Malware Infection

[DaReelDeel]

Hello,

Here is the ESET log.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f22d2c29dcd6f949b4fa432af22038be
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-22 09:00:47
# local_time=2010-07-22 05:00:47 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 116432032 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=217284
# found=7
# cleaned=7
# scan_time=7943
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\29A73ACD\3E688669\stb0.dll Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\BED3DEFB\3E688669\stbasst.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\EB91CE86\3E688669\stbdl.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi probably a variant of Win32/Adware.DoubleD.AF application (deleted - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\{C1DF1BDA-E7BE-4DC5-A5D9-C3D93F09FA65}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe a variant of Win32/Adware.DoubleD.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Darlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwxbv32.exe.vir a variant of Win32/Kryptik.FLY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[ken545]

Looking good, there is one entry with a related file that I cant find out anything about, lets have it checked

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\Users\Darlin\AppData\Roaming\nb-NOM.dll <--This file

If the site is busy you can try this one

http://virusscan.jotti.org/en

[DaReelDeel]

Hello,

When I tried to choose the .dll file, it says I don't have permission to open the file.

[ken545]

Try this


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :file
  C:\Users\Darlin\AppData\Roaming\nb-NOM.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[DaReelDeel]

I scanned the file, here is the log.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:52 on 23/07/2010 by Darlin (Administrator - Elevation successful)

========== file ==========

C:\Users\Darlin\AppData\Roaming\nb-NOM.dll - Unable to find/read file.

-=End Of File=-

[ken545]

I am inclined to believe its ok. How are things running now ?

[DaReelDeel]

I still get the error message when I click a link in google. I have to click the link several times to open it. I'm also having a problem with viewing pictures. I can't see images on Facebook, just a white square with shapes on it.

[ken545]

What error message are you getting ?

[DaReelDeel]

Sorry I haven't replied for a while, I had family over and we went out of town. I have similar messages to this. Oops! Google Chrome could not find www.facebook.com.

[ken545]

Does Internet Explorer and Firefox work , is it just Chrome your having issues with ?