Results 1 to 2 of 2

Thread: Help please..

  1. #1
    Junior Member
    Join Date
    May 2012
    Posts
    1

    Default Help please..

    Hi,
    I think I am at my wits end...so I would really appreciate help.
    I think my laptop (as well as every other computer in the house is infected by the recycler virus...but it does not appear to get picked up by much. And after numerous reformats and Ubuntu installations i still return to the virus. It creates another recycle.bin folder within the recycle bin which then contains a folder names s-1-15- and the rest filled with SID- however having all the hhidden files enabled this folder contains temp files- which are $name.zip files... and numerous others. The temp folders contain hidden files as well as numerous other palces appear to be affected initially- the virus does not like you trying to fight it and appears to get anstier and slow down and affect more the more you fight it. I think I have tried most applications- but maybe I just need some proper expertise to help this one out... really appreciate your help in advance...

    Below are scan results from DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Administrator at 7:21:58 on 2012-05-16
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1069 [GMT 10:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\mmc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Administrator\Desktop\aswclnr.exe
    C:\Users\Administrator\Desktop\aswclnr.tmp
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
    TCP: Interfaces\{3D72DF1A-BFFD-4967-876E-FA70843E5A51} : DhcpNameServer = 211.31.138.11 211.29.132.12
    TCP: Interfaces\{92D38CD7-718A-489E-808C-1F2B07643433} : DhcpNameServer = 211.31.138.11 211.29.132.12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 09:56:57 -------- d-----w- c:\windows\Panther
    2012-05-16 03:58:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2012-05-15 16:59:03 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7e42ef2b-76a9-412a-a091-5f1d78e0c5e0}\mpengine.dll
    2012-05-15 16:59:02 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-15 16:11:41 -------- d-----w- c:\windows\system32\wbem\Performance
    2012-05-15 16:04:58 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 7:22:22.71 ===============




    This scan was run by Avast cleaner- which appears to not be able to scan the affected files- yet does nto detect anything:

    5/16/2012, 7:15:38 AM
    Memory scanning started...
    No virus body found in memory.
    Memory scanning finished (4.7s).
    ----------
    Files scanning started...
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!
    C:\System Volume Information\Syscache.hve... file could not be scanned!
    C:\System Volume Information\Syscache.hve.LOG1... file could not be scanned!
    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
    C:\System Volume Information\{b3189e81-9eac-11e1-be4d-001eec4d38c8}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
    C:\Users\Administrator\ntuser.dat.LOG1... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9E58EB7-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9E58EB8-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF58FEE-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DF16D1F91CBFE1775D.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DF293E448F155F5AC5.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DF2FDBDCB019E06B78.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DF377C24F81A7B4FA8.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DF9475B4386A730BD2.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DFA886D8E71384127F.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DFAA2A475524D38DEF.TMP... file could not be scanned!
    C:\Users\Administrator\AppData\Local\Temp\~DFE752C5EC14C0576A.TMP... file could not be scanned!
    C:\Users\Iw\ntuser.dat.LOG1... file could not be scanned!
    C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FACA7D59-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9106B47A-9ED2-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Iw\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FACA7D5A-9ED0-11E1-8777-001EEC4D38C8}.dat... file could not be scanned!
    C:\Users\Iw\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DF0665EEB7AD2F3AA2.TMP... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DF41D5B22DDAD5B358.TMP... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DF86AB446AFC8E7BBD.TMP... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DFBE34C682CC01B195.TMP... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DFEB687E87222F158E.TMP... file could not be scanned!
    C:\Users\Iw\AppData\Local\Temp\~DFFC3DD41038B55227.TMP... file could not be scanned!
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1... file could not be scanned!
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat... file could not be scanned!
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat... file could not be scanned!
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1... file could not be scanned!
    C:\Windows\System32\catroot2\edb.log... file could not be scanned!
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb... file could not be scanned!
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb... file could not be scanned!
    C:\Windows\System32\config\DEFAULT.LOG1... file could not be scanned!
    C:\Windows\System32\config\SAM.LOG1... file could not be scanned!
    C:\Windows\System32\config\SECURITY.LOG1... file could not be scanned!
    C:\Windows\System32\config\SOFTWARE.LOG1... file could not be scanned!
    C:\Windows\System32\config\SYSTEM.LOG1... file could not be scanned!
    No virus body found.
    Files scanning finished (52060 files, 0 infected, 267.8s).
    Drives scanned: C:
    ----------

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi effe2012,

    Your post is a few days old. If you still need help simply reply back.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •