007-10-14 18:19 225,509 --a------ C:\WINDOWS\system32\uckif.exe
2007-10-13 15:31 224,655 --a------ C:\WINDOWS\system32\wkc.exe
2007-10-12 06:23 224,655 --a------ C:\WINDOWS\system32\mfjqxf.exe
2007-10-12 00:33 224,655 --a------ C:\WINDOWS\system32\qkxtv.exe
2007-10-12 00:31 224,655 --a------ C:\WINDOWS\system32\ywe.exe
2007-10-11 21:43 224,655 --a------ C:\WINDOWS\system32\cmeq.exe
2007-10-11 20:42 224,655 --a------ C:\WINDOWS\system32\cqwnhhguqu.exe
2007-10-11 20:05 224,655 --a------ C:\WINDOWS\system32\fjv.exe
2007-10-11 19:56 226,914 --a------ C:\WINDOWS\system32\zkn.exe
2007-10-11 19:45 226,914 --a------ C:\WINDOWS\system32\brkq.exe
2007-10-11 07:59 226,914 --a------ C:\WINDOWS\system32\ijdpafam.exe
2007-10-11 07:28 226,914 --a------ C:\WINDOWS\system32\lcvbb.exe
2007-10-10 11:57 <DIR> d--hs---- C:\WINDOWS\SmVmZiBKb2huc29u
2007-10-10 11:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-09 14:29 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 11:34 <DIR> d-------- C:\Program Files\Temporary
2007-10-07 14:07 104,448 --a------ C:\WINDOWS\system32\gluynfh.exe
2007-10-07 10:06 104,448 --a------ C:\WINDOWS\system32\iyl.exe
2007-10-07 06:04 104,448 --a------ C:\WINDOWS\system32\awmnhcduwn.exe
2007-10-06 14:42 <DIR> d-------- C:\Program Files\iTunes
2007-10-04 20:02 104,448 --a------ C:\WINDOWS\system32\vtcebxpe.exe
2007-10-04 16:11 104,448 --a------ C:\WINDOWS\system32\vwvgthpj.exe
2007-10-04 02:29 104,448 --a------ C:\WINDOWS\system32\blyxcffzwem.exe
2007-10-03 07:48 104,448 --a------ C:\WINDOWS\system32\mijic.exe
2007-10-02 20:17 104,448 --a------ C:\WINDOWS\system32\rpdi.exe
2007-09-28 08:43 104,448 --a------ C:\WINDOWS\system32\oymtqvmmmssj.exe
2007-09-28 07:55 104,448 --a------ C:\WINDOWS\system32\mewi.exe
2007-09-27 03:49 104,448 --a------ C:\WINDOWS\system32\xozzotc.exe
2007-09-26 21:14 104,448 --a------ C:\WINDOWS\system32\uqxls.exe
2007-09-26 20:58 104,448 --a------ C:\WINDOWS\system32\ojfw.exe
2007-09-22 14:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-22 09:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-17 17:15 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\U3
2007-09-17 01:28 <DIR> d--h----- C:\system32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 19:42 --------- d-----w C:\Program Files\iPod
2007-10-04 00:01 --------- d-----w C:\Program Files\SpyZooka
2007-09-26 21:06 --------- d-----w C:\Program Files\Apple Software Update
2007-09-19 01:36 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 11:18 --------- d-----w C:\Documents and Settings\JJ\Application Data\tunebite
2007-08-28 02:15 --------- d-----w C:\Program Files\The Odyssey Online Classic
2007-08-26 22:59 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Apple Computer
2007-08-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 00:15 --------- d-----w C:\Program Files\AIM
2007-08-20 00:15 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Aim
2007-08-20 00:14 --------- d-----w C:\Program Files\AOD
2007-08-16 07:59 29,745 ----a-w C:\booterhelp.exe
2007-08-15 02:19 --------- d-----w C:\Program Files\Maxis
2007-08-14 06:48 89,088 ----a-w C:\upload2.exe
2007-08-14 06:43 89,088 ----a-w C:\uploadx.exe
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2005-11-06 00:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-31 22:36:06 89,600 --sh--r C:\WINDOWS\Help\msiexec.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\SmVmZiBKb2huc29u\mApAt214vZ1RwZ6R.vbs
2007-02-12 15:02:23 992,569 --sha-w C:\WINDOWS\system32\dccdd.bak1
2007-02-14 00:19:59 997,560 --sh--w C:\WINDOWS\system32\dccdd.bak2
2007-02-10 14:24:57 994,338 --sha-w C:\WINDOWS\system32\ppqss.bak1
2007-02-11 21:15:08 990,485 --sha-w C:\WINDOWS\system32\ppqss.bak2
2007-02-12 12:42:27 993,793 --sha-w C:\WINDOWS\system32\ppqss.ini2
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\system32 ----

2007-09-17 01:28 69120 ---h----- C:\system32\nsmss.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Microsoft (R) Windows Network Service Monitor"="C:\system32\nsmss.exe" [2007-09-17 01:28]
"Microsoft Spooler"="wkssvc.exe" []
"ojfw"="C:\WINDOWS\system32\ojfw.exe" [2007-09-26 20:59]
"rpdi"="C:\WINDOWS\system32\rpdi.exe" [2007-10-02 20:17]
"vtcebxpe"="C:\WINDOWS\system32\vtcebxpe.exe" [2007-10-04 20:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"lcvbb"="C:\WINDOWS\system32\lcvbb.exe" [2007-10-11 07:28]
"fjv"="C:\WINDOWS\system32\fjv.exe" [2007-10-11 20:05]
"mfjqxf"="C:\WINDOWS\system32\mfjqxf.exe" [2007-10-12 06:23]
"wkc"="C:\WINDOWS\system32\wkc.exe" [2007-10-13 15:31]
"uckif"="C:\WINDOWS\system32\uckif.exe" [2007-10-14 18:19]
"ojqnbfddki"="C:\WINDOWS\system32\ojqnbfddki.exe" [2007-10-14 18:54]
"fokjbzskezsc"="C:\WINDOWS\system32\fokjbzskezsc.exe" [2007-10-14 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Okexob"="C:\Documents and Settings\Jeff\Application Data\A?pPatch\m?config.exe" []
"Zpsit"="C:\Program Files\Common Files\??sembly\?hkdsk.exe" []
"Mdnsw"="C:\WINDOWS\system32\?icrosoft.NET\??erinit.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"h"=C:\WINDOWS\system32\h.exe
"ojfw"=C:\WINDOWS\system32\ojfw.exe
"rpdi"=C:\WINDOWS\system32\rpdi.exe
"vtcebxpe"=C:\WINDOWS\system32\vtcebxpe.exe
"lcvbb"=C:\WINDOWS\system32\lcvbb.exe
"fjv"=C:\WINDOWS\system32\fjv.exe
"mfjqxf"=C:\WINDOWS\system32\mfjqxf.exe
"wkc"=C:\WINDOWS\system32\wkc.exe
"uckif"=C:\WINDOWS\system32\uckif.exe
"ojqnbfddki"=C:\WINDOWS\system32\ojqnbfddki.exe
"fokjbzskezsc"=C:\WINDOWS\system32\fokjbzskezsc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 Win_MSI-Installer;WINDOWS MSI Installer Application;"C:\WINDOWS\help\msiexec.exe"
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S2 LogBusDrv;Logical Bus Drive;"C:\WINDOWS\system32\lsmvc.exe"
S2 nsmss;Windows Network Service Monitor;C:\system32\nsmss.exe
S2 yiuyym7aj;Print Spooler Service;C:\WINDOWS\system32\ifspcag.exe /service
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825fe160-656b-11dc-a65c-000bdbc2244a}]
AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 19:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 19:18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 19:19:42
C:\ComboFix-quarantined-files.txt ... 2007-09-22 15:02
C:\ComboFix2.txt ... 2007-10-14 19:07
C:\ComboFix3.txt ... 2007-09-22 15:02
.
--- E O F ---
lynjeff22
Active Member
 
Posts: 12
Joined: August 30th, 2007, 10:42 am
Advertisement
Register to Remove

step 2

Unread postby lynjeff22 » October 14th, 2007, 8:38 pm

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: upload2.exe
Status: INFECTED/MALWARE
MD5: dfe8a6a5dbc0ceab6ad79c675fa4f6d2
Packers detected: PELOCK
Bit9 reports: File not found

Scanner results
Scan taken on 15 Oct 2007 00:36:16 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.SdBot.aad
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.aad
NOD32 Found nothing
Norman Virus Control Found W32/Hupigon.gen76
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: 联想闪存盘应用软件使用手册.exe (MD5: ba757f39d1e5ab1d866e1bbdd6e225ec, size: 65536 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/VB.adu.1
ArcaVir Trojan.Vb.Adu
Avast Win32:Trojan-gen. {VB}
AVG Antivirus Generic.DGM
BitDefender Trojan.ShutDown.VB.A
ClamAV X
CPsecure X
Dr.Web Trojan.Share
F-Prot Antivirus W32/Trojan.CDA
F-Secure Anti-Virus Trojan.Win32.VB.adu
Fortinet W32/VB.ADU!tr
Kaspersky Anti-Virus Trojan.Win32.VB.adu
NOD32 Win32/VB.AFD
Norman Virus Control W32/Agent.MFG
Panda Antivirus Trj/VB.MD
Rising Antivirus Trojan.VB.tvp
Sophos Antivirus Troj/VB-ADU
VirusBuster Trojan.VB.DWK
VBA32 Trojan.Win32.VB.adu


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>
lynjeff22
Active Member
 
Posts: 12
Joined: August 30th, 2007, 10:42 am

more info

Unread postby lynjeff22 » October 14th, 2007, 8:40 pm

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: booterhelp.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: eadad8a745038d8df45757b257f312c8
Packers detected: FSG
Bit9 reports: File not found

Scanner results
Scan taken on 15 Oct 2007 00:39:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.CFI.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Generic.Malware.IBwdld.97717D28
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.IRC.Trojan (probable variant)
F-Prot Antivirus Found Possibly a new variant of W32/Downloader-disguised-based!Maximus
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found Suspicious_F.gen
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Heuri-D
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: server.rar (MD5: a4b2927c095d553420d3c8355953ac34, size: 213330 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir Worm.Sohanad.Aw
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>
lynjeff22
Active Member
 
Posts: 12
Joined: August 30th, 2007, 10:42 am

once again

Unread postby lynjeff22 » October 14th, 2007, 8:41 pm

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: booterhelp.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: eadad8a745038d8df45757b257f312c8
Packers detected: FSG
Bit9 reports: File not found

Scanner results
Scan taken on 15 Oct 2007 00:39:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.CFI.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Generic.Malware.IBwdld.97717D28
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found DLOADER.IRC.Trojan (probable variant)
F-Prot Antivirus Found Possibly a new variant of W32/Downloader-disguised-based!Maximus
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found Suspicious_F.gen
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Heuri-D
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: server.rar (MD5: a4b2927c095d553420d3c8355953ac34, size: 213330 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir Worm.Sohanad.Aw
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>
lynjeff22
Active Member
 
Posts: 12
Joined: August 30th, 2007, 10:42 am

next thing on the list

Unread postby lynjeff22 » October 15th, 2007, 7:18 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:15:12 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\help\msiexec.exe
C:\system32\nsmss.exe
C:\WINDOWS\system32\fokjbzskezsc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\system32\nsmss.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Service Monitor] C:\system32\nsmss.exe
O4 - HKLM\..\Run: [Microsoft Spooler] wkssvc.exe
O4 - HKLM\..\Run: [ojfw] C:\WINDOWS\system32\ojfw.exe
O4 - HKLM\..\Run: [rpdi] C:\WINDOWS\system32\rpdi.exe
O4 - HKLM\..\Run: [vtcebxpe] C:\WINDOWS\system32\vtcebxpe.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lcvbb] C:\WINDOWS\system32\lcvbb.exe
O4 - HKLM\..\Run: [fjv] C:\WINDOWS\system32\fjv.exe
O4 - HKLM\..\Run: [mfjqxf] C:\WINDOWS\system32\mfjqxf.exe
O4 - HKLM\..\Run: [wkc] C:\WINDOWS\system32\wkc.exe
O4 - HKLM\..\Run: [uckif] C:\WINDOWS\system32\uckif.exe
O4 - HKLM\..\Run: [ojqnbfddki] C:\WINDOWS\system32\ojqnbfddki.exe
O4 - HKLM\..\Run: [fokjbzskezsc] C:\WINDOWS\system32\fokjbzskezsc.exe
O4 - HKLM\..\RunServices: [h] C:\WINDOWS\system32\h.exe
O4 - HKLM\..\RunServices: [ojfw] C:\WINDOWS\system32\ojfw.exe
O4 - HKLM\..\RunServices: [rpdi] C:\WINDOWS\system32\rpdi.exe
O4 - HKLM\..\RunServices: [vtcebxpe] C:\WINDOWS\system32\vtcebxpe.exe
O4 - HKLM\..\RunServices: [lcvbb] C:\WINDOWS\system32\lcvbb.exe
O4 - HKLM\..\RunServices: [fjv] C:\WINDOWS\system32\fjv.exe
O4 - HKLM\..\RunServices: [mfjqxf] C:\WINDOWS\system32\mfjqxf.exe
O4 - HKLM\..\RunServices: [wkc] C:\WINDOWS\system32\wkc.exe
O4 - HKLM\..\RunServices: [uckif] C:\WINDOWS\system32\uckif.exe
O4 - HKLM\..\RunServices: [ojqnbfddki] C:\WINDOWS\system32\ojqnbfddki.exe
O4 - HKLM\..\RunServices: [fokjbzskezsc] C:\WINDOWS\system32\fokjbzskezsc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Okexob] "C:\Documents and Settings\Jeff\Application Data\A?pPatch\m?config.exe"
O4 - HKCU\..\Run: [Zpsit] "C:\Program Files\Common Files\??sembly\?hkdsk.exe"
O4 - HKCU\..\Run: [Mdnsw] C:\WINDOWS\system32\?icrosoft.NET\??erinit.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff\Start Menu\Programs\imvu\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1232133247
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1232119231
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logical Bus Drive (LogBusDrv) - Unknown owner - C:\WINDOWS\system32\lsmvc.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows Network Service Monitor (nsmss) - Unknown owner - C:\system32\nsmss.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WINDOWS MSI Installer Application (Win_MSI-Installer) - Unknown owner - C:\WINDOWS\help\msiexec.exe
O23 - Service: Print Spooler Service (yiuyym7aj) - Unknown owner - C:\WINDOWS\system32\ifspcag.exe
lynjeff22
Active Member
 
Posts: 12
Joined: August 30th, 2007, 10:42 am

Unread postby Kairis » October 25th, 2007, 12:09 pm

I apologize for the delay getting to your log :oops:

    Please re scan ComboFix.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Then make a new scan with HijackThis, thanks.

After you have completed the above, please provide:
* Combofix log (C:\Combofix.txt)
* new HijackThis log
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby askey127 » November 9th, 2007, 7:34 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 372 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware