Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Aftermath win32:SqlSlammer among others

Started by cardo71 , Jan 07 2010 01:04 PM

  • Please log in to reply

#1
cardo71
Posted 07 January 2010 - 01:04 PM

cardo71

    Member

  • Member
  • PipPip
  • 21 posts
This is my brothers machine. I have cleaned it using malware bytes, avast, and super antispyware; finding over 200 infected objects the last being win32:Sql Slammer in the firewall records.dfl file of netveda firewall which i have recently installed. When updating to SP3, a message came up saying the original versions of C:/Windows/Service Pack Files/i386/rtcdll.man was changed or missing. When inserting the windows disc, it still wasn't found. Continued anyway and it seemed to update successfully. Not sure if this is significant or not. Upon boot up, after windows is loaded, this error pops up: "Error loading 0wao0o9s.dll. The specified module could not be found." Not sure if this dll is necessary and was infected or virus related and removed, but code still exists to try and load when windows starts. I have followed all the instruction on the malware removal page and created all the logs necessary except the OTL log. It begins to scan, then everytime it reaches the scanning of NetSvcs it freezes up and stops responding, which then has to be shut down using the task manager. Here are the logs I could get, these logs are after most of the cleanup was done before i came to your site:

Malware Bytes:

Malwarebytes' Anti-Malware 1.43
Database version: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/06/2010 2:30:12 PM
mbam-log-2010-01-06 (14-30-12).txt

Scan type: Quick Scan
Objects scanned: 102078
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 20:23:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SONYAS~1\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2C576B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2C57574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2C57A52]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF969B803]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2C5714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2C5764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2C5708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2C570F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2C5776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2C5772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2C578AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF2C9F0B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip ipctdixp.sys (Layered TDI Filter/NetVeda LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp ipctdixp.sys (Layered TDI Filter/NetVeda LLC)

---- EOF - GMER 1.0.15 ----


Thank you for your valuable time in this matter and being part of this awesome site that gives people a place to go for help :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP