8 major infections together.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by irimpan, Oct 9, 2008.

  1. irimpan

    irimpan Private E-2

    I am working in virus removal support for a softwere.

    I got a customer with 8 mojor infection in one computer. I have the screen shots of the files and list of files.

    I was not able to remove it for the first time.
    Then I had to do it three time.
    I heve the registry entries also. But I cannot provide it over here. Because all of them are Screen shots.

    List of infections:


    Advanced Antivirus

    C:\Program Files\AAV
    C:\Program Files\Aav1
    C:\Program Files\Aav.ooo


    PC Antispy

    C:\Program Files\PC-Antispy
    ASpyStBlk.dll


    rhcehqj0ev5v:

    c:\programfiles\rhcehqj0ev5v\database.dat
    c:\programfiles\rhcehqj0ev5v\license.txt
    c:\programfiles\rhcehqj0ev5v\MFC71.dll
    c:\programfiles\rhcehqj0ev5v\MFC71ENU.dll
    c:\programfiles\rhcehqj0ev5v\Msvcp71.dll
    c:\programfiles\rhcehqj0ev5v\Msvcr71.dll
    c:\programfiles\rhcehqj0ev5v\rhcehqj0ev5v.exe.local



    System Antivirus 2008

    C:\Program Files\sav0
    C:\Program Files\sav1
    C:\Program Files\sav.ooo





    Virus Remover 2008

    C:\Program Files\VirusRemover2008\Viruses.bdt
    C:\Documents and Settings\Owner\Application Data\VirusRemover2008



    Windows antivirus

    C:\program files\ WAV\wav1
    C:\program files\ WAV\wav.ooo




    Win Defender 2008

    C:\program files\WinDefender2008\data.dat
    C:\program files\WinDefender2008\FwHookDrv
    C:\program files\WinDefender2008\Hosts.hst
    C:\program files\WinDefender2008\Manual
    C:\program files\WinDefender2008\Options.xml
    C:\program files\WinDefender2008\ProgLib.dll
    C:\program files\WinDefender2008\Reserve.dat
    C:\program files\WinDefender2008\Rules
    C:\program files\WinDefender2008\Rules.txt
    C:\program files\WinDefender2008\SecCenter
    C:\program files\WinDefender2008\Siren.wav
    C:\program files\WinDefender2008\Support.url
    C:\program files\WinDefender2008\Svo.scf
    C:\program files\WinDefender2008\Vfile
    C:\program files\WinDefender2008\WDefDemo.exe
    C:\program files\WinDefender2008\Web.url
    c:\Program Files\WinDefender2008\Uninstall.exec:\Program iles\WinDefender2008\Uninstall_st_st_.exe

    And some possible files are:

    %UserProfile%\Local Settings\Temp\delwdef2008.bat
    c:\Documents and Settings\All Users\Start Menu\WinDefender 2008 Unregistered
    c:\Documents and Settings\All Users\Start Menu\WinDefender 2008 Unregistered\Launch WinDefender 2008.lnk
    c:\Documents and Settings\All Users\Start Menu\WinDefender 2008 Unregistered\On the web.lnk
    c:\Documents and Settings\All Users\Start Menu\WinDefender 2008 Unregistered\Support.lnk
    c:\Documents and Settings\All Users\Start Menu\WinDefender 2008 Unregistered\Uninstall WinDefender 2008.lnk

    Possible infected registry files:

    HKEY_CURRENT_USER\Software\WinDefender 2008
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDefender 2008
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWHOOKDRV
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FwHookDrv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWHOOKDRV
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FwHookDrv
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinDefender 2008"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "C:\DOCUME~1\BC\LOCALS~1\Temp\delwdef2008.bat"

    Some system 32 files which can be infected.

    C:\WINDOWS\system32\Jupdate-1.6.0_...
    C:\WINDOWS\system32\_c0015652.jpg
    C:\WINDOWS\system32\senekadf.dat
    C:\WINDOWS\system32\senekadf.dll
    C:\WINDOWS\system32\seneka.dat
    C:\WINDOWS\system32\seneka.dll
    C:\WINDOWS\system32\senekaul.dat
    C:\WINDOWS\system32\senekakl.dat
    C:\WINDOWS\system32\senekaerrors.log
    C:\WINDOWS\system32\drivers\seneka.sys
    C:\WINDOWS\system32\akttzn.exe
    C:\WINDOWS\system32\awtoolb.dll
    C:\WINDOWS\system32\bdn.com
    C:\WINDOWS\system32\bsva-egihsg52.exe
    C:\WINDOWS\system32\dpcproxy.exe
    C:\WINDOWS\system32\h@tkeysh@@k.dll
    C:\WINDOWS\system32\rundl1.exe
    C:\WINDOWS\system32\regm64.dll
    C:\WINDOWS\system32\regc64.dll
    C:\WINDOWS\system32\ps1.exe
    C:\WINDOWS\system32\psof1.exe
    C:\WINDOWS\system32\psoft1.exe
    C:\WINDOWS\system32\newsd32.exe
    C:\WINDOWS\system32\netod.exe
    C:\WINDOWS\system32\mwin32.exe
    C:\WINDOWS\system32\mtr2.exe
    C:\WINDOWS\system32\msvchost.exe
    C:\WINDOWS\system32\mssecu.exe
    C:\WINDOWS\system32\msnbho.dll
    C:\WINDOWS\system32\msgp.exe
    C:\WINDOWS\system32\medup020.dll
    C:\WINDOWS\system32\medup012.dll
    C:\WINDOWS\system32\hxiwlgpm.dat
    C:\WINDOWS\system32\hxiwlgpm.exe
    C:\WINDOWS\system32\hoproxy.dll
    C:\WINDOWS\system32\sncntr.exe
    C:\WINDOWS\system32\ssurf022.dll
    C:\WINDOWS\system32\ssvchost.com
    C:\WINDOWS\system32\ssvchost.exe
    C:\WINDOWS\system32\sysreq.exe
    C:\WINDOWS\system32\temp#01.exe
    C:\WINDOWS\system32\thun.dll
    C:\WINDOWS\system32\thun32.dll
    C:\WINDOWS\system32\vbiewer.ocx
    C:\WINDOWS\system32\vbsys.dll
    C:\WINDOWS\system32\winlogonpc.exe
    C:\WINDOWS\system32\winsystem.exe
    C:\WINDOWS\system32\winwgpx.exe
    C:\WINDOWS\system32\luresult.txt
     
    Last edited: Oct 9, 2008
    irimpan, Oct 9, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Oct 9, 2008
    #2
  3. irimpan

    irimpan Private E-2

    Please get me some resolution steps for this ....
     
    irimpan, Oct 12, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You were already given instructions in my first message. If you don't follow them, we cannot help you.
     
    chaslang, Oct 14, 2008
    #4
  5. irimpan

    irimpan Private E-2

    I have a tool which helps me to delete the infectious and unwanted files which includes DLL files which we will not be able to remove using ordinary tools. I used that. Still I am not able to remove any of the infected fles. It was recreating by it self(The files in system 32). Can you suggest any tool to delete DLL files?
     
    Last edited: Oct 15, 2008
    irimpan, Oct 15, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I repeat, if you want our help follow the instructions already given. If you keep doing things on your own, we cannot be help you with any damage you cause to your PC. If you do not attach the requested logs in your next message, this thread will be closed due to lack of cooperation.
     
    chaslang, Oct 17, 2008
    #6
  7. irimpan

    irimpan Private E-2

    I need to tell you something. I am a virus removal technician. And I trust the tools that I use. I thibnk you did not read teh first thread properly. I was able to remove it. But only by third time. If you want to delet this thread, Do it. Not a big deal.
    I was just asking you to gie me some tool to remove that kind of infectious files.
    And I know how to do a virus removal very well. I have made some tools for my selg depending on the infections. Ok. SOme batch files and all, so that I can delete the files very wasily.
    So, do not think I am not able to do sometyhin. OK. I have 2 yersrs of experience in removing virus from customer's computer.
     
    irimpan, Oct 20, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You were already given a procedure to remove them in my first message. If you are an experience malware removal expert you should be able to use the logs provided to then continue to remove any remaining problems on your own.
     
    chaslang, Oct 20, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds