Показано с 1 по 14 из 14.

Have malicious processes running

  1. #1
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57

    Have malicious processes running

    I'm not a computer noob, but I'm unable to turn off system restore which I'm pretty sure where these malware etc.. are hiding. Anyway, some of the problems I've been having are: Taskmanager (alt+ctrl+del and ctrl+shift+esc iddnt work) didn't work until I ran spybot search and destroy, no start menu, no sound, cant copy and paste, generally slow booting up.

    I've done most scans, avast, panda, trendmicro, ewido, avg, sdfix and spybot. I can't install some things just because windows installer doesn't work sometimes, or program just doesnt work like Cmodo. Thank god for Bootsafe! So I kinda ran out of options, so hopefully someone could help. Much appreciated!! No sound has been driving me nuts whilst studying XD Thanks!!
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    It is not good idea to install every "anti" program that you may find. Now you have a lot of junk. The best way to protect your computer-it is a way of using it You can start by creation a limited user account and don't forget all updates Of cause, it should be done on clean system.
    The easiest way to solve your problem: to format disk c and start new life in new & more secured way. But, we in virusinfo.info prefers a harder way, it is more interesting
    We can try to cure your system, but no guarantee that your system will be perfect.To much junk.
    First of all, please disable/uninstall all your antivirus/antispyware etc, and internet /network connection.
    Execute script in AVZ
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    DelBHO('{09EB15FA-17D8-4D60-8598-3F549A848DF2}');
     QuarantineFile('C:\WINDOWS\system32\JMRaidTool.exe','');
     QuarantineFile('C:\WINDOWS\System32\browseui.dll','');
     QuarantineFile('C:\WINDOWS\KHALMNPR.EXE','');
     QuarantineFile('C:\WINDOWS\RTHDCPL.EXE','');
     QuarantineFile('C8FFD223.dll','');
     QuarantineFile('B3721C07.dll','');
     QuarantineFile('Ati2evxx.dll','');
     QuarantineFile('9F684DE8.dll','');
     QuarantineFile('9CA963CA.dll','');
     QuarantineFile('5243F5FA.dll','');
     QuarantineFile('43ACDCC5.dll','');
     QuarantineFile('3F21AA0C.dll','');
     QuarantineFile('2EF0D734.dll','');
     QuarantineFile('122B901E.dll','');
     QuarantineFile('08223B03.dll','');
     QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys','');
     QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfdcd.sys','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\HTTP.sys','');
     QuarantineFile('C:\WINDOWS\system32StopAor.exe','');
     QuarantineFile('C:\WINDOWS\system32\d7b49fa.sys','');
     QuarantineFile('C:\WINDOWS\system32\ca99d57.sys','');
     QuarantineFile('C:\WINDOWS\system32\c39e8db.sys','');
     QuarantineFile('C:\WINDOWS\system32\AWINDIS5.SYS','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\aliimz','');
     QuarantineFile('C:\WINDOWS\System32\win32k.sys','');
     QuarantineFile('C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho','');
     DeleteFile('C:\WINDOWS\system32StopAor.exe');
     DeleteFile('C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho');
     DeleteFile('C:\WINDOWS\system32\c39e8db.sys');
     DeleteFile('C:\WINDOWS\system32\ca99d57.sys');
     DeleteFile('C:\WINDOWS\system32\d7b49fa.sys');
     DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jfdcd.sys');
     DeleteFile('C:\WINDOWS\system32\Drivers\aliimz');
    BC_DeleteSvc('jfdcd');
    BC_DeleteSvc('d7b49fa');
    BC_DeleteSvc('ca99d57');
    BC_DeleteSvc('ca9e8db');
    BC_ImportAll;
    ExecuteSysClean;
    ExecuteRepair(1);
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(12);
    ExecuteRepair(16);
    ExecuteRepair(17);
    BC_Activate;
    RebootWindows(true);
    end.
    After this, system will restart automatically. I believe, only then you will be able to switch off system restore.
    Your next step:
    lunch Hijackthis - and fix all 016, 021 - there are too much junk.
    And after all please make a new logs, but remember to unable your antivirus/antyspyware befere execution any script in avz. We shall continue
    Quarantine should be uploaded by: http://virusinfo.info/upload_virus_eng.php?tid=34061
    Please read app#3 in our rules.
    Последний раз редактировалось drongo; 18.11.2008 в 18:20.

  3. #3
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    Woo did as you said and finally got my start menu back! Thanks! Can't turn off system restore yet though haha. I usually uninstall the the virus checkers after I use them.
    Последний раз редактировалось errr; 19.11.2008 в 13:37.

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Pls. update the database by AVZ, disable system restore and repeat 3 log files.

  5. #5
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    Windows doesn't let me turn off System restore, even after I reboot, or in safe mode, I updated though and reattached the 3 logs.
    Последний раз редактировалось errr; 20.11.2008 в 07:16.

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, now you can boot normally ? we need logs in normal mode, there are more malware that we need to eliminate

  7. #7
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    My bad, redid it in normal mode. Thanks again
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, finally i did finished your next script, your case is hard, but interesting
    Please close, as much programs as you can, including "anti", internet connection.
    Execute script in AVZ:
    Код:
    begin
    ClearQuarantine;
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    DelCLSID('08223B03-1B38-4A33-A83A-A4D3CC1D6E4E');
    DelCLSID('122B901E-493F-4AD9-BC69-7DE8C3E52FCC');
    DelCLSID('2EF0D734-21FD-4225-A1A2-BCD296182AAF');
    DelCLSID('3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01');
    DelCLSID('43ACDCC5-9009-4AF4-B80A-93BC656EF298');
    DelCLSID('5243F5FA-75D6-4469-90A8-A181E2AAAA5B');
    DelCLSID('58FF3024-8A83-4B1A-88E9-302F47646EEE');
    DelCLSID('5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40');
    DelCLSID('59964D2B-044A-40AE-8837-0ED9EE8BDA08');
    DelCLSID('66AFCB56-FAA9-42D2-8C72-2767A46C7FA8');
    DelCLSID('70B0129E-726E-4789-A7C0-5DDC33241E94');
    DelCLSID('9CA963CA-107C-4089-B0AB-31380F90D7E3');
    DelCLSID('9F684DE8-3E87-4174-9033-E02A3DFD8B61');
    DelCLSID('B3721C07-62B3-411A-9DC7-F5F27E3E21FF');
    DelCLSID('C8FFD223-C0FB-40C5-94A0-FD7891AC18E9');
    DelCLSID('D7C79813-9233-4AE0-832C-99B2E8019673');
    DelCLSID('DA63E650-537C-4042-87BB-9D19D844680B');
    DelCLSID('E3367679-4775-4244-A62E-4CFE58FC850B');
    DelCLSID('E4814792-EFA3-4C20-93D0-8B130A59F9A8');
    DelCLSID('F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C');
     QuarantineFile('C:\WINDOWS\system32\08223B03.dll','');
     QuarantineFile('C:\WINDOWS\system32\122B901E.dll','');
     QuarantineFile('C:\WINDOWS\system32\2EF0D734.dll','');
     QuarantineFile('C:\WINDOWS\system32\3F21AA0C.dll','');
     QuarantineFile('C:\WINDOWS\system32\43ACDCC5.dll','');
     QuarantineFile('C:\WINDOWS\system32\5243F5FA.dll','');
     QuarantineFile('C:\WINDOWS\system32\58FF3024.dll','');
     QuarantineFile('C:\WINDOWS\system32\5934EA2B.dll','');
     QuarantineFile('C:\WINDOWS\system32\59964D2B.dll','');
     QuarantineFile('C:\WINDOWS\system32\66AFCB56.dll','');
     QuarantineFile('C:\WINDOWS\system32\70B0129E.dll','');
     QuarantineFile('C:\WINDOWS\system32\9CA963CA.dll','');
     QuarantineFile('C:\WINDOWS\system32\9F684DE8.dll','');
     QuarantineFile('C:\WINDOWS\system32\Ati2evxx.dll','');
     QuarantineFile('C:\WINDOWS\system32\B3721C07.dll','');
     QuarantineFile('C:\WINDOWS\system32\C8FFD223.dll','');
     QuarantineFile('C:\WINDOWS\system32\D7C79813.dll','');
     QuarantineFile('C:\WINDOWS\system32\DA63E650.dll','');
     QuarantineFile('C:\WINDOWS\system32\E3367679.dll','');
     QuarantineFile('C:\WINDOWS\system32\E4814792.dll','');
     QuarantineFile('C:\WINDOWS\system32\F2CBFAC4.dll','');
     QuarantineFile('C:\WINDOWS\system32\System.exe','');
     QuarantineFile('C:\Program Files\ABIT\BlackBox\WinFlash.sys','');
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\wpdusb.sys','');
     DeleteService('TCCrystalCpuInfo');
     QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\RDPWD.sys','');
     QuarantineFile('C:\WINDOWS\System32\Drivers\NetPeeker.sys','');
     QuarantineFile('C:\WINDOWS\system32\Drivers\aliimz.sys','');
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\srv.sys','');
     QuarantineFile('C:\WINDOWS\system32\drivers\uGuru.sys','');
     QuarantineFile('C:\WINDOWS\system32\quartz.dll','');
     QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3075.39002__90ba9c70f846762e\CCC.Implementation.dll','');
     QuarantineFile('C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll','');
     QuarantineFile('C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll','');
     QuarantineFile('C:\Program Files\MagicTune Premium\IPROFILE.dll','');
     QuarantineFile('C:\Program Files\MagicTune Premium\DPROFILE.dll','');
     QuarantineFile('C:\Program Files\MagicTune Premium\DEVICEINTERFACE.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\libs\piclens19.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\libs\freetype.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\libs\avutil-49.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\libs\avformat-52.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\libs\avcodec-51.dll','');
     QuarantineFile('C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\clw52hc3.default\extensions\[email protected]\components\piclensstub.dll','');
     DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TCCpuInfo.sys');
     DeleteFile('C:\WINDOWS\system32\System.exe');
     DeleteFile('C:\WINDOWS\system32\F2CBFAC4.dll');
     DeleteFile('C:\WINDOWS\system32\E4814792.dll');
     DeleteFile('C:\WINDOWS\system32\E3367679.dll');
     DeleteFile('C:\WINDOWS\system32\DA63E650.dll');
     DeleteFile('C:\WINDOWS\system32\D7C79813.dll');
     DeleteFile('C:\WINDOWS\system32\C8FFD223.dll');
     DeleteFile('C:\WINDOWS\system32\B3721C07.dll');
     DeleteFile('C:\WINDOWS\system32\Ati2evxx.dll');
     DeleteFile('C:\WINDOWS\system32\9F684DE8.dll');
     DeleteFile('C:\WINDOWS\system32\9CA963CA.dll');
     DeleteFile('C:\WINDOWS\system32\70B0129E.dll');
     DeleteFile('C:\WINDOWS\system32\66AFCB56.dll');
     DeleteFile('C:\WINDOWS\system32\59964D2B.dll');
     DeleteFile('C:\WINDOWS\system32\5934EA2B.dll');
     DeleteFile('C:\WINDOWS\system32\58FF3024.dll');
     DeleteFile('C:\WINDOWS\system32\5243F5FA.dll');
     DeleteFile('C:\WINDOWS\system32\43ACDCC5.dll');
     DeleteFile('C:\WINDOWS\system32\3F21AA0C.dll');
     DeleteFile('C:\WINDOWS\system32\2EF0D734.dll');
     DeleteFile('C:\WINDOWS\system32\122B901E.dll');
     DeleteFile('C:\WINDOWS\system32\08223B03.dll');
    BC_ImportAll;
    ExecuteRepair(1);
    ExecuteRepair(2);
    ExecuteRepair(3);
    ExecuteRepair(5);
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(12);
    ExecuteRepair(16);
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    Please upload quarantine: http://virusinfo.info/upload_virus_eng.php?tid=34061
    Your explorer settings, a wallpaper... will be reset to system default, so-
    Please try to disable system restore in this time.It is important.

    Next step, i suggest you to download the latest avptool and drweb cureit - they both have good curing and detection ability.
    And make full scanning for all your disks, better in safe mode.( separately of cause, don't even think about running them together )
    After that, please make a new logs, as you did before. I want to see the progress.
    P.S.
    You have a traces from different worms and trojans, some of them are with keyloging ability.
    So, don't forget to change all your passwords ( email, forums,e-banking accounts, IM , etc)
    P.P.S. If you want to give some $$$, don't give it to the criminals, you are always welcome to donate us in order to improve our service.
    Последний раз редактировалось drongo; 20.11.2008 в 18:46.

  9. #9
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    Still can't turn off System restore. =[ But still uploaded quarantine and logs are attached
    Вложения Вложения

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Looks much more clean
    Did you scan your system with avptool, cureit ? You didn't told me.
    Execute this one:
    Код:
    begin
    ClearQuarantine;
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('c:\windows\System32\Drivers\Parport.SYS','');
     DeleteService('aliimz');
     DeleteFile('C:\WINDOWS\system32\Drivers\aliimz.sys');
    BC_ImportAll;
    BC_DeleteSvc('aliimz');
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
    Please upload new quarantine: http://virusinfo.info/upload_virus_eng.php?tid=34061

    Then, please run an avz and do activation of avzpm( in main menu bar of avz, click on AVZPM-> click on install extended monitoring driver. Click on ok, if you will be asked.
    Make sure to reboot your computer! )
    Only after that, run an avz and execute just Standard script N3 (a newer virusinfo_syscure.zip should be created)
    Please attach it to your next post.
    Последний раз редактировалось drongo; 22.11.2008 в 12:30.

  11. #11
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    Yep, scanned with both of those. Unfortunately sound doesn't work and still can't turn off system restore. =\ Thanks for the help!
    Вложения Вложения

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, avz will not be useful to us here, please remove avzpm and reboot.
    But the original(the first log of cureit) might be helpful in future investigation.
    By default, it should be in your windows profile
    zipp it and please attache to next post.
    Also, you should make a log with GMER and attach it too ( Link for download: http://www.gmer.net/gmer.zip
    )
    Последний раз редактировалось drongo; 23.11.2008 в 22:19.

  13. #13
    Junior Member Репутация
    Регистрация
    18.11.2008
    Сообщений
    7
    Вес репутации
    57
    I attached two for you Thanks!
    Вложения Вложения
    • Тип файла: log scan.log (7.5 Кб, 4 просмотров)
    • Тип файла: zip CureIt.zip (184.6 Кб, 2 просмотров)

  14. #14
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, they doesn't helped us to find more interesting things.
    It is good sign, the final avz log is clean.
    In order to solve the "system restore problem" try the Microsoft help guide: http://support.microsoft.com/?scid=k...83073&x=14&y=9
    I believe, the 3-method is more useful.

    Did you checked in services? (Start-> Control Panel-> Administrative Tools -> Services.)
    System restore services should be in start up type in "disabled", in "state"- nothing.
    If it's "state" is running, please select it, click on stop button.In start up type please select "disabled"
    Restart your computer.



    P.S. Don't forget to update windows, sp3 and other critical updates.
    Последний раз редактировалось drongo; 26.11.2008 в 14:26.

Похожие темы

  1. My PC is infected by a malicious software
    От littlesmall в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 26.08.2010, 19:23
  2. Crashing processes
    От sajid_frm в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 14.08.2010, 10:33
  3. Detected DNS query of malicious domain
    От nmk2002 в разделе Помогите!
    Ответов: 6
    Последнее сообщение: 30.04.2009, 21:51
  4. Check for malicious tools,spywares
    От Swapnil Gujar в разделе Malware Removal Service
    Ответов: 3
    Последнее сообщение: 23.11.2008, 03:24
  5. Neutralising and deleting malicious files
    От NickGolovko в разделе FAQ
    Ответов: 0
    Последнее сообщение: 02.08.2007, 20:20

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01472 seconds with 18 queries