multiple trojans found-help please

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jan Scrivens, Nov 6, 2010.

  1. Jan Scrivens

    Jan Scrivens Private First Class

    Hello, I originally tagged this problem onto a previous thread but as requested have started again with a new thread. Here is a copy of my posts from the old thread, and the mbam log from 4/11=

    Edit by chaslang: Inline MBAM log removed. Logs need to be attachments.

    Hello Kestrel 13!
    Just when I thought everything was fine, I have started having lots of problems again.
    I ran my regular scans on 4/11 and got some bad results.
    Firstly I ran CCleaner on windows and applications, and also ran the registry cleaner. I backed up before this and have this back up saved.
    I updated and ran SpywareBlaster.
    Next I ran SuperAntiSpyware which found 'Trojan.Agent/Gen-SSHNas[fake alert] in C/WINDOWS/SYSWOW64/SSHNAS21.DLL
    My McAffee routine scan found and removed a Trojan, but I have no details of it. It merely flashed up to say it had been removed and no further action was required.
    Then I ran MalwareBytes Anti-malware and have attached the report which identifies 12 infections inc Trojans.

    Apart from these scans, I have had 2 'blue screen' crashes in 24 hours and various things keep being flagged up as having 'stopped working' eg Skype; Incredimail; desktop.

    I have tried to do a back-up to an external hard drive which I have used for back-ups before, but the back-up will not complete, giving error code 0x800700001.

    I am quite worried now about what has and is happening. The laptop seems to be functioning as normal apart from these things. Can you help me please?

    Because I cannot do a back-up, Ihave just tried to copy and save 'my documents', but when I highlighted the items to copy I got a pop-up box entitled
    MICROSOFT VISUAL C++ DEBUG LIBRARY
    Debug Error
    Program:/C:/Windows/ExplorerEXE
    Module:/C:/Program Files (x86)/EgisTec/MyWinLocker 3/x64/mwl shell ext.dll
    File:Run Time Check Failure[hash]2-Stack around the variable 'sz Temp' was corrupted.
    (Press retry to debug the application)

    I tried retry and got 'windows explorer stopped working'

    I will now work through R&R me first and post the logs asap.
    Thanks

    I have now worked through R&R me first and have done and attached the scans requested.

    Here are some of the error messages I have had over the last 24 hours.
    ON 5/11-
    =I have had 2 'blue screen' crashes

    ='Skype (desktop/Incredimail) has stopped working'

    ='dwm.exe-application error. The application was unable to start correctly (0x0000006)' [happened whilst on the internet]

    ='Google toolbar notifier.exe-application error. The instruction at 0x000000007773F064 referenced memory at 0x00000000 74F11000. The required data was not placed into memory because of an I/O error status of 0xc0000010.'

    =On my external hard drive McAffee scan found 'A0009777.exe Generic.dx!fzz
    File path: E:/systemVolumeInformation/-restore {5D527826-05BD-4A83-8416-28ACDDA14001}RP30

    ON 6/11
    =when I disabled UAC there were no warning messages or system tray alerts

    =during the first SAS scan there was a 'blue screen' crash. scan restarted

    =during second SAS scan 'Application Error- exception E external in module ez PMUtils.dll at 00076250. External exception C0000006.

    =desktop window manager stopped working.

    Sorry this is such a long post but I have tried to include everything which may help.

    I look forward to your comments and thank you in advance.
    Jan
     

    Attached Files:

    Last edited by a moderator: Nov 6, 2010
    Jan Scrivens, Nov 6, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How did you manage to get this PC infected so quickly again? These were all new infections.

    Other than what was already removed, your logs are clean. The problems you are mentioning sound like software problems ( for the Soffware Forum ). Various programs you have installed and also Windows may be having problems. While it is possible that this is some how related to any malware you previously had, it does not seem to be related to any remaining malware. However I will have you run one more scan just to be safe.


    Download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    If the above does not find anything, you may wish to try a System Restore or possibly try reinstalling some of the applications that you are having problems with.
     
    chaslang, Nov 6, 2010
    #2
  3. Jan Scrivens

    Jan Scrivens Private First Class

    Hello, thanks very much for the quick response.
    Sorry if I did the wrong thing by putting the scan details in my post. Because I had already uploaded it into the old thread I was not allowed to upload it again into this one.
    I have no idea where these infections could have come from. After my last postings with MG's I ran through the "how to protect yourself from malware" information you give, and thought I should be fine. When you say "software" what exactly do you mean could be the problem? What should I check?
    I don't download films / music etc from the internet and only go onto MaAfee approved sites.
    I have an external hard drive which I use for back ups and storage of films and photo's etc. Will this be infected too? and will it reinfect the laptop if I use it?
    Would a system restore possibly go back to one which is infected?
    I have attached the tdsskiller.log as requested.
    Really do appreciate your help.
    Jan
     

    Attached Files:

    Jan Scrivens, Nov 7, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your TDSSkiller log is clean.
    As stated in those instructions, those are good steps but there is no 100% guaranteed solution and all security begins and ends witht the users of the PCs. When you did not follow up immediately with Kestrel13! final instructions, you may have just been the source of spreading your problems again. Cleaning steps have to be followed expediantly and all the way thru to completion with no delays. Also the PC should not be used for anything else from the time you start the cleaning until you finish. Doing otherwise complicates cleanup and could just spread the infection.

    Which ever software ( programs ) you are having problems with.

    Possibly it is infected or could even be the source of your reinfection. There are many many infections that spread via removable devices ( hard disk, flash drives, cameras, iPODs,.....etc ). This is one of the reasons the How to protect thread suggests that autorun be disabled since it is a major source of spreading infections. If you had an autorun type infection (and some of the file names you had look similar to some of these types of infections ) then it is possible that every writeable removable device you plugged into your PC are infected. And in addition, every PC that you plugged your removable devices into, could also be infected. I'm not conclusively saying your devices are infected but it is a possibility and you should run scans on them and on ALL PCs they have been plugged into.

    You can go back to the restore point that was created when you followed the final instructions you were given last time when your PC was declared clean. If however, you delayed in following those final instructions ( looks like you did delay since between Kestrel13! instructions and your reply it took about 6 weeks ) or you had plugged in an infected device before following those instructions then even that restore point may be infected. The only way to know if it will help resolve your problems ( it may not ) and to know if it is infected, is by trying.
     
    Last edited: Nov 7, 2010
    chaslang, Nov 7, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds