Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Aftermath win32:SqlSlammer among others


  • Please log in to reply

#1
cardo71

cardo71

    Member

  • Member
  • PipPip
  • 21 posts
This is my brothers machine. I have cleaned it using malware bytes, avast, and super antispyware; finding over 200 infected objects the last being win32:Sql Slammer in the firewall records.dfl file of netveda firewall which i have recently installed. When updating to SP3, a message came up saying the original versions of C:/Windows/Service Pack Files/i386/rtcdll.man was changed or missing. When inserting the windows disc, it still wasn't found. Continued anyway and it seemed to update successfully. Not sure if this is significant or not. Upon boot up, after windows is loaded, this error pops up: "Error loading 0wao0o9s.dll. The specified module could not be found." Not sure if this dll is necessary and was infected or virus related and removed, but code still exists to try and load when windows starts. I have followed all the instruction on the malware removal page and created all the logs necessary except the OTL log. It begins to scan, then everytime it reaches the scanning of NetSvcs it freezes up and stops responding, which then has to be shut down using the task manager. Here are the logs I could get, these logs are after most of the cleanup was done before i came to your site:

Malware Bytes:

Malwarebytes' Anti-Malware 1.43
Database version: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/06/2010 2:30:12 PM
mbam-log-2010-01-06 (14-30-12).txt

Scan type: Quick Scan
Objects scanned: 102078
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 20:23:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SONYAS~1\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2C576B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2C57574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2C57A52]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF969B803]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2C5714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2C5764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2C5708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2C570F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2C5776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2C5772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2C578AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2C9F0B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip ipctdixp.sys (Layered TDI Filter/NetVeda LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ipctdixp.sys (Layered TDI Filter/NetVeda LLC)

---- EOF - GMER 1.0.15 ----


Thank you for your valuable time in this matter and being part of this awesome site that gives people a place to go for help :)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP