Home > General > Rootkitpatched.TDSSg

Rootkitpatched.TDSSg

c:\system volume information\_restore{67c4541f-d3f2-450d-8ba3-de79d55388cd}\RP280\A0040721.exe (Trojan.CodecPack) -> No action taken. ____________________ ComboFix 11-04-27.01 - Kurt Melcher 04/28/2011 19:05:15.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.605 [GMT -4:00] Running from: c:\documents and settings\Kurt c:\Qoobox\quarantine\C\documents and settings\kurt melcher\application data\antivirus antispyware 2011\securityhelper.exe.vir (Trojan.FakeAlert) -> No action taken. The system returned: (22) Invalid argument The remote host or network may be down. To learn more and to read the lawsuit, click here.

Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf the computer is almost worthless now. Your cache administrator is webmaster.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Your cache administrator is webmaster. Several functions may not work. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Threads are closed after 5 days of inactivity.ASAP & UNITE MemberThe help you

AV: BitDefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Enabled* . ============== Running Processes =============== . c:\Qoobox\quarantine\C\documents and settings\kurt melcher\application data\defender.exe.vir (Trojan.FakeAlert) -> No action taken. Completion time: 2011-04-28 15:14:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 19:14 . They may otherwise interfere with our tools.

The system returned: (22) Invalid argument The remote host or network may be down. Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection scanning hidden processes ... . c:\system volume information\_restore{67c4541f-d3f2-450d-8ba3-de79d55388cd}\RP280\A0040708.exe (Trojan.FakeAlert) -> No action taken.

BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. If you wish to show your appreciation, then you may Back to top #10 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 - KenBeck Back to top #6 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 - 10:15 AM Won't go - too long. C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Uncheck the following ... Your cache administrator is webmaster. Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection

uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\Qoobox\quarantine\C\documents and settings\all users\application data\fbg28610gpdja28610\fbg28610gpdja28610.exe.vir (Rogue.MSRemovalTool) -> No action taken. HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> No action taken. HKCU-Run-Oceyamewobey - c:\windows\molimi.dll HKLM-Run-Vhejom - c:\windows\aluniwareheguri.dll AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe AddRemove-AntiVirus AntiSpyware 2011 - c:\documents and settings\Kurt Melcher\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe . . . ************************************************************************** .

c:\system volume information\_restore{67c4541f-d3f2-450d-8ba3-de79d55388cd}\RP275\A0027377.exe (Rogue.AntiVirusAntiSpyware2011) -> No action taken. scanning hidden files ... . c:\Qoobox\quarantine\C\WINDOWS\hkygya.exe.vir (Trojan.CodecPack) -> No action taken. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2011-4-8 12960] R1 Bdvedisk;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 149520] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2010-8-20 Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch c:\documents and settings\All Users\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program

Please try the request again.

scanning hidden autostart entries ... . Using the site is easy and fun. Rootkitpatched.TDSSg Started by KenBeck , Apr 16 2011 07:18 PM Page 1 of 2 1 2 Next This topic is locked 24 replies to this topic #1 KenBeck KenBeck Members 14 If you wish to show your appreciation, then you may Back to top #12 KenBeck KenBeck Topic Starter Members 14 posts OFFLINE Local time:02:07 AM Posted 27 April 2011 -

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Please try the request again. FF - ProfilePath - c:\docume~1\kurtme~1\applic~1\mozilla\firefox\profiles\8azf0xqv.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z032&form=ZGAADF&q= FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll FF - Back to top #7 RPMcMurphy RPMcMurphy Bleeping *^#@%~ Malware Response Team 3,970 posts OFFLINE Gender:Male Local time:02:07 AM Posted 27 April 2011 - 10:24 AM Hi, Can you add it

scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2504) c:\windows\system32\WININET.dll c:\program files\BitDefender\BitDefender 2011\pchook32.dll c:\windows\system32\ieframe.dll IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. KenBeck . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxext.exe c:\docume~1\KURTME~1\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** .

The system returned: (22) Invalid argument The remote host or network may be down. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Your cache administrator is webmaster. If we have ever helped you in the past, please consider helping us.

Attached Files Gmer.txt 378.55KB 2 downloads Back to top #9 RPMcMurphy RPMcMurphy Bleeping *^#@%~ Malware Response Team 3,970 posts OFFLINE Gender:Male Local time:02:07 AM Posted 27 April 2011 - 12:28 c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610 c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610\fBg28610gPdJa28610 c:\documents and settings\All Users\Application Data\fBg28610gPdJa28610\fBg28610gPdJa28610.exe c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF\enemies-names.txt c:\documents and settings\Kurt Melcher\Application Data\3C593E30AE1F4ABD39B69FBC94A68DEF\local.ini c:\documents The system returned: (22) Invalid argument The remote host or network may be down. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.7/ Connection Generated Thu, 26 Jan 2017 09:07:35 GMT by s_wx1077 (squid/3.5.23) C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program

Click the image to enlarge it In the right panel, you will see several boxes that have been checked.