Stupid Agent.Dropper.DGO crap.

Discussion in 'Malware Help (A Specialist Will Reply)' started by photonerd81, Jan 13, 2008.

  1. photonerd81

    photonerd81 Private E-2

    Yet, yet another person who is dealing with it.

    I looked at other topics on this, but they didn't all seem to apply.

    I attached my HiJackThis log.

    Hopefully, somebody can help me.
     

    Attached Files:

    photonerd81, Jan 13, 2008
    #1
  2. photonerd81

    photonerd81 Private E-2

    No sound after vundo/dropper.agent.dgo removal

    I followed the steps on here, and eventually used HiJackThis and all and got rid of it... But now I don't have any sound in Windows.

    I am cross-posting this to the hardware forum because I'm not sure which is belongs in more.

    Windows Media Player and a few other programs all have sound, but the actual sound in windows doesn't work. Videos don't have sound in explorer, opening a window/folder makes no noise, etc. Also, I use a recording program called n-track, and it tells me me that it cannot use MME buffering and that I do not have a soundcard installed... Or that the one I have installed cannot handle hardware buffering. But, the thing is, it did that quite fine in the past.

    I followed the steps on here, and eventually used HiJackThis and all and got rid of it... But now I don't have any sound in Windows.

    I am cross-posting this to the malware-removal forum because I'm not sure which is belongs in more.

    Windows Media Player and a few other programs all have sound, but the actual sound in windows doesn't work. Videos don't have sound in explorer, opening a window/folder makes no noise, etc. Also, I use a recording program called n-track, and it tells me me that it cannot use MME buffering and that I do not have a soundcard installed... Or that the one I have installed cannot handle hardware buffering. But, the thing is, it did that quite fine in the past.
     
    Last edited by a moderator: Jan 13, 2008
    photonerd81, Jan 13, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: No sound after vundo/dropper.agent.dgo removal

    Welcome to Major Geeks!

    Since we did not tell you to use HJT, we have no idea what you did on your own. Your problems may not be malware related. The best way for us to know is below.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jan 14, 2008
    #3
  4. photonerd81

    photonerd81 Private E-2

    Re: No sound after vundo/dropper.agent.dgo removal

    I used the Malware removal guide, and when I used HJT, I got rid of the VQSTQ.EXE, as suggested in another topic here.

    I had already used AVG to clean my system before that, and by the time I had run CCleaner and Combofix, AVG had nothing to find.

    I should also note that S&D did not work for me. It kept telling me that it could note download updates and it could not run without them.

    I have re-installed the sound drivers on my system and that has not helped.

    Anyway, I included the logs.
     

    Attached Files:

    photonerd81, Jan 14, 2008
    #4
  5. photonerd81

    photonerd81 Private E-2

    I may have found the problem. Combofix quarantined "msacm32.drv" which, according to a quick google search is a sound-mapper driver.

    C:\Qoobox\Quarantine\C\WINDOWS\system32\msacm32.drv.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\000080.exe.vir
    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir
    C:\Qoobox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtstq.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qtstv.ini2.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qtstv.ini.vir
    C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir
     
    photonerd81, Jan 14, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    ComboFix believed that that file was a trojan. See the below info:

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-011017-3705-99&tabid=2

    That is why it removed it. You can rename the file from msacm32.drv.vir back to msacm32.drv and then copy it back into your system32 folder. Then reboot and see if your sound comes back.

    Now uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 6



    Okay now we need to use a new tool.
    • Download and save to RenV.exe from following link to Desktop (must be on the Desktop)
    • Now Copy the bold text in the below quote box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).
    • Now using your mouse, drag Log.txt onto RenV.exe
    • When finished, RenV.exe will produce a new log names Log.txt on your Desktop
    Now run Ccleaner!
    • Now run the C:\MGtools\GetLogs.bat file by double clicking on it.
    Then attach the below new logs:
    • Log.txt from your Desktop
    • C:\MGlogs.zip
    How are things working?
     
    chaslang, Jan 14, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds