sportcrazy60
2011-06-01, 22:59
I keep getting malware that blocks access to antimalware sites. I reinstall windows,no help. cant run ERUNT/DDS. Running Win XP Sp1(cannot update cause of malware) I suspect Conficker.
Running GMER now,when ready posting log.
Cannot download MBAM.
I DL'd Avast! from download.fi.
It says something like cannot format program when starting DDS/ERUNT installer.(quick translation from Finnish)
I keep getting malware that blocks access to antimalware sites. I reinstall windows,no help. cant run ERUNT/DDS. Running Win XP Sp1(cannot update cause of malware) I suspect Conficker.
Running GMER now,when ready posting log.
Cannot download MBAM.
I DL'd Avast! from download.fi.
It says something like cannot format program when starting DDS/ERUNT installer.(quick translation from Finnish)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-01 22:59:49
Windows 5.1.2600 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y080L0 rev.YAR41VW0
Running: c02tzb7e[1].exe; Driver: E:\DOCUME~1\Sampsa\LOCALS~1\Temp\kwlyqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
---- User code sections - GMER 1.0.15 ----
.text E:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 06979DD2
.text E:\WINDOWS\System32\svchost.exe[952] NETAPI32.dll!NetpwPathCanonicalize 71C12B51 5 Bytes JMP 06979D72
.text E:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 00849DD2
---- Services - GMER 1.0.15 ----
Service E:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] felyv <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@DisplayName Microsoft Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Description Hallitsee IP-suojausk?yt?nt?? ja k?ynnist?? ISAKMP/Oakley (IKE)- ja IP-suojausohjaimen.
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv\Parameters@ServiceDll E:\WINDOWS\System32\liqywiqb.dll
---- Files - GMER 1.0.15 ----
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\page3[1] 14792 bytes
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\CA2G85YG.php 3154 bytes
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\CAKJM36V.php 3120 bytes
---- EOF - GMER 1.0.15 ----
GMER log.
Because i cant edit here comes a whopping triple post.
I cant run even paint/pinball or anyhng!
Running GMER now,when ready posting log.
Cannot download MBAM.
I DL'd Avast! from download.fi.
It says something like cannot format program when starting DDS/ERUNT installer.(quick translation from Finnish)
I keep getting malware that blocks access to antimalware sites. I reinstall windows,no help. cant run ERUNT/DDS. Running Win XP Sp1(cannot update cause of malware) I suspect Conficker.
Running GMER now,when ready posting log.
Cannot download MBAM.
I DL'd Avast! from download.fi.
It says something like cannot format program when starting DDS/ERUNT installer.(quick translation from Finnish)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-01 22:59:49
Windows 5.1.2600 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y080L0 rev.YAR41VW0
Running: c02tzb7e[1].exe; Driver: E:\DOCUME~1\Sampsa\LOCALS~1\Temp\kwlyqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
---- User code sections - GMER 1.0.15 ----
.text E:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 06979DD2
.text E:\WINDOWS\System32\svchost.exe[952] NETAPI32.dll!NetpwPathCanonicalize 71C12B51 5 Bytes JMP 06979D72
.text E:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtQueryInformationProcess 77F76035 5 Bytes JMP 00849DD2
---- Services - GMER 1.0.15 ----
Service E:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] felyv <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@DisplayName Microsoft Universal
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv@Description Hallitsee IP-suojausk?yt?nt?? ja k?ynnist?? ISAKMP/Oakley (IKE)- ja IP-suojausohjaimen.
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\felyv\Parameters@ServiceDll E:\WINDOWS\System32\liqywiqb.dll
---- Files - GMER 1.0.15 ----
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\page3[1] 14792 bytes
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\CA2G85YG.php 3154 bytes
File E:\Documents and Settings\Sampsa\Local Settings\Temporary Internet Files\Content.IE5\WX6BCXIN\CAKJM36V.php 3120 bytes
---- EOF - GMER 1.0.15 ----
GMER log.
Because i cant edit here comes a whopping triple post.
I cant run even paint/pinball or anyhng!