Stubborn Virus

**ChefMaster** · 2011-10-23, 09:11

for the past 3 months ive been trying on and off to remove this redirect virus, i've downloaded just about every antivirus/malware protection but nothing seems to get rid of it, the only one that actually detected the infection was stopzilla but it didnt remove it.
i ran spy bot today and this is what i got
:: RootAlyzer Results
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\global.js"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\HpuFunction.dll"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\main.hta"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\SoftwareUpdate.dll"
File:"No admin in ACL","C:\Program Files (x86)\HP\HP Software Update\unicows.dll"
File:"Reserved filename","C:\desktop.ini\lpt3.Drive_is_protected_against_flash_viruses_by_RegRun"
File:"Reserved filename","C:\comment.htt\lpt3.Drive_is_protected_against_flash_viruses_by_RegRun"
File:"Reserved filename","C:\autorun.inf\lpt3.Drive_is_protected_against_flash_viruses_by_RegRun"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc"

10/23/2011 1:27:32 AM
Scan took 00:01:37.

--- Spybot - Search & Destroy version: 2.0.5.131 DLL (build: 20110804) ---

2011-08-04 blindman.exe (2.0.5.151)
2011-08-04 explorer.exe (2.0.5.170)
2003-04-18 ntrights.exe
2011-08-04 SDBootCD.exe (2.0.5.108)
2011-08-04 SDCleaner.exe (2.0.5.106)
2011-08-04 SDDelFile.exe (2.0.5.94)
2011-08-04 SDFiles.exe (2.0.5.127)
2011-08-04 SDFSSvc.exe (2.0.5.195)
2011-08-04 SDHookHelper.exe (2.0.5.1)
2011-08-04 SDHookInst32.exe (2.0.5.1)
2011-08-04 SDHookInst64.exe (2.0.5.1)
2011-08-04 SDHookSvc.exe (2.0.5.1)
2011-08-04 SDImmunize.exe (2.0.5.123)
2011-08-04 SDLogReport.exe (2.0.5.104)
2011-08-04 SDMain.exe (2.0.5.92)
2011-08-04 SDPhoneScan.exe (2.0.5.27)
2011-08-04 SDPrepPos.exe (2.0.5.10)
2011-08-04 SDQuarantine.exe (2.0.5.102)
2011-08-04 SDRootAlyzer.exe (2.0.5.114)
2011-08-04 SDScan.exe (2.0.5.170)
2011-08-04 SDSettings.exe (2.0.5.112)
2011-08-04 SDShred.exe (2.0.5.104)
2011-08-04 SDSysRepair.exe (2.0.5.101)
2011-08-04 SDTools.exe (2.0.5.141)
2011-08-04 SDTray.exe (2.0.5.121)
2011-08-04 SDUpdate.exe (2.0.5.84)
2011-08-04 SDUpdSvc.exe (2.0.5.76)
2011-08-04 SDWelcome.exe (2.0.5.119)
2011-08-04 SDWSCSvc.exe (2.0.5.1)
2011-10-22 unins000.exe (51.52.0.0)
1999-12-02 xcacls.exe
2007-04-02 aports.dll (2.1.0.0)
2006-03-03 borlndmm.dll (10.0.2288.42451)
2010-09-06 DelZip190.dll (1.9.0.87)
2009-10-01 pcrelib.dll
2011-08-04 SDAdvancedCheckLibrary.dll (2.0.5.98)
2011-08-04 SDDialogs.dll (2.0.5.13)
2011-08-04 SDECon32.dll (2.0.5.113)
2011-08-04 SDEvents.dll (2.0.5.2)
2011-08-04 SDHelper.dll (2.0.5.88)
2011-08-04 SDHook32.dll (2.0.5.1)
2011-08-04 SDHook64.dll (2.0.5.1)
2011-08-04 sdinsTasks.dll (1.0.0.10)
2011-08-04 SDLists.dll (2.0.5.4)
2011-08-04 SDResources.dll (2.0.5.1)
2011-08-04 SDScanLibrary.dll (2.0.5.131)
2011-08-04 SDWinLogon.dll (2.0.5.0)
2011-04-20 sqlite3.dll
2011-08-04 Tools.dll (2.0.5.36)
2011-08-04 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi
2011-05-09 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi
2011-03-08 Includes\DialerC.sbi
2011-02-24 Includes\HeavyDuty.sbi
2011-03-29 Includes\Hijackers.sbi
2011-03-29 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2011-03-08 Includes\KeyloggersC.sbi
2011-04-05 Includes\Malware.sbi
2011-05-09 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2011-03-15 Includes\PUPSC.sbi
2011-02-24 Includes\Security.sbi
2011-05-03 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2011-02-24 Includes\Spyware.sbi
2011-05-10 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2011-05-11 Includes\TrojansC-02.sbi
2011-05-11 Includes\TrojansC-03.sbi
2011-05-11 Includes\TrojansC-04.sbi
2011-05-11 Includes\TrojansC-05.sbi
2011-05-11 Includes\TrojansC.sbi

**tashi** · 2011-10-23, 15:19

Hello ChefMaster,

Please see the forum sticky which includes guidelines and instructions in post #2 on how to provide preliminary "DDS" logs used for analysis.

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Then start a new topic providing the logs and a volunteer analyst will advise you when available.

Best regards.

Edit
http://forums.spybot.info/showthread...974#post414974

Thread: Stubborn Virus

Thread Tools

Display

Stubborn Virus

Posting Permissions