antivirus2009

Discussion in 'Malware Help (A Specialist Will Reply)' started by becca_maples, Aug 20, 2008.

  1. becca_maples

    becca_maples Private E-2

    i am having serius issues with my computer, and antivirus2009 malware/trojan. I have ran SDFix, and the following is the report, PLEASE HELP!!!


    SDFix: Version 1.218
    Run by Unknown User on Wed 08/20/2008 at 08:01 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\Unknown User\Start Menu\Antivirus 2009\Antivirus 2009.lnk - Deleted
    C:\Documents and Settings\Unknown User\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk - Deleted
    C:\WINDOWS\system32\ieupdates.exe - Deleted
    C:\WINDOWS\system32\winsrc.dll - Deleted



    Folder C:\Documents and Settings\Unknown User\Start Menu\Antivirus 2009 - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-20 20:22:17
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
    "C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LMpdpsrv.exe"="C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LMpdpsrv.exe:*:Disabled:pDP RPC Server"
    "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 23 Apr 1999 129,078 ..SH. --- "C:\LOGO.SYS"
    Sat 28 Jul 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
    Wed 16 Jun 2004 40,960 ...H. --- "C:\Documents and Settings\Unknown User\My Documents\~WRL0001.tmp"
    Sat 16 Aug 2008 143,499 A..H. --- "C:\System Volume Information\_restore{5D5A5551-1920-432E-9B00-745096F75CE8}\RP471\A0057890.exe"
    Thu 26 Jun 2008 173,656 A..H. --- "C:\System Volume Information\_restore{5D5A5551-1920-432E-9B00-745096F75CE8}\RP424\A0043651.exe"
    Mon 21 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT5.tmp"
    Sat 7 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!
     
    becca_maples, Aug 20, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Aug 21, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds