Windows Vista DEP issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by argusxk, Dec 28, 2010.

  1. argusxk

    argusxk Private E-2

    About 1 week ago my spouse started to complain of browser hijacking. She also noticed that IE seemed to be crashing. Dell Studio laptop with Windows Vista Home 64 bit. Fully patched with Automatic updates on. ZoneAlarm security Suite for FW and AV. Executed a "SuperScan" with ZoneAlarm which reported Trojan-Downloader.Java.OpenConnection.cg which it claimed to have successfully quaranteened. I uninstalled Java and these actions appeare to have stopped the browser hijacking, but now she experiences constant DEP issues.

    The App log reports faulting application... including:
    iexplore.exe
    wermgr.exe
    werfault.exe
    excel.exe
    winword.exe
    swreg.exe
    wmiprvse.exe
    wmic.exe

    etc

    all with exception code 0xc0000005

    Starting around Nov 30, 2010 windows security log started reporting invalid hash for wininet.dll, vsdatant.sys and klif.sys

    Neither Windows memory diagnostics tool or Scandisk report any issues.

    Vista cleaning procedures have not resolved the issues. Combofix would not execute at all (64 bit issue)

    I also did not run RootRepeal as directed.

    Thank you for your assistance.
     

    Attached Files:

    argusxk, Dec 28, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
    • Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
    • Click Start scan
    • It will run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )


    What issue would this be then as Combofix is now compatible with 64 bit. If you are having troubles running it then please rename it to 1456.com and try again.


    Important Notice: A new version of SUPERAntiSpyware is available.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this log later.

    MGTools did not run to completion. You need to run it again as instructed and do not touch anything until it says "hit any key to continue"

    Once done attach the new C:\MGlogs.zip
     
    Kestrel13!, Dec 28, 2010
    #2
  3. argusxk

    argusxk Private E-2

    Thank you for your help Kestrel13!

    All tools ran to completion this time.
    TDSSKiller discovered and removed a root kit (Rootkit.Win32.TDSS.tdl4)
    I ahve attached logs.

    Thanks again for your assistance.
     

    Attached Files:

    argusxk, Dec 29, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Alright. The logs look good and I assume all is running as it should be now? :confused
     
    Kestrel13!, Dec 29, 2010
    #4
  5. argusxk

    argusxk Private E-2

    I'll get a better idea this evening. darn work gets in the way of important stuff.

    Thanks again.:)
     
    argusxk, Dec 29, 2010
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    LOL Yes...

    Okay when you have used the computer for a while and surfed around some, leave a brief description on how it's running and we will take it from there. More than likely, it will be final steps next. :)
     
    Kestrel13!, Dec 29, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds