Usbuhci.sys and TROJAN~1.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Aida, Oct 6, 2005.

  1. Aida

    Aida Private E-2

    Please help. Apparently this is a password stealer. I've done all the *by the number* scans and have given up on A-V. Help, please!

    Thanks!
     
    Aida, Oct 6, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Oct 7, 2005
    #2
  3. Aida

    Aida Private E-2

    Thank you, chaslang, on my way to re-do all the steps but wanted to touch base in case I'm unable to get back to the forum. I've had a lot of difficulty accessing member forums for several days. If not for this I would have posted much sooner.
     
    Aida, Oct 7, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you mean just on majorgeeks? Or are you having problems in general everywhere?
     
    chaslang, Oct 7, 2005
    #4
  5. Aida

    Aida Private E-2

    Everywhere in general.
    Thanks for your patience, it took awhile to cover all the steps.
     

    Attached Files:

    Aida, Oct 7, 2005
    #5
  6. Aida

    Aida Private E-2

    If the HJT file looks sparse it's because I just reinstalled XP a couple of days ago. I also installed SP2 and all the Windows updates the same day but the log says SP1. Even more bizarre is the line in the log that mentions AOL. I've had a cable connection for well over a year. AOL shipped with this computer but I never had any need to execute it.

    I had this computer, one other and a printer on a wireless home network on a Linksys BEFW11S4 router which worked perfectly, never went offline until about a week ago. I checked the settings and sure enough, it was broadcasting SSID and the Wep encryption had vanished. I kinda think I got war driven. The router's got a little age on it now so maybe it was easy to get into. I'm sure I'll never know. Are you familiar with FIPS? I found it installed in Firefox's advanced settings which compelled me to go ahead and reinstall XP.

    I'd just like to salvage this machine. And get on with an overdue education in security and hardening. If you have any ideas I'd be very happy to try them out.
     
    Aida, Oct 7, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are not running WinXP SP2. It has not been installed. It looks like you need to authenticate your WinXP version with MS update. Your log is totally bare bones and there is nothing to look at. All I can say is you need to follow all the steps in the below:

    How to Protect yourself from malware!

    I'm not familiar with FIPS. Is this: Federal Information Processing Standards or First nondestructive Interactive Partition Splitting?
     
    chaslang, Oct 7, 2005
    #7
  8. Aida

    Aida Private E-2

    Yes, I know I'm not running SP2. It was on the computer when I bought it and I downloaded and installed it along with all the other updates, patches, etc after each XP reinstall. I followed all the steps in the article not just last night prior to posting my bare bones log but several times prior.

    This sure has made my life confusing. And frantic. I'm going to re-do the scans and post all the logs if that's okay. Please, try to bear with me, I'm a little spooked. Yes, FIPS the partition splitter.

    Thanks again, I know this isn't easy and I appreciate your help. I hope I can bring you something more to go on.
     
    Aida, Oct 7, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I did not say to rerun the scans! I said to run all the steps in this: How to Protect yourself from malware! The scans are not going to find anything because you have no apparent infection. Afterall you just formatted your system. You would expect it to be clean but it will not be for long without getting updates and protection in place.

    The first step there is to goto Windows Update where you will have to get your copy of Windows XP authenticated and you will have to install some new stuff from Microsoft along the way. After getting your system validated a line like below should appear in your HJT log.

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    You will not be able to update unless your OS is validated.
     
    chaslang, Oct 7, 2005
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds