Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

got infectected with heur


  • Please log in to reply

#16
idapnam

idapnam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok. Got it now
Log.txt
Spoiler



ComboFix.txt
Spoiler

  • 0

Advertisements


#17
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
don't post the logs like that


Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    c:\windows\system32\domain.exe
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\sfcfiles.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#18
idapnam

idapnam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
had to remove [resethosts] again to be able to run the command.
here goes the results:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\USER\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\USER\Desktop\cmd.txt deleted successfully.
c:\windows\system32\domain.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2908531 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 3690 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92559688 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 19017 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: USER
->Temp folder emptied: 854506 bytes
->Temporary Internet Files folder emptied: 308702 bytes
->Java cache emptied: 50206129 bytes
->FireFox cache emptied: 40662437 bytes
->Apple Safari cache emptied: 4799488 bytes
->Opera cache emptied: 16971533 bytes
->Flash cache emptied: 256236 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64396 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 202.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.16.1 log created on 09242010_234155

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#19
idapnam

idapnam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
VirSCAN.org Scanned Report :
Scanned time : 2010/09/24 23:58:57 (PHT)
Scanner results: Scanners did not find malware!
File Name : sfcfiles.dll
File Size : 1614848 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 362bc5af8eaf712832c58cc13ae05750
SHA1 : c8c2d44f34115f27f10bc435dd986d4eff00fe3f
Online report : http://virscan.org/r...16e9e3bba3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100922232349 2010-09-22 6.18 -
AhnLab V3 2010.09.16.01 2010.09.16 2010-09-16 2.29 -
AntiVir 8.2.4.66 7.10.12.29 2010-09-24 0.29 -
Antiy 2.0.18 20100923.5237653 2010-09-23 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201009240438 2010-09-24 1.34 -
AVAST! 4.7.4 100923-1 2010-09-23 0.08 -
AVG 8.5.850 271.1.1/3156 2010-09-24 0.27 -
BitDefender 7.90123.6451632 7.34018 2010-09-24 4.73 -
ClamAV 0.96.1 12018 2010-09-24 0.26 -
Comodo 4.0 6166 2010-09-22 1.28 -
CP Secure 1.3.0.5 2010.09.24 2010-09-24 0.45 -
Dr.Web 5.0.2.3300 2010.09.24 2010-09-24 9.77 -
F-Prot 4.4.4.56 20100923 2010-09-23 1.38 -
F-Secure 7.02.73807 2010.09.24.05 2010-09-24 0.18 -
Fortinet 4.1.143 12.381 2010-09-22 0.23 -
GData 21.885/21.352 20100923 2010-09-23 9.26 -
ViRobot 20100922 2010.09.22 2010-09-22 0.11 -
Ikarus T3.1.32.15.0 2010.09.24.76795 2010-09-24 4.92 -
JiangMin 13.0.900 2010.08.30 2010-08-30 1.74 -
Kaspersky 5.5.10 2010.09.24 2010-09-24 0.13 -
KingSoft 2009.2.5.15 2010.9.22.7 2010-09-22 1.06 -
McAfee 5400.1158 6115 2010-09-23 32.60 -
Microsoft 1.6201 2010.09.23 2010-09-23 6.41 -
Norman 6.05.11 6.05.00 2010-09-02 8.01 -
Panda 9.05.01 2010.09.21 2010-09-21 4.98 -
Trend Micro 9.120-1004 7.488.06 2010-09-24 0.08 -
Quick Heal 11.00 2010.09.21 2010-09-21 3.63 -
Rising 20.0 22.66.00.07 2010-09-20 2.03 -
Sophos 3.11.2 4.57 2010-09-24 4.83 -
Sunbelt 3.9.2450.2 6908 2010-09-21 14.19 -
Symantec 1.3.0.24 20100923.003 2010-09-23 0.10 -
nProtect 20100922.02 9169085 2010-09-22 10.19 -
The Hacker 6.7.0.0 v00027 2010-09-21 1.90 -
VBA32 3.12.14.1 20100924.0943 2010-09-24 3.23 -
VirusBuster 4.5.11.10 10.128.8/2035165 2010-09-23 2.51 -
  • 0

#20
idapnam

idapnam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
anyone who can help pls?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP