Been trying for 2 days... Please help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ishani, Apr 23, 2006.

  1. ishani

    ishani Private E-2

    I made a stupid mistake and got a zip file with crack which turned to be a virus.
    It forms files edlm.exe and edlm2.exe repeatedly in my system32 folder.
    Also when running in Normal model is packs up my system with thsi edlm2.exe file.
    I followed ALL the steps of all the "READ & RUN me...." but the problem stays. The only software that was detecting the viruses and trojans was "bitdefender" which was great, buy I could not locate the option of saving the report. I will try to run the whole scan again and see why I missed it, as I dont know how to roll back....
    Also in PANDA i could not save the log but it did not find anything.
    Finally I did the HIJACKthis and I will attach the log here, hopefully you can assist.

    Thank you all in advance, I must say your website has guided me very well in this horrible weekend...

    I am running winXP and currently in safe mode

    Ishay
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Step 6 of the READ ME explains exactly how to get a log. You must follow those steps. Run it again but this time run it in normal boot mode. Then attach the log but follow the steps EXACTLY as written or you will not get the correct log (we expect it to be an HTML file with a .txt extension)

    Was your HJT log from safe mode. It seems like it because I do not see NOD antivirus application running but a service for NOD32 is shown later. Do you still have NOD installed? It looks like it is still installed. It should not be if you are using MS One Care. Uninstall NOD or MS Windows One Care because you must only use one AV program.

    Do you know what the below are for?
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
     
    Last edited: Apr 23, 2006
  3. ishani

    ishani Private E-2

    Thank you.
    I managed to make the log last night again. So I attach it here now. (The clean files is just because I pushed on the "show all scanned files" for a second, and cancelled it. This time it did not detect as many files as most were deleted but seems you can understand the ones it did catch.

    Am I supposed to make the HJTin normal mode?

    Untill now everytime I got into normal mode, this virus attacked and filled up my system - edlm2.exe file repeating itself. Will it be safe now?

    It seems my system is more calm now after all the scans but I think some of my programas are damaged (But not sure of that).

    Thanks,
    Ishay
     

    Attached Files:

  4. ishani

    ishani Private E-2

    Sorry didnt see your question.
    I dont know what are
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

    The softwares I have is one webcam and Cannon digital camera (Maybe the first one)

    Ishay
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would like to get some more info on the CameraFixer.exe file. Locate it again using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

    Repeat the above for tsnpstd3.exe

    Also scan those two file with this online file scanner and report the results back here:

    http://virusscan.jotti.org/

    I see no evidence in any of the logs you posted thus far of problems (other then questions on the above). That does not mean that you are clean. It just means nothing has shown in any scans thus far.

    Tell me if you see the below file (make sure viewing of hidden and system files is enabled):
    C:\windows\system32\ldr64.dll

    What about my question about NOD32?
     
  6. ishani

    ishani Private E-2

    CameraFixer.exe -
    The version is 1,0,0,2
    Copyright (C) 2005
    Company - Its empty
    Product name - CameraFixer Application

    (If you think that this one pose a threat, I dont mind deleting it if no harm would happen to my computer. Any damage to programs I can recover later)

    tsnpstd3.EXE - This seems like my webcam software, I think it is ok. I live in China now and I bought it here, "the copy land", nothing here is legit...
    File version:1, 1, 3, 1
    Company: Empty

    The http://virusscan.jotti.org/ you asked me to run reported:
    Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

    The ldr64.dll is not in my computer, but it was before and was cleaned

    For your question regarding NOD32 - yes it is installed and I ran (And still am now) in safe mode. If I have to chose on ANTIvirus I prefer NOD32 so I will uninstall MS one care.

    Thanks, waiting for your instructions on what to do

    Ishay
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Perhaps they are both for your WebCam since they both report no company. As long as everything is working okay, just leave them alone.

    Yes if you prefer NOD32 then uninstall MS Onecare.


    If you are not having any other malware problems, you should work thru the below link:

    How to Protect yourself from malware!
     
    Last edited: Apr 24, 2006
  8. ishani

    ishani Private E-2

    I would like to THANK YOU SO MUCH for the amazing guidance and help you have given.
    This kind of trully professional support done so efficient, quick, and at no cost simply leaves me with no words, but with much appreciation.

    Keep up the good work.

    Ishay
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're quite welcome. Surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds