Can't Run Spybot S&D

[yourallthesame]

By the way, I can't use Virustotal, just as I can't use Kaspersky, cuz the page won't open either. So, I used
http://scanner.novirusthanks.org/index.php
NNJU.exe <---- Infected
winmbudpk.exe <---- Infected
wphgta.exe <---- Infected



Combofix2.txt:


ComboFix 09-11-18.07 - paul 11/19/2009 21:15.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.118 [GMT 8:00]
Running from: c:\documents and settings\paul\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 11:19 . 2009-11-19 11:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-18 12:37 . 2008-04-14 12:00 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-18 12:37 . 2008-04-14 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-17 20:52 . 2009-11-17 20:53 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-11-17 12:05 . 2009-11-17 12:05 -------- d-----w- C:\rsit
2009-11-15 05:24 . 2009-11-15 05:24 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2009-11-15 05:24 . 2009-11-15 05:24 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AskToolbar
2009-11-14 20:16 . 2009-11-14 20:16 1 ----a-w- c:\documents and settings\Guest\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-14 20:14 . 2009-11-14 20:14 -------- d-----w- c:\documents and settings\Guest\Application Data\OpenOffice.org
2009-11-11 23:31 . 2009-11-17 12:05 -------- d-----w- c:\program files\Trend Micro
2009-11-11 13:48 . 2009-11-11 13:48 -------- d-----w- C:\RootkitNO
2009-11-11 13:35 . 2009-11-11 13:35 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Help
2009-11-11 13:33 . 2009-11-11 13:33 2 --shatr- c:\windows\winstart.bat
2009-11-11 13:32 . 2008-12-22 07:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-11-11 12:11 . 2009-11-18 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 17:20 . 2009-11-10 17:20 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-11-10 13:31 . 2009-11-10 13:31 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Yahoo
2009-11-10 13:29 . 2009-11-10 13:29 16504 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 12:00 . 2009-08-01 16:16 6326232 ---ha-w- c:\documents and settings\paul\Application Data\mjusbsp\in00000\setup.exe
2009-11-10 12:00 . 2009-08-01 16:16 6330328 ---ha-w- c:\documents and settings\paul\Application Data\mjusbsp\Upgrade\setup1.exe
2009-11-10 12:00 . 2009-08-01 16:12 798232 ---ha-w- c:\documents and settings\paul\Application Data\mjusbsp\Upgrade\install1.exe
2009-11-10 11:57 . 2009-11-10 12:00 7690776 ---h--w- c:\documents and settings\paul\Application Data\mjusbsp\ar00000\upgrade.exe
2009-11-10 09:25 . 2009-11-10 12:00 -------- d-----w- c:\documents and settings\paul\Application Data\mjusbsp
2009-11-09 23:39 . 2009-11-09 23:39 -------- d-----w- c:\program files\iPod
2009-11-09 23:39 . 2009-11-09 23:40 -------- d-----w- c:\program files\iTunes
2009-11-09 23:19 . 2009-11-09 23:19 152872 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 15:01 . 2009-11-08 15:01 -------- d-----w- c:\windows\.jagex_cache_32
2009-11-07 02:54 . 2009-11-07 02:54 504038 ----a-w- C:\sqlite3.dll
2009-10-29 14:35 . 2009-10-29 14:35 5595136 ----a-w- C:\SharePod.exe
2009-10-29 09:55 . 2009-10-29 09:55 152576 ----a-w- c:\documents and settings\paul\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-23 15:05 . 2009-10-23 15:05 -------- d-----w- c:\documents and settings\paul\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 12:41 . 2009-08-26 23:21 1 ----a-w- c:\documents and settings\paul\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-17 12:33 . 2009-11-17 12:33 2015 ---h--r- c:\windows\system32\drivers\hosts
2009-11-15 05:24 . 2009-11-10 13:28 -------- d--h--r- c:\documents and settings\Guest\Application Data\yahoo!
2009-11-11 13:54 . 2009-08-04 06:17 -------- d-----w- c:\program files\Ask.com
2009-11-09 23:39 . 2009-09-10 22:55 -------- d-----w- c:\program files\Common Files\Apple
2009-11-07 21:03 . 2009-08-04 07:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-07 02:25 . 2009-08-06 12:08 -------- d-----w- c:\documents and settings\paul\Application Data\LimeWire
2009-11-06 10:43 . 2009-10-06 02:27 -------- d-----w- c:\program files\RedSnow
2009-10-30 08:43 . 2009-08-06 08:32 -------- d-----w- c:\documents and settings\paul\Application Data\Skype
2009-10-30 08:39 . 2009-08-06 08:35 -------- d-----w- c:\documents and settings\paul\Application Data\skypePM
2009-10-29 09:58 . 2009-08-05 06:59 -------- d-----w- c:\program files\Java
2009-10-24 05:15 . 2009-08-27 12:22 -------- d-----w- c:\program files\Xvid
2009-10-14 02:56 . 2009-10-14 02:56 -------- d-----w- c:\documents and settings\paul\Application Data\SharePod
2009-10-11 09:22 . 2009-10-06 01:38 -------- d-----w- c:\documents and settings\paul\Application Data\DivX
2009-10-06 01:26 . 2009-10-06 01:25 -------- d-----w- c:\program files\DivX
2009-10-06 01:25 . 2009-10-06 01:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-03 08:27 . 2009-10-03 08:27 -------- d-----w- c:\program files\RedSnow iTouch Jailbreak
2009-10-03 07:03 . 2009-10-03 07:03 -------- d-----w- c:\program files\hi join
2009-10-03 07:01 . 2009-08-04 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-03 03:54 . 2009-08-05 05:54 16504 ----a-w- c:\documents and settings\paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 03:44 . 2009-10-03 03:44 -------- d-----w- c:\program files\MSBuild
2009-10-03 03:44 . 2009-10-03 03:44 -------- d-----w- c:\program files\Reference Assemblies
2009-10-02 23:38 . 2009-09-10 23:04 -------- d-----w- c:\documents and settings\paul\Application Data\Apple Computer
2009-09-26 02:04 . 2009-08-06 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-25 02:13 . 2009-09-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-22 04:02 . 2009-09-22 03:41 -------- d-----w- c:\program files\Common Files\logishrd
2009-09-22 04:01 . 2009-09-22 03:35 -------- d-----w- c:\program files\Logitech
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 11:42 . 2009-09-10 22:56 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 11:42 . 2009-09-10 22:56 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-18_12.24.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-19 13:30 . 2009-11-19 13:30 16384 c:\windows\temp\wincyvid.exe
+ 2009-11-19 13:30 . 2009-11-19 13:30 11264 c:\windows\temp\pmsj.exe
+ 2009-11-19 13:30 . 2009-11-19 13:30 7680 c:\windows\temp\ciuowh.exe
+ 2009-11-19 13:26 . 2009-04-30 08:01 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-11-18 12:23 . 2009-04-30 08:01 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 09:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 185584]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1768960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 185584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 491520]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2854160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 109424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1004920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 215328]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 457728]

c:\documents and settings\paul\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 457728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-8-4 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"=
"c:\\WINDOWS\\system32\\dmremote.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Documents and Settings\\paul\\Application Data\\mjusbsp\\cdloader2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Documents and Settings\\paul\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\RegCure\\RegCure.exe"= d:\\Program Files\\RegCure\\RegCure.exe
"c:\\WINDOWS\\PEV.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\soffice.bin"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\WINDOWS\\TEMP\\pmsj.exe"=
"c:\\WINDOWS\\TEMP\\ciuowh.exe"=
"c:\\WINDOWS\\TEMP\\wincyvid.exe"=
"c:\\DOCUME~1\\paul\\LOCALS~1\\Temp\\fvbt.exe"=
"c:\\DOCUME~1\\paul\\LOCALS~1\\Temp\\winrjvty.exe"=
"c:\\DOCUME~1\\paul\\LOCALS~1\\Temp\\uafwf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:443
"5060:UDP"= 5060:UDP:5060
"5070:UDP"= 5070:UDP:5070


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-11-19 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 12:46]

2009-11-19 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\paul\Application Data\Mozilla\Firefox\Profiles\5uoghj58.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\TEMP\pmsj.exe
c:\windows\TEMP\ciuowh.exe
c:\windows\TEMP\wincyvid.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\paul\LOCALS~1\Temp\fvbt.exe
c:\docume~1\paul\LOCALS~1\Temp\winrjvty.exe
c:\docume~1\paul\LOCALS~1\Temp\uafwf.exe
.
**************************************************************************
.
Completion time: 2009-11-19 21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-19 13:42
ComboFix2.txt 2009-11-18 13:09

Pre-Run: 23,563,599,872 bytes free
Post-Run: 23,444,729,856 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9ABE832FC4BAC3C1C4900874C4218908


Thanks!

 

[Blade81]

I need to see detailed results for those files - which scanners detected and what was the detected infections.

 

[yourallthesame]

Here are the logs from novirusthanks...

NNJU.EXE:

Report Generated: 22.11.2009 at 13.39.00 (GMT 1)
Time for scan: 72 seconds
File Name: nnju.exe
File Size: 11264
MD5 Hash: 4a719b328bfbca567f29f49784f6159d
SHA1 Hash: 29161890FE4DDAB8E2C75885ED3DAF337D138B71
Detection Rate: 21 on 24 (87.5%)
Status: INFECTED
Antivirus Sig version Engine Version Result
a-squared 22/11/2009 4.5.0.8 Virus.Win32.Sality!IK
Avira AntiVir 7.10.1.43 7.6.0.59 BDS/Backdoor.Gen
Avast 091121-1 4.8.1229 Win32:Agent-QNK [Trj]
AVG 270.14.76/2518 8.0.0.0 Agent2.MAN
BitDefender 22/11/2009 7.0.0.2555 Backdoor.Agent.AAFO
ClamAV 22/11/2009 0.95.1 Trojan.Downloader-69585
Comodo 2993 3.12.560 TrojWare.Win32.Trojan.Agent.~EZH
Dr.Web 22/11/2009 5.0 Trojan.DownLoad1.5719
Ewido 22/11/2009 4.0.0.2 -
F-PROT6 20091121 4.5.1.85 W32/Trojan3.ATP
G-Data 19.8942 2.0.7309.847 Trojan-Downloader.Win32.Agent.bqbt A
Ikarus T3 22/11/2009 1001074 Virus.Win32.Sality
Kaspersky 22/11/2009 8.0.0.357 Trojan-Downloader.Win32.Agent.bqbt
McAfee 21/11/2009 5.1.0.0 Generic Proxy trojan
NOD32 v3 4627 3.0.677 Win32/Agent.HLU
Norman 2009/11/03 5.92.08 Trojan W32/Horst.gen33
Panda 20/10/2009 9.5.1.00 Trj/Spammer.AND
QuickHeal 22/11/2009 10.0 Trojan.Agent.ATV
Solo Antivirus 22/11/2009 8.0 TrojanDownloader.Win32.Agent.Bqbt
Sophos 22/11/2009 4.32.0 Mal/Inet-Fam
TrendMicro 643(664300) 1.1-1001 -
VBA32 22/11/2009 3.12.0.300 Trojan-Downloader.Win32.Agent.bqbt
VirusBuster 10.113.25 1.4.3 Trojan.DL.Agent.JFCI
ZonerAntivirus 22/11/2009 0.2.0 -
Extra Information
CRC32: 1645985912
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
PDF Exploit Scan: Nothing found
HTML Exploit Scan: Nothing found
ASCII Strings: View


winmbudpk.exe :

Report Generated: 22.11.2009 at 13.39.03 (GMT 1)
Time for scan: 72 seconds
File Name: winmbudpk.exe
File Size: 16384
MD5 Hash: b75f33928dbb1dbbb5953a0eea0dfe1e
SHA1 Hash: D575D9B0E8C7C89F8B13E33822DAD9FD25AB24F5
Detection Rate: 20 on 24 (83.33%)
Status: INFECTED
Antivirus Sig version Engine Version Result
a-squared 22/11/2009 4.5.0.8 Virus.Win32.Sality!IK
Avira AntiVir 7.10.1.43 7.6.0.59 TR/Downloader.Gen
Avast 091121-1 4.8.1229 Win32:Malware-gen
AVG 270.14.76/2518 8.0.0.0 SpamTool.EII
BitDefender 22/11/2009 7.0.0.2555 Trojan.Generic.2582403
ClamAV 22/11/2009 0.95.1 Trojan.Spy-65689
Comodo 2993 3.12.560 TrojWare.Win32.PSW.Agent.nee0
Dr.Web 22/11/2009 5.0 Trojan.PWS.Sector.5
Ewido 22/11/2009 4.0.0.2 -
F-PROT6 20091121 4.5.1.85 W32/Keatep.B.gen!Eldorado
G-Data 19.8942 2.0.7309.847 Trojan-PSW.Win32.Agent.nxr A
Ikarus T3 22/11/2009 1001074 Virus.Win32.Sality
Kaspersky 22/11/2009 8.0.0.357 Trojan-PSW.Win32.Agent.nxr
McAfee 21/11/2009 5.1.0.0 Spam-Mailbot trojan
NOD32 v3 4627 3.0.677 Win32/TrojanDownloader.Sality.G
Norman 2009/11/03 5.92.08 Trojan W32/DLoader.ABHID
Panda 20/10/2009 9.5.1.00 Generic Trojan
QuickHeal 22/11/2009 10.0 Trojan.Agent.ATV
Solo Antivirus 22/11/2009 8.0 -
Sophos 22/11/2009 4.32.0 Mal/Keatep-A
TrendMicro 643(664300) 1.1-1001 -
VBA32 22/11/2009 3.12.0.300 Trojan-PSW.Win32.Agent.oie
VirusBuster 10.113.25 1.4.3 Trojan.PWS.Agent.PKQR
ZonerAntivirus 22/11/2009 0.2.0 -
Extra Information
CRC32: 1450295896
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
PDF Exploit Scan: Nothing found
HTML Exploit Scan: Nothing found
ASCII Strings: View


wphgta.exe :

Report Generated: 22.11.2009 at 13.40.20 (GMT 1)
Time for scan: 72 seconds
File Name: wphgta.exe
File Size: 7680
MD5 Hash: 547d9e620f5163c598b49fcf13422b77
SHA1 Hash: DF6E268D6BAC928B4B8070C743747B630066298A
Detection Rate: 18 on 24 (75%)
Status: INFECTED
Antivirus Sig version Engine Version Result
a-squared 22/11/2009 4.5.0.8 Virus.Win32.Sality!IK
Avira AntiVir 7.10.1.43 7.6.0.59 TR/Spy.Gen
Avast 091121-1 4.8.1229 Win32:Neptunia-ADC [Trj]
AVG 270.14.76/2518 8.0.0.0 DNSChanger.AG
BitDefender 22/11/2009 7.0.0.2555 Trojan.Generic.2642380
ClamAV 22/11/2009 0.95.1 Trojan.Agent-128412
Comodo 2993 3.12.560 TrojWare.Win32.Trojan.Agent.clss0
Dr.Web 22/11/2009 5.0 Trojan.Siggen.21376
Ewido 22/11/2009 4.0.0.2 -
F-PROT6 20091121 4.5.1.85 W32/Trojan-Sml-IWW!Eldorado
G-Data 19.8942 2.0.7309.847 Trojan.Win32.Agent.clss A
Ikarus T3 22/11/2009 1001074 Virus.Win32.Sality
Kaspersky 22/11/2009 8.0.0.357 Trojan.Win32.Agent.clss
McAfee 21/11/2009 5.1.0.0 Generic PWS.f trojan
NOD32 v3 4627 3.0.677 Win32/SpamTool.Agent.NAR
Norman 2009/11/03 5.92.08 -
Panda 20/10/2009 9.5.1.00 Trj/Downloader.MDW
QuickHeal 22/11/2009 10.0 Trojan.Agent.ATV
Solo Antivirus 22/11/2009 8.0 -
Sophos 22/11/2009 4.32.0 Mal/TinyDL-T
TrendMicro 643(664300) 1.1-1001 -
VBA32 22/11/2009 3.12.0.300 Trojan.Win32.Agent.clss
VirusBuster 10.113.25 1.4.3 -
ZonerAntivirus 22/11/2009 0.2.0 -
Extra Information
CRC32: 894198638
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
PDF Exploit Scan: Nothing found
HTML Exploit Scan: Nothing found
ASCII Strings: View

 

[Blade81]

Just what I feared. You've been hit by a file infector and in this case it's Sality. In Sality/Virut cases I have only one piece of advice: reformat.

 

[yourallthesame]

Damn. How do I reformat, and will I need a recovery disk?


Thanks!

 

[Blade81]

Tutorial for reformatting can be found here. If you have used external usb storage drives with infected system then those have to be reformatted too since Sality spreads thru flash memory drives too.


As a sidenote, I noticed you didn't have antivirus protection there. Up-to-date protection might had prevented system from being hit this hard. I won't preach about p2p dangers again. Gave you a link about it earlier.

Good free antivirus programs are:
Antivir
Avast! and
AVG Free Antivirus

Good commercial ones are from:
Kaspersky and
ESET

It's recommended to install antivirus program to fresh reformatted system.

 

[yourallthesame]

Ok, thanks a whole bunch for all your help. I appreciate it. Take care!

Paul

 

[Blade81]

You're welcome