Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Recurring Malware (Part 2)


  • Please log in to reply

#1
goomba2

goomba2

    New Member

  • Member
  • Pip
  • 3 posts
Hello!
Thanks for taking your time to help me.
I posted in August last year in this thread and thought my problem was solved. (btw, the help that I received here was great). However, as a sort of spur of the moment kind of thing, I decided to search and see if I still had the problem, and I did.

The file which I have been using to tell if I have this malware is jesterss.dll. There is a program called Everything, which is a lightning fast search freeware program, which can be found here. I've been using this to detect all traces of this malware, and by using this program, I can quickly and efficiently tell where all parts of it are hiding. I'm here because I deleted all traces of this terrible malware with FileASSASSIN, except for one pesky folder which won't delete.
When I use FileASSASSIN, I can delete the one file in the folder (folder called "spool" located in C:\WINDOWS\system32\spool); file called srgb color space profile.icm, located in the spool folder. I unlock the modules in this file with FileASSASSIN, then delete it, and then try to delete the folder. Whenever I try to delete the folder, it tells me "Access denied, file is in use by another person or program" and a new srgb color space profile.icm is created. I was wondering how I could delete this pesky file, and finally be done with this malware once and for all.
There is also a folder called "dllcache" located in C:\WINDOWS\system32 which isn't even visible to me, even when I show hidden files. It's only visible on "Everything."

I kept notice of the malware and its locations, and wrote them down. Here's all the malware I could find, and deleted:

filterpipelineprintproc.dll (Which is found in...)

C:\WINDOWS\Driver Cache\i386
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86
C:\WINDOWS\system32\spool\prtprocs\x64


printfilterpipelinesvc.exe (Which is found in...)

C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\spool\prtprocs\w32x86

srgb color space profile.icm (Which is found in...)

C:\WINDOWS\system32\spool\drivers\color

srgb.icm (Which is found in...)

C:\WINDOWS\system32\dllcache

sRGB.pf (Which is found in...)
C:\Program Files\Java\j2re1.4.2\lib\cmm

Any help is greatly appreciated. Thank you!

EDIT: During this time I use Microsoft Security Essentials and Windows XP. Thanks!

EDIT2: It seems that whenever I try to run ComboFix, it aggravates the trojan even more. Combofix doesn't run, and more processes begin to run (.cfxxe's) , as well as new folders being created in my C: Drive. I am 100%positive that these are not Combofix related folders.

Additionally, there is a folder called System Volume Information which is installed in every drive. I have read that this is normal, but I believe that the trojan (I'm fairly sure it's a trojan) is hiding there. I have deleted system restore on every drive, and taken ownership of the folders,all to no avail. There's a file in System Volume Information called change.log which won't delete.
I also forgot to mention that this infection is on both my laptop and my desktop.
I can delete jesterss.dll as well as these pesky files I have listed easily, but whenever I have tried to reformat, I always find jesterss.dll in the WINDOWS/system32 folder, as well as these other files in the locations listed. I've tried to look up jesterss.dll on google, but found nothing. Any help is appreciated.
Thanks!

Edited by ldtate, 10 April 2010 - 11:25 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP