Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

im having trouble getting rid of Generic.Bot.H


  • Please log in to reply

#1
yahudi

yahudi

    New Member

  • Member
  • Pip
  • 6 posts
hi, i've been having trouble with this stubborn litle booger for a while now and cannot get rid of it. i've run Malwarebytes & it keeps detecting a virus called Generic.Bot.H on my pc only after i plug in my flash drive. i'm able to successfully remove it from my pc but for some reason the scanner isn't able to detect anything on the flash drive. Can anyone PLEASE help me get rid of this thing from the flash drive once and for all.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
We prefer that you work through the Malware Removal Guide at the top of the forum
http://www.geekstogo...uide-t2852.html
but I can advise you to do the following:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


You might also want to install AutoRun Eater v2.4
http://oldmcdonald.w...orun-eater-v24/

It will stay resident and prevent USB drives from infecting your PC.

It would be wise to work through the guide and post your logs just to make sure we got it all.

Ron
  • 0

#3
yahudi

yahudi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hello, thank you for responding.
i followed yr advice, downloaded Flash_Disinfector.exe & AutoRun Eater v2.4 & followed the instructions you gave me. i also scanned my pc with Malwarebytes again & posted the log below:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/13/2010 7:42:41 PM
mbam-log-2010-04-13 (19-42-41).txt

Scan type: Full scan (C:\|D:\|J:\|)
Objects scanned: 175846
Time elapsed: 41 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Backdoor.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


im not sure if its useful but i also ran the GMER Rootkit Scanner as well just in case:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 20:07:59
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\pwldypob.sys


---- System - GMER 1.0.15 ----

SSDT 821F96D0 ZwConnectPort
SSDT 822207B0 ZwOpenProcess
SSDT 821FD240 ZwOpenThread

---- Kernel code sections - GMER 1.0.15 ----

? lyfp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\ie8\spuninst\iecustom.dll 58464 bytes executable
File C:\WINDOWS\ie8\spuninst\spuninst.exe 231456 bytes executable
File C:\WINDOWS\ie8\spuninst\spuninst.exe.manifest 781 bytes
File C:\WINDOWS\ie8\spuninst\spuninst.inf 433251 bytes
File C:\WINDOWS\ie8\spuninst\spuninst.txt 10950 bytes
File C:\WINDOWS\ie8\spuninst\updspapi.dll
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
yahudi

yahudi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi, i couldn't disable the Norton Antivirus following the instructions on the link. although im on a administrator account it apparently doesn't have the authority to change the settings. i also tried to change it on safe mode but wasnt able to. despite that i still ran "george" & here is the log:

ComboFix 10-04-15.05 - Compaq_Owner_3 04/17/2010 9:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.176 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner_3\Desktop\george.exe.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\k-1-3542-4232123213-7676767-8888886
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-14 07:33 . 2010-04-14 07:45 -------- d-----w- c:\windows\system32\Adobe
2010-04-08 18:30 . 2010-04-17 15:51 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:31 . 2003-06-25 23:05 266360 ----a-w- c:\windows\system32\TweakUI.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 16:02 . 2005-01-29 18:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-14 05:33 . 2010-01-10 18:39 966 ----a-w- c:\documents and settings\Compaq_Owner_3\Application Data\wklnhst.dat
2010-04-14 01:20 . 2010-01-18 20:12 117760 ----a-w- c:\documents and settings\Compaq_Owner_3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-10 19:12 . 2009-10-10 17:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-07 06:09 . 2010-01-10 19:00 35704 ----a-w- c:\documents and settings\Compaq_Owner_3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-07 02:46 . 2009-12-13 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 21:17 . 2009-09-30 16:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-03-31 20:15 . 2009-11-22 17:21 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-31 18:27 . 2010-01-18 17:25 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 07:46 . 2009-12-13 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2009-12-13 17:08 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 16:11 . 2009-12-13 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-04 23:01 . 2003-03-19 04:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-04 23:01 . 2003-03-19 03:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 23:01 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-03 20:24 . 2010-03-03 20:20 -------- d-----w- c:\documents and settings\Compaq_Owner_3\Application Data\Ahead
2010-03-03 20:17 . 2010-03-03 20:17 -------- d-----w- c:\program files\Nero
2010-02-27 23:14 . 2010-02-27 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-27 23:14 . 2010-02-27 23:14 -------- d-----w- c:\documents and settings\Compaq_Owner_3\Application Data\NCH Swift Sound
2010-02-26 16:39 . 2010-02-26 16:39 -------- d-----w- c:\documents and settings\Compaq_Owner_3\Application Data\ArcSoft
2010-02-04 05:04 . 2009-10-07 22:18 35704 ----a-w- c:\documents and settings\Jellybean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-06 18:16 . 2009-09-30 15:39 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-09-30 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-1-29 45056]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2009-9-30 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 66632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.EXE [2004-08-31 19:54]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{9EBE4621-524D-408D-A373-A4E39A2AD6CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\cscui.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-04-17 09:15:33
ComboFix-quarantined-files.txt 2010-04-17 16:15

Pre-Run: 48,173,494,272 bytes free
Post-Run: 48,138,022,912 bytes free

- - End Of File - - 1D7B7283098289B24D8A27149EBA321A
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
Logs look good. Any sign of the bug?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Ron
  • 0

#7
yahudi

yahudi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i think the BitDefender scanner has gotten rid of it:

BitDefender Online Scanner
Scan path: C:\Documents and Settings\Jellybean\My Documents;C:\Documents and Settings\Compaq_Owner_3\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
01:17:35
Files
245300
Folders
6370
Boot Sectors
0
Archives
14331
Packed Files
12256
Results
Identified Viruses
1
Infected Files
1
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
5664666
Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)
Scan plugins
17
Archive plugins
44
Unpack plugins
8
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status

J:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
Infected with: Worm.Generic.79426

J:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
Deleted


I greatly appreciate you helping me, thank you very much!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,732 posts
  • MVP
Looks like it found an infected USB drive.

You might want to install autorun eater v2.4 to protect your computer from infected USB drives.

http://oldmcdonald.w...orun-eater-v24/

You may not have the latest Java (6 update20). Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

lso make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

You can delete or uninstall any of the tools we had you download and return your system to its original state.

To delete Combofix and its associates folders:

Start, Run, cmd, OK and then type:

"%userprofile%\Desktop\george.exe" /Uninstall



Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP