effe2012
2012-05-15, 23:35
Hi,
I think I am at my wits end...so I would really appreciate help.
I think my laptop (as well as every other computer in the house is infected by the recycler virus...but it does not appear to get picked up by much. And after numerous reformats and Ubuntu installations i still return to the virus. It creates another recycle.bin folder within the recycle bin which then contains a folder names s-1-15- and the rest filled with SID- however having all the hhidden files enabled this folder contains temp files- which are $name.zip files... and numerous others. The temp folders contain hidden files as well as numerous other palces appear to be affected initially- the virus does not like you trying to fight it and appears to get anstier and slow down and affect more the more you fight it. I think I have tried most applications- but maybe I just need some proper expertise to help this one out... really appreciate your help in advance...
Below are scan results from DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Administrator at 7:21:58 on 2012-05-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1069 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Administrator\Desktop\aswclnr.exe
C:\Users\Administrator\Desktop\aswclnr.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
TCP: Interfaces\{3D72DF1A-BFFD-4967-876E-FA70843E5A51} : DhcpNameServer = 211.31.138.11 211.29.132.12
TCP: Interfaces\{92D38CD7-718A-489E-808C-1F2B07643433} : DhcpNameServer = 211.31.138.11 211.29.132.12
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== Created Last 30 ================
.
2012-05-16 09:56:57 -------- d-----w- c:\windows\Panther
2012-05-16 03:58:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-15 16:59:03 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7e42ef2b-76a9-412a-a091-5f1d78e0c5e0}\mpengine.dll
2012-05-15 16:59:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 16:11:41 -------- d-----w- c:\windows\system32\wbem\Performance
2012-05-15 16:04:58 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
.
============= FINISH: 7:22:22.71 ===============
This scan was run by Avast cleaner- which appears to not be able to scan the affected files- yet does nto detect anything:
5/16/2012, 7:15:38 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (4.7s).
----------
Files scanning started...
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!
C:\System Volume Information\Syscache.hve... file could not be scanned!
C:\System Volume Information\Syscache.hve.LOG1... file could not be scanned!
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{b3189e81-9eac-11e1-be4d-001eec4d38c8}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\Users\Administrator\ntuser.dat.LOG1... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9E58EB7-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9E58EB8-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF58FEE-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF16D1F91CBFE1775D.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF293E448F155F5AC5.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF2FDBDCB019E06B78.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF377C24F81A7B4FA8.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF9475B4386A730BD2.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFA886D8E71384127F.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFAA2A475524D38DEF.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFE752C5EC14C0576A.TMP... file could not be scanned!
C:\Users\Iw\ntuser.dat.LOG1... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FACA7D59-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9106B47A-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FACA7D5A-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF0665EEB7AD2F3AA2.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF41D5B22DDAD5B358.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF86AB446AFC8E7BBD.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFBE34C682CC01B195.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFEB687E87222F158E.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFFC3DD41038B55227.TMP... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat... file could not be scanned!
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1... file could not be scanned!
C:\Windows\System32\catroot2\edb.log... file could not be scanned!
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\config\DEFAULT.LOG1... file could not be scanned!
C:\Windows\System32\config\SAM.LOG1... file could not be scanned!
C:\Windows\System32\config\SECURITY.LOG1... file could not be scanned!
C:\Windows\System32\config\SOFTWARE.LOG1... file could not be scanned!
C:\Windows\System32\config\SYSTEM.LOG1... file could not be scanned!
No virus body found.
Files scanning finished (52060 files, 0 infected, 267.8s).
Drives scanned: C:
----------
I think I am at my wits end...so I would really appreciate help.
I think my laptop (as well as every other computer in the house is infected by the recycler virus...but it does not appear to get picked up by much. And after numerous reformats and Ubuntu installations i still return to the virus. It creates another recycle.bin folder within the recycle bin which then contains a folder names s-1-15- and the rest filled with SID- however having all the hhidden files enabled this folder contains temp files- which are $name.zip files... and numerous others. The temp folders contain hidden files as well as numerous other palces appear to be affected initially- the virus does not like you trying to fight it and appears to get anstier and slow down and affect more the more you fight it. I think I have tried most applications- but maybe I just need some proper expertise to help this one out... really appreciate your help in advance...
Below are scan results from DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Administrator at 7:21:58 on 2012-05-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1069 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Administrator\Desktop\aswclnr.exe
C:\Users\Administrator\Desktop\aswclnr.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
TCP: Interfaces\{3D72DF1A-BFFD-4967-876E-FA70843E5A51} : DhcpNameServer = 211.31.138.11 211.29.132.12
TCP: Interfaces\{92D38CD7-718A-489E-808C-1F2B07643433} : DhcpNameServer = 211.31.138.11 211.29.132.12
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== Created Last 30 ================
.
2012-05-16 09:56:57 -------- d-----w- c:\windows\Panther
2012-05-16 03:58:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-15 16:59:03 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7e42ef2b-76a9-412a-a091-5f1d78e0c5e0}\mpengine.dll
2012-05-15 16:59:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 16:11:41 -------- d-----w- c:\windows\system32\wbem\Performance
2012-05-15 16:04:58 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
.
============= FINISH: 7:22:22.71 ===============
This scan was run by Avast cleaner- which appears to not be able to scan the affected files- yet does nto detect anything:
5/16/2012, 7:15:38 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (4.7s).
----------
Files scanning started...
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!
C:\System Volume Information\Syscache.hve... file could not be scanned!
C:\System Volume Information\Syscache.hve.LOG1... file could not be scanned!
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{b3189e81-9eac-11e1-be4d-001eec4d38c8}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\Users\Administrator\ntuser.dat.LOG1... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9E58EB7-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9E58EB8-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF58FEE-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF16D1F91CBFE1775D.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF293E448F155F5AC5.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF2FDBDCB019E06B78.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF377C24F81A7B4FA8.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DF9475B4386A730BD2.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFA886D8E71384127F.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFAA2A475524D38DEF.TMP... file could not be scanned!
C:\Users\Administrator\AppData\Local\Temp\~DFE752C5EC14C0576A.TMP... file could not be scanned!
C:\Users\Iw\ntuser.dat.LOG1... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FACA7D59-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9106B47A-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FACA7D5A-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
C:\Users\Iw\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF0665EEB7AD2F3AA2.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF41D5B22DDAD5B358.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DF86AB446AFC8E7BBD.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFBE34C682CC01B195.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFEB687E87222F158E.TMP... file could not be scanned!
C:\Users\Iw\AppData\Local\Temp\~DFFC3DD41038B55227.TMP... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat... file could not be scanned!
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1... file could not be scanned!
C:\Windows\System32\catroot2\edb.log... file could not be scanned!
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb... file could not be scanned!
C:\Windows\System32\config\DEFAULT.LOG1... file could not be scanned!
C:\Windows\System32\config\SAM.LOG1... file could not be scanned!
C:\Windows\System32\config\SECURITY.LOG1... file could not be scanned!
C:\Windows\System32\config\SOFTWARE.LOG1... file could not be scanned!
C:\Windows\System32\config\SYSTEM.LOG1... file could not be scanned!
No virus body found.
Files scanning finished (52060 files, 0 infected, 267.8s).
Drives scanned: C:
----------