Thanks for taking your time to help me.
I posted in August last year in this thread and thought my problem was solved. (btw, the help that I received here was great). However, as a sort of spur of the moment kind of thing, I decided to search and see if I still had the problem, and I did.
The file which I have been using to tell if I have this malware is jesterss.dll. There is a program called Everything, which is a lightning fast search freeware program, which can be found here. I've been using this to detect all traces of this malware, and by using this program, I can quickly and efficiently tell where all parts of it are hiding. I'm here because I deleted all traces of this terrible malware with FileASSASSIN, except for one pesky folder which won't delete.
When I use FileASSASSIN, I can delete the one file in the folder (folder called "spool" located in C:\WINDOWS\system32\spool); file called srgb color space profile.icm, located in the spool folder. I unlock the modules in this file with FileASSASSIN, then delete it, and then try to delete the folder. Whenever I try to delete the folder, it tells me "Access denied, file is in use by another person or program" and a new srgb color space profile.icm is created. I was wondering how I could delete this pesky file, and finally be done with this malware once and for all.
There is also a folder called "dllcache" located in C:\WINDOWS\system32 which isn't even visible to me, even when I show hidden files. It's only visible on "Everything."
I kept notice of the malware and its locations, and wrote them down. Here's all the malware I could find, and deleted:
filterpipelineprintproc.dll (Which is found in...)
C:\WINDOWS\Driver Cache\i386
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86
C:\WINDOWS\system32\spool\prtprocs\x64
printfilterpipelinesvc.exe (Which is found in...)
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86
srgb color space profile.icm (Which is found in...)
C:\WINDOWS\system32\spool\drivers\color
srgb.icm (Which is found in...)
C:\WINDOWS\system32\dllcache
sRGB.pf (Which is found in...)
C:\Program Files\Java\j2re1.4.2\lib\cmm
Any help is greatly appreciated. Thank you!
EDIT: During this time I use Microsoft Security Essentials and Windows XP. Thanks!
EDIT2: It seems that whenever I try to run ComboFix, it aggravates the trojan even more. Combofix doesn't run, and more processes begin to run (.cfxxe's) , as well as new folders being created in my C: Drive. I am 100%positive that these are not Combofix related folders.
Additionally, there is a folder called System Volume Information which is installed in every drive. I have read that this is normal, but I believe that the trojan (I'm fairly sure it's a trojan) is hiding there. I have deleted system restore on every drive, and taken ownership of the folders,all to no avail. There's a file in System Volume Information called change.log which won't delete.
I also forgot to mention that this infection is on both my laptop and my desktop.
I can delete jesterss.dll as well as these pesky files I have listed easily, but whenever I have tried to reformat, I always find jesterss.dll in the WINDOWS/system32 folder, as well as these other files in the locations listed. I've tried to look up jesterss.dll on google, but found nothing. Any help is appreciated.
Thanks!
Edited by ldtate, 10 April 2010 - 11:25 AM.
Sign In
Create Account
