Results 1 to 2 of 2

Thread: Incomplete Malware download not detecting on Spybot

  1. 2006-02-25, 17:17 #1
    SirRunOn
    SirRunOn is offline
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default Incomplete Malware download not detecting on Spybot

    I have an irksome piece of malware, which I can see but doesn't detect on any spyware removal program.

    The annoying thing crashed out my explorer.exe while it was merrily uploading itself to me off the net, and isn't fully there. I'm getting wonderous stack overflow errors and all sorts of nice stuff.

    I can't even find where the darn thing is calling itself in the regestry. Or stop it's exe file from loading.

    I've logged the errors(at the end of this post) and found a few of the files.

    The names are ibm00011.dll ibm00012.dll and ibm00011.exe

    I'm of course not sure if this was the place to put this, being very new here so my appoligies for any miscommunication.

    SRO

    edit:
    Possibly may have come from here : hxxx://wxxx.nn.iij4u.or.jp/~exup/island/main.html
    yeah yeah, I know, anime
    Disabled url -tashi
    Stack dump:
    8004038a 006beeac 619a6f11 0084bc04 0099eac0 0099eac0 006beebc 619a3b48 8004038a 800400c0 006beed0 619af34f 800400c0 00000000 009a0ef0 006beee4
    **********************************************************************
    Date 02/25/2006 Time 07:19
    EXPLORER caused an invalid page fault in
    module IBM00003.DLL at 0187:1000b4df.
    Registers:
    EAX=ffff2c20 CS=0187 EIP=1000b4df EFLGS=00010283
    EBX=01d06c1c SS=018f ESP=00c9ff64 EBP=00c9ff98
    ECX=006d1544 DS=018f ESI=01d14000 FS=6467
    EDX=79fb402f ES=018f EDI=00000004 GS=1826
    Bytes at CS:EIP:
    38 16 75 fa 38 56 01 75 f5 8b 4d f8 46 46 48 89
    Stack dump:
    819f5194 00000008 81916e58 00c9fde0 00000000 00c9ffbc bffb1b20 bff69198 ffffffff 00c9ffcc 00000050 01dd0b60 bff78147 00c9ffcc bff79391 00000240
    **********************************************************************
    Date 02/25/2006 Time 09:36
    TAPISRV caused an invalid page fault in
    module <unknown> at dff7:01e039ae.
    Registers:
    EAX=00000102 CS=0187 EIP=01e039ae EFLGS=00010206
    EBX=000003e8 SS=018f ESP=01f2ff74 EBP=01f2ff98
    ECX=dff365b0 DS=018f ESI=bff6c90d FS=310f
    EDX=bffbb490 ES=018f EDI=81993c10 GS=0000
    Bytes at CS:EIP:

    Stack dump:
    81993c10 00000008 8197fd10 01e0e284 01e0ee5c 01e0e2a4 01e0ee44 00000130 0000012c 01f2ffcc bff79391 01e0efec 81993c10 00000008 8197fd10 00000007
    **********************************************************************
    Date 02/25/2006 Time 09:36
    TAPISRV caused an invalid page fault in
    module <unknown> at dfe7:01e039ae.
    Registers:
    EAX=00000102 CS=0187 EIP=01e039ae EFLGS=00010206
    EBX=000003e8 SS=018f ESP=0216ff74 EBP=0216ff98
    ECX=de81b650 DS=018f ESI=bff6c90d FS=3267
    EDX=bffbb490 ES=018f EDI=81998dbc GS=0000
    Bytes at CS:EIP:

    Stack dump:
    81998dbc 00000008 8197fd10 01e0e2e4 01e0efb0 01e0e304 01e0ee78 00000130 00000138 0216ffcc bff79391 01e0ee2c 81998dbc 00000008 8197fd10 00000007
    Last edited by tashi; 2006-02-25 at 18:14. Reason: disabled url
    Reply With Quote Reply With Quote
  2. 2006-02-25, 18:19 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,963

    Default

    Hi there.
    Please go here and read the instructions.
    (If able please do an on-line anti virus scan)
    Before you post a log, and who will advise you.

    Then start a topic here:
    Malware Forum

    Let us know if you have any problems getting a hjt log.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules