Suspicious, there is something still wrong.

DamselnDistress · Oct 3, 2006

Hi Guys,
Great site, don't know what would of happened if I hadn't of found it!!
My Zone Security Suite detected but could not remove Win32.Alcan.I
I tried to search known sites like symantec etc for solution but nothing specific enough that did anything useful. After several hours of frustration I gave up and did a System Recovery. ( would of helped at that stage to know about the uncheck/check tip - but can't change the past so..)
Seemed okay at first but something felt a bit off. I found your site and did your checklist of to do's. The only thing I could not do was run the PandaActiveScan. Probably to do with the false positive thing, with Zone but not that much of a risk taker just now. Can you please check out my logs and double check if my system needs any more attention ?? I am not too sure about what I am looking at, but there were a couple of items in the HJT log that looked a bit suspect to me??

DamselnDistress · Oct 3, 2006

This is the other log I collected along the way. Bitdefender came up clean but it said to post it anyway so, here it is. Let me know if I am missing any other logs??

DamselnDistress · Oct 4, 2006

The other thing I have noticed is that I am getting alot of error messages telling me I do not have permission to access some files/folders, etc. I didn't seem to have this problem before?? Also when I am connected to internet, there still seems to be some traffic activity when I don't really have alot going on? Anyone had a chance to look over my logs yet. I need to reinstall some software and some hardware drivers but I want to make sure my system is okay first. Would really appreciate some feedback

chaslang · Oct 4, 2006

When you say you did a System Recovery, what do you mean? Do you mean you have a System Recovery disk that you got with your PC and you used it? This brings you back to a point like the PC was shipped too you. Thus anything that you had installed or changed since getting your PC is not going to work anymore.

Do you use any type of license management software? The reason I ask is because of the below files that are shown in your ShowNew.
Code:
C:\WINDOWS\system32\
clauth1.dll    3 Oct 2006        1025  "clauth1.dll
clauth2.dll    3 Oct 2006        1025  "clauth2.dll
lsprst7.dll    3 Oct 2006         205  "lsprst7.dll
ssprs.dll      3 Oct 2006          73  "ssprs.dll
sysprs7.dll    3 Oct 2006        1025  "sysprs7.dll
These file show up in some places as being malware and in others as being related to valid software related to a license manager. Sometime they are related to the LinuX OS but you are not running Linux on this PC are you? This license management software may not be something you knowingly installed. It may be part of a game or something else you installed on October 3rd. It could even be related to the below that I found being referenced:

RainBow Sentinel LM is a small "tool" that adds to our programs a complete system of protection based on archives of licenses, periods of evaluation and other mechanisms to avoid an undesired use of software at the time of distributing it (as the use during long periods of time).
Click to expand...

You have no other malware issues but we can fix the below things.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
After clicking Fix, exit HJT.

Then uninstall the below old version of Sun Java
Java 2 Runtime Environment, SE v1.4.2_03

Are you currently having any malware problems?

DamselnDistress · Oct 5, 2006

Thanks for the response. When I referred to System Recovery I meant F10 at at startup. When I got the PC, I made a set of recovery discs aswell but didn't use those. My Disk has 2 logical drives and 95% of the D: is the allocated recovery partition as per original supply when I got the thing. I have run it once before when my comp kept restarting and not had any issues. I am not too fussed about having to reinstall software and my data stayed intact. This time however I lost my entire My Doc's folder but I used a file recovery program to get these back - thanks to the links on this site!
I am running XP and am not aware of any licence management software running on my PC. In fact - I have not installed anything really except the programs in the READ THIS FIRST post / file recover, since I did the restore. So this is a bit weird?? The Malware issues that I had and hope are gone now, where originally Alcan.I - , Trojan plus worm. Dial out virus in there somewhere too. This is by far the worst thing that's ever happened to my comp and with the lost files I am in "extreme caution" mode. I have just done a quick check in on my email at work so I will follow those instructions you've given me when I get home tonight. Many thanks for your reply I appreciate the reassurance that my PC's safe again - hopefully, providing those license orientated files turn out to be nothing.

chaslang · Jun 6, 2007

DamselnDistress said:

I am running XP and am not aware of any licence management software running on my PC. In fact - I have not installed anything really except the programs in the READ THIS FIRST post / file recover, since I did the restore. So this is a bit weird??
Click to expand...

Okay so let's try something! We will boot into safe mode and rename each of those files. You rename them by locating them in a Windows Explorer window and right clicking on them. And then select Rename.

So reboot into safe mode, and goto the C:\windows\system32 folder and rename as shown below:

clauth1.dll -----> clauth1.ddd
clauth2.dll -----> clauth2.ddd
lsprst7.dll -----> lsprst7.ddd
ssprs.dll -----> ssprs.ddd
sysprs7.dll -----> sysprs7.ddd

Then reboot into normal mode and make sure everything is working okay. Then if everything seems okay. Just keeping going about your normal routines for a couple of days just to make sure changing those file names do not break anything. Once we are sure you don't need them, we can just delete the renamed files.

DamselnDistress · Oct 6, 2006

Thanks for the advice. Followed all instructions you have provided and so far so good!! Let's hope system integrity is restored
I have kept a printout of the renames just in case something comes up at a later stage but hopefully I wont be needing them !!

chaslang · Oct 7, 2006

You're welcome.

If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!

DamselnDistress · Oct 7, 2006

Cheers for that, I had a read of it and am up to date on that side of things.
The only problem I am having now is in relation to permissions. Could be to do with the recovery I did but there are some folders that I can't view.
"Access denied, you do not have permission to view this folder"
Yet, I have administrator rights on my user account??
It's interesting because when I ran the File recovery program, this Folder on my C: called USERDATA - had all the lost stuff in it. But back in My Computer when I click on it, it says it has 0 files in it - this aside "access denied".

In addition my C: is really full and I went through and deleted a bunch of old files, then when I went to recycle bin to empty it already was and this has permission probs too?? Could this space prob be related to the worm I got rid of?? Could the permissions also be related to my Ex virus?

chaslang · Oct 7, 2006

DamselnDistress said:

The only problem I am having now is in relation to permissions. Could be to do with the recovery I did but there are some folders that I can't view.
"Access denied, you do not have permission to view this folder"
Yet, I have administrator rights on my user account??
It's interesting because when I ran the File recovery program, this Folder on my C: called USERDATA - had all the lost stuff in it. But back in My Computer when I click on it, it says it has 0 files in it - this aside "access denied".

In addition my C: is really full and I went through and deleted a bunch of old files, then when I went to recycle bin to empty it already was and this has permission probs too?? Could this space prob be related to the worm I got rid of?? Could the permissions also be related to my Ex virus?
Click to expand...

I'm not sure exactly what your problems are but things to do with a file recovery program etc are not topics for this forum where we only have time to deal with malware. And as far as permissions, this is also not malware. You have to set the permissions yourself in the Security tab of the folders if they were changed for some reason.

Log in or Sign up

Suspicious, there is something still wrong.

DamselnDistress Private E-2

Attached Files:

newfiles.txt

runkeys.txt

HJT 031006.txt

DamselnDistress Private E-2

Attached Files:

bdscan.txt

DamselnDistress Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

DamselnDistress Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

DamselnDistress Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

DamselnDistress Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member