-
I wouldnt worry about anything Avast finds on your linux partition. I dont see how it could even scan that partition being that its Avast for Windows.
for Win32:Hupigon-ONX, maybe a false positive
See this and its a very recent link
-
Well I was actually running Linux Avast to scan the windows partition. But no matter.
Thanks again!
-
I woudn't be to confident in results using a Linux app on a Windows install, or the other way around. did that thread in the Avast forum may any sense?
-
Yes it makes good sense. Even though it is an uncomfortable coincidence that it seems to have occurred at the same time as the infection, I also note that pagefile.sys is normally excluded from this scan because of false positives. (It is not excluded form a linux scan because there is no such file on linux of course)
So let's call it a false positive and a coincidence. I believe that means I'm clean now yes?
-
Why dont you post one more DDS log just for comparison, then we will call it quits.
-
Certainly! thanks for looking again.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tony at 16:47:03.92 on Thu 04/07/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2409 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Tony\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ApacheTomcatMonitor] "c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\linux and windows\
FF - prefs.js: browser.startup.homepage - file:///media/OS/documents/startpage.html
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-17 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-17 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-17 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110401.001\IDSXpx86.sys [2011-4-5 341944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-17 117640]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-10-9 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-10-9 112936]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-10 112512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-20 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110404.033\NAVENG.SYS [2011-4-5 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110404.033\NAVEX15.SYS [2011-4-5 1393144]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-10 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-5-10 41760]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-5-10 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-5-10 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-5-10 235840]
S0 ismmp;ismmp;c:\windows\system32\drivers\swwk.sys --> c:\windows\system32\drivers\swwk.sys [?]
S3 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-12-10 24636]
S3 Tomcat6;Apache Tomcat 6;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2009-5-14 57344]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-10-9 15656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-04-05 15:28:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2011-04-05 15:17:07 -------- d-----w- c:\docume~1\tony\applic~1\PCDr
2011-04-05 11:37:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-05 11:37:25 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-01 08:07:07 -------- d-sha-r- C:\cmdcons
2011-04-01 08:07:04 -------- d-----w- c:\windows\setup.pss
2011-04-01 08:06:29 -------- d-----w- c:\windows\setupupd
2011-04-01 07:38:31 98816 ----a-w- c:\windows\sed.exe
2011-04-01 07:38:31 89088 ----a-w- c:\windows\MBR.exe
2011-04-01 07:38:31 256512 ----a-w- c:\windows\PEV.exe
2011-04-01 07:38:31 161792 ----a-w- c:\windows\SWREG.exe
2011-03-31 11:08:51 -------- d---a-w- C:\firefox profile backup
2011-03-29 19:57:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 19:57:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-29 13:16:59 -------- d-----w- c:\docume~1\tony\applic~1\Malwarebytes
2011-03-29 13:16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 13:16:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-29 13:16:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 13:16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 15:47:12 -------- d-----w- c:\program files\eclipse
2011-03-12 10:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 10:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-10 13:41:57 -------- d-----w- c:\program files\iPod
2011-03-10 13:41:52 -------- d-----w- c:\program files\iTunes
2011-03-10 13:37:52 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-04-07 14:39:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-04-07 14:39:21 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-07 14:15:08 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-03-08 08:07:40 58288 ------w- c:\windows\system32\rpcnet.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 17:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 16:48:20.73 ===============
-
ok, looks good. You can remove combofix like this:
start>run and type in combofix /uninstall
click ok or enter
Note the space after the x and before the /
You can make a new restore point, the how and the why:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
everybody gets this;
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A slide show how to for securing Internet Explorer 8.0 for safer surfing. How to harden FireFox. for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything and be nothing but malware or have malware bundled in it. Can you really trust the source of the file?
More info/tips with pictures, links below
Happy Safe Surfing.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
