Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Metajuan

Started by panthenon , Feb 04 2008 09:41 PM

  • Please log in to reply

#1
panthenon
Posted 04 February 2008 - 09:41 PM

panthenon

    New Member

  • Member
  • Pip
  • 1 posts
I have read other post with the similar virus. I have downloaded the combofix.exe process and ran it. Attaching the output below.

I would greatly appriciate any help on this.

Thank you in advance

Panthenon

ComboFix 08-02.05.3 - Irochka 2008-02-04 22:24:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1326 [GMT -5:00]
Running from: C:\Documents and Settings\Irochka\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\khffgde.dll
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\cqnkidri.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\fatkauxc.ini
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\hgvcfrxm.dll
C:\WINDOWS\system32\irdiknqc.ini
C:\WINDOWS\system32\jthiltau.ini
C:\WINDOWS\system32\khffgde.dll
C:\WINDOWS\system32\pfeierdw.dll
C:\WINDOWS\system32\tulalkem.ini
C:\WINDOWS\system32\uatlihtj.dll
C:\WINDOWS\system32\uljyflrx.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\wdreiefp.ini
C:\WINDOWS\system32\winpsa32.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-03 05:20 . 2008-02-03 05:20 15,872 --a------ C:\WINDOWS\system32\drvvon.dll
2008-01-31 20:09 . 2005-10-03 09:49 671,744 --a------ C:\WINDOWS\system32\pavplal.dll
2008-01-31 20:09 . 2005-12-01 21:01 65,536 -ra------ C:\WINDOWS\system32\cdvhcodc.dll
2008-01-31 20:09 . 2005-07-21 18:22 65,536 --a------ C:\WINDOWS\system32\cdv5codc.dll
2008-01-31 20:09 . 2005-06-14 18:34 10,368 --a------ C:\WINDOWS\system32\drivers\cdrblock.sys
2008-01-31 20:09 . 2005-03-11 16:28 4,608 --a------ C:\WINDOWS\system32\drivers\cdrport.sys
2008-01-30 10:22 . 2008-01-31 19:52 2,237,655 --ahs---- C:\WINDOWS\system32\teuqwnyv.ini
2008-01-29 12:04 . 2008-01-29 12:04 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-29 10:24 . 2008-01-30 10:17 2,046,903 --ahs---- C:\WINDOWS\system32\jpbhbgtm.ini
2008-01-28 23:33 . 2008-01-28 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 23:23 . 2008-01-28 23:23 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 23:15 . 2008-01-28 23:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-28 22:49 . 2008-01-28 22:49 <DIR> d-------- C:\Documents and Settings\Irochka\Application Data\Apple Computer
2008-01-28 22:48 . 2008-01-28 22:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-28 22:48 . 2008-01-28 22:48 <DIR> d-------- C:\Program Files\iTunes
2008-01-28 22:48 . 2008-01-28 22:48 <DIR> d-------- C:\Program Files\iPod
2008-01-28 22:48 . 2008-01-28 22:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 22:22 . 2005-06-08 11:13 835,665 --a------ C:\WINDOWS\system32\cseuvec.dll
2008-01-28 22:22 . 2002-10-31 17:11 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2008-01-28 22:22 . 2002-10-29 11:29 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2008-01-28 22:22 . 2005-07-21 18:21 65,536 --a------ C:\WINDOWS\system32\cdvccodc.dll
2008-01-28 22:21 . 2004-10-18 13:30 1,130,585 -ra------ C:\WINDOWS\system32\csedvh.dll
2008-01-28 21:36 . 2008-01-28 21:36 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData
2008-01-26 23:20 . 2008-02-04 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:03 . 2008-01-26 23:04 <DIR> d-------- C:\Documents and Settings\Irochka\Application Data\Lavasoft
2008-01-26 21:32 . 2008-01-26 21:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-26 21:32 . 2008-01-26 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-26 20:28 . 2008-01-28 22:46 <DIR> d-------- C:\Documents and Settings\Irochka\Application Data\Canopus
2008-01-26 20:28 . 2008-02-04 22:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 20:28 . 2008-01-26 20:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 20:23 . 2002-06-10 17:48 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2008-01-26 00:52 . 2008-01-26 00:52 0 --a------ C:\WINDOWS\DVCapture.INI
2008-01-26 00:41 . 2008-02-04 21:56 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2008-01-25 20:01 . 2007-04-26 17:53 458,752 --a------ C:\WINDOWS\system32\pavapi.dll
2008-01-25 20:01 . 2006-05-11 11:40 278,528 --a------ C:\WINDOWS\system32\dvxcore.dll
2008-01-25 20:01 . 2005-01-05 15:17 212,992 --a------ C:\WINDOWS\system32\dvxconf.dll
2008-01-25 20:01 . 2007-02-07 11:04 174,336 --a------ C:\WINDOWS\system32\drivers\dvxkrnl.sys
2008-01-25 20:01 . 2002-05-29 10:20 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2008-01-25 20:01 . 2002-12-02 10:42 49,152 --a------ C:\WINDOWS\system32\cvpcdvc.dll
2008-01-25 20:01 . 2005-01-20 15:33 28,672 --a------ C:\WINDOWS\system32\dvxdd.dll
2008-01-25 20:01 . 2000-02-02 16:30 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2008-01-25 20:01 . 2006-05-01 11:08 4,096 --a------ C:\WINDOWS\system32\paveno.dll
2008-01-25 20:01 . 2008-01-28 22:48 335 --a------ C:\WINDOWS\CANOPUS.INI
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 03:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-05 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 02:55 --------- d-----w C:\Program Files\Canopus
2008-02-01 00:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-29 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-13 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 02:26 --------- d-----w C:\Documents and Settings\Irochka\Application Data\dvdcss
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-09-13 10:12 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-30 12:51 7630848]
"nwiz"="nwiz.exe" [2006-08-30 12:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 08:05 1121016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9000429d]
C:\WINDOWS\system32\uatlihtj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
--a------ 2008-02-03 05:20 15872 C:\WINDOWS\system32\drvvon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

R1 cdrblock;cdrblock;C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2005-06-14 18:34]
R1 cdrport;cdrport;C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 16:28]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-09-15 08:45]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 04:50]
S3 zskrnl;zskrnl;C:\WINDOWS\system32\DRIVERS\zskrnl.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffc43ac4-c125-11db-9b69-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 01:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:30:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2008-02-04 22:34:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-05 03:34:25
.
2008-01-09 08:01:05 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP