PDA

View Full Version : I Beez Infected


benjira
2008-01-05, 02:35
Hello Folks

My first post to this particular forum,I hope I don't need to come here a lot. I am trying to get rid of a few little nasty beasts belonging to the Vundo Virus They are as follows.

Troj_dloader.sxr
Trojan.Muldrop.10006
Trojan.EzulaAdd
Etc....

I have scanned with the following.

System Suite
Avast
Cure It
VundoFix
SDFix
SuperAntiSpyware
ETC......

Still can't get the monkey off of my back.


Here is my hijack this Log

Any direction would be truly appreciated.

Thanks in advance.

Benjira







Logfile of HijackThis v1.99.1
Scan saved at 7:18:19 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOZE\System32\smss.exe
C:\WINDOZE\system32\winlogon.exe
C:\WINDOZE\system32\services.exe
C:\WINDOZE\system32\lsass.exe
C:\WINDOZE\system32\svchost.exe
C:\WINDOZE\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOZE\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOZE\system32\spoolsv.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOZE\SOUNDMAN.EXE
C:\Documents and Settings\Administrator.BRUCEHOME\Desktop\STUFF\VundoFix.exe
C:\Documents and Settings\Administrator.BRUCEHOME\Desktop\STUFF\MSNCleaner.exe
C:\WINDOZE\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: {6ce74b6f-3b18-0ee9-0484-8b94a8a8ee22} - {22ee8a8a-49b8-4840-9ee0-81b3f6b47ec6} - C:\WINDOZE\system32\uflxsuds.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: (no name) - {A6E50BB9-B829-49C8-AB3C-5DD08449FF30} - C:\WINDOWS\system32\gebyw.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOZE\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOZE\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [b06aa6a4] rundll32.exe "C:\WINDOZE\system32\qanskxer.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\progra~1\avanqu~1\system~1\ufilter.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\avanqu~1\system~1\ufilter.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\avanqu~1\system~1\ufilter.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\avanqu~1\system~1\ufilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199339649019
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOZE\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOZE\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
Shaba
2008-01-06, 12:20
Hi benjira and welcome to Safer Networking Forums :)

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
Shaba
2008-01-13, 12:36
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.