MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 04-23-06, 14:24
ishani's Avatar
ishani ishani is offline
Private First Class
 
Join Date: Apr 2006
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Default Been trying for 2 days... Please help

I made a stupid mistake and got a zip file with crack which turned to be a virus.
It forms files edlm.exe and edlm2.exe repeatedly in my system32 folder.
Also when running in Normal model is packs up my system with thsi edlm2.exe file.
I followed ALL the steps of all the "READ & RUN me...." but the problem stays. The only software that was detecting the viruses and trojans was "bitdefender" which was great, buy I could not locate the option of saving the report. I will try to run the whole scan again and see why I missed it, as I dont know how to roll back....
Also in PANDA i could not save the log but it did not find anything.
Finally I did the HIJACKthis and I will attach the log here, hopefully you can assist.

Thank you all in advance, I must say your website has guided me very well in this horrible weekend...

I am running winXP and currently in safe mode

Ishay
Attached Files
File Type: log hijackthis.log (5.1 KB, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 04-23-06, 20:39
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,314
Thanks: 61
Thanked 7,639 Times in 4,113 Posts
Default Re: Been trying for 2 days... Please help

Quote:
Originally Posted by ishani
The only software that was detecting the viruses and trojans was "bitdefender" which was great, buy I could not locate the option of saving the report. I will try to run the whole scan again and see why I missed it, as I dont know how to roll back..
Step 6 of the READ ME explains exactly how to get a log. You must follow those steps. Run it again but this time run it in normal boot mode. Then attach the log but follow the steps EXACTLY as written or you will not get the correct log (we expect it to be an HTML file with a .txt extension)

Was your HJT log from safe mode. It seems like it because I do not see NOD antivirus application running but a service for NOD32 is shown later. Do you still have NOD installed? It looks like it is still installed. It should not be if you are using MS One Care. Uninstall NOD or MS Windows One Care because you must only use one AV program.

Do you know what the below are for?
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 04-23-06 at 20:48..
Reply With Quote
  #3  
Old 04-23-06, 21:06
ishani's Avatar
ishani ishani is offline
Private First Class
 
Join Date: Apr 2006
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Been trying for 2 days... Please help

Thank you.
I managed to make the log last night again. So I attach it here now. (The clean files is just because I pushed on the "show all scanned files" for a second, and cancelled it. This time it did not detect as many files as most were deleted but seems you can understand the ones it did catch.

Am I supposed to make the HJTin normal mode?

Untill now everytime I got into normal mode, this virus attacked and filled up my system - edlm2.exe file repeating itself. Will it be safe now?

It seems my system is more calm now after all the scans but I think some of my programas are damaged (But not sure of that).

Thanks,
Ishay
Attached Files
File Type: txt bdscan.txt (21.3 KB, 1 views)
Reply With Quote
  #4  
Old 04-23-06, 21:11
ishani's Avatar
ishani ishani is offline
Private First Class
 
Join Date: Apr 2006
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Been trying for 2 days... Please help

Sorry didnt see your question.
I dont know what are
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

The softwares I have is one webcam and Cannon digital camera (Maybe the first one)

Ishay
Reply With Quote
  #5  
Old 04-23-06, 23:14
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,314
Thanks: 61
Thanked 7,639 Times in 4,113 Posts
Default Re: Been trying for 2 days... Please help

Quote:
Originally Posted by ishani
Sorry didnt see your question.
I dont know what are
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

The softwares I have is one webcam and Cannon digital camera (Maybe the first one)
I would like to get some more info on the CameraFixer.exe file. Locate it again using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

Repeat the above for tsnpstd3.exe

Also scan those two file with this online file scanner and report the results back here:

http://virusscan.jotti.org/

I see no evidence in any of the logs you posted thus far of problems (other then questions on the above). That does not mean that you are clean. It just means nothing has shown in any scans thus far.

Tell me if you see the below file (make sure viewing of hidden and system files is enabled):
C:\windows\system32\ldr64.dll

What about my question about NOD32?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 04-24-06, 11:01
ishani's Avatar
ishani ishani is offline
Private First Class
 
Join Date: Apr 2006
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Been trying for 2 days... Please help

CameraFixer.exe -
The version is 1,0,0,2
Copyright (C) 2005
Company - Its empty
Product name - CameraFixer Application

(If you think that this one pose a threat, I dont mind deleting it if no harm would happen to my computer. Any damage to programs I can recover later)

tsnpstd3.EXE - This seems like my webcam software, I think it is ok. I live in China now and I bought it here, "the copy land", nothing here is legit...
File version:1, 1, 3, 1
Company: Empty

The http://virusscan.jotti.org/ you asked me to run reported:
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

The ldr64.dll is not in my computer, but it was before and was cleaned

For your question regarding NOD32 - yes it is installed and I ran (And still am now) in safe mode. If I have to chose on ANTIvirus I prefer NOD32 so I will uninstall MS one care.

Thanks, waiting for your instructions on what to do

Ishay
Reply With Quote
  #7  
Old 04-24-06, 13:36
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,314
Thanks: 61
Thanked 7,639 Times in 4,113 Posts
Default Re: Been trying for 2 days... Please help

Quote:
Originally Posted by ishani
CameraFixer.exe -
The version is 1,0,0,2
Copyright (C) 2005
Company - Its empty
Product name - CameraFixer Application

(If you think that this one pose a threat, I dont mind deleting it if no harm would happen to my computer. Any damage to programs I can recover later)

tsnpstd3.EXE - This seems like my webcam software, I think it is ok. I live in China now and I bought it here, "the copy land", nothing here is legit...
File version:1, 1, 3, 1
Company: Empty
Perhaps they are both for your WebCam since they both report no company. As long as everything is working okay, just leave them alone.

Quote:
Originally Posted by ishani
For your question regarding NOD32 - yes it is installed and I ran (And still am now) in safe mode. If I have to chose on ANTIvirus I prefer NOD32 so I will uninstall MS one care.
Yes if you prefer NOD32 then uninstall MS Onecare.


If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 04-24-06 at 13:52..
Reply With Quote
  #8  
Old 04-25-06, 22:36
ishani's Avatar
ishani ishani is offline
Private First Class
 
Join Date: Apr 2006
Posts: 34
Thanks: 3
Thanked 0 Times in 0 Posts
Thumbs up Re: Been trying for 2 days... Please help

I would like to THANK YOU SO MUCH for the amazing guidance and help you have given.
This kind of trully professional support done so efficient, quick, and at no cost simply leaves me with no words, but with much appreciation.

Keep up the good work.

Ishay
Reply With Quote
  #9  
Old 04-26-06, 00:10
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,314
Thanks: 61
Thanked 7,639 Times in 4,113 Posts
Default Re: Been trying for 2 days... Please help

You're quite welcome. Surf safely!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:26.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger