PDA

View Full Version : wintems and blacklight = Help!



martinh
2008-02-28, 21:44
Hi all,

I've been trying to beat the wintems virus for 2 days straight but I'm getting nowhere. It has all the usual traits, Safe Mode Disables, all virus scanners/HJT/Spybot disabled, wintems hidden, "system32\drivers\down\" hidden (but full of .exe files with numerical names).

I've run Blacklight a couple of times, renamed the whole list, rebooted..and the virus is back in place.

I'm beat, I'm hoping maybe someone can help me kill this as I can;t take much more! :mad:

Here's the last Blacklight log:

2/28/08 18:26:05 [Info]: BlackLight Engine 1.0.67 initialized
02/28/08 18:26:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/28/08 18:26:05 [Note]: 7019 4
02/28/08 18:26:05 [Note]: 7005 0
02/28/08 18:26:24 [Note]: 7006 0
02/28/08 18:26:24 [Note]: 7011 284
02/28/08 18:26:26 [Note]: 7026 0
02/28/08 18:26:29 [Note]: 7026 0
02/28/08 18:26:29 [Note]: 7024 3
02/28/08 18:26:29 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
02/28/08 18:26:29 [Note]: 7024 3
02/28/08 18:26:29 [Info]: Hidden process: C:\WINDOWS\system32\wintems.exe
02/28/08 18:26:33 [Note]: FSRAW library version 1.7.1024
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg
02/28/08 18:30:09 [Note]: 10002 3
02/28/08 18:30:09 [Note]: 10002 2
02/28/08 18:30:09 [Note]: 10002 2
02/28/08 18:37:53 [Note]: 10002 2
02/28/08 18:37:53 [Note]: 10002 2
02/28/08 18:38:23 [Info]: Hidden file: C:\WINDOWS\system32\wintems.exe
02/28/08 18:38:23 [Note]: 10002 2
02/28/08 18:39:03 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
02/28/08 18:39:03 [Note]: 10002 2
02/28/08 18:39:03 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
02/28/08 18:39:03 [Note]: 10002 2
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280286093.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280288562.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280293328.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280295609.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280295875.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280296203.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280300953.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280302609.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280327765.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217593.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217609.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\217843.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\218562.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\218828.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\218921.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\219375.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\219750.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\219968.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\221125.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\221250.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\221359.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\221578.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\221968.exe
02/28/08 18:39:12 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\222296.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\222859.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\222953.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\223406.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\223796.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\224109.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\224281.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\224656.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\225406.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\225562.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\226453.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\227203.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\227390.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\227843.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\228359.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\228437.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\229328.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\230906.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\231750.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\232062.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\232343.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\232750.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\158281.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\158984.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\159453.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\159671.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\160046.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\160265.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\160687.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\160781.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\161921.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162125.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162187.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162328.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162875.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\162937.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\164640.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\164953.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\165218.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\165437.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\166375.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\166562.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\166687.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\166718.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\233453.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\233671.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\237000.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\240203.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\244406.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\246281.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\247968.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\248296.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\248500.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\249984.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\253765.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\253781.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\254312.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\256609.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\258187.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\258578.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\259453.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\260812.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\262625.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\264140.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\266093.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\268031.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\270406.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280215328.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280216781.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280218921.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280264796.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280271140.exe
02/28/08 18:39:13 [Note]: 10002 3
02/28/08 18:39:13 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\280272687.exe
02/28/08 18:39:13 [Note]: 10002 3

martinh
2008-02-28, 21:45
...and those number extensions go on for a few more hundred lines to.....


02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\133828.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\133968.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135531.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135828.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\136062.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\136671.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\136984.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137375.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137437.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137531.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137750.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\139171.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\127750.exe
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\127796.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\127843.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\128296.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\128718.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\128781.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\128875.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\129093.exe.ren
02/28/08 18:39:16 [Note]: 10002 3
02/28/08 18:39:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\130484.exe.ren