We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
I have a serious infection
Options
Comments
-
Yes. Combofix has removed ZeroAccess from the bit you've psoted there. There's also a couple of stragglers.
http://vil.nai.com/vil/content/v_596722.htm
Had a look at the link but not sure what im looking for. Is it possible to remove the stragglers?0 -
That's just a link to some data compiled by Mcafee on the infection.
Look under the "The following files have been added to the system:" section and you'll see the %APPDATA%\LimeRunner & %USERPROFILE%\spkpod folders mentioned.
You can try & delete the file and folder manually.
C:\siauh.exe <-file
c:\users\Kev B\AppData\Roaming\LimeRunner <-Folder
You'll have to show hidden files if they're not already.
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/#win7
0 -
That's just a link to some data compiled by Mcafee on the infection.
Look under the "The following files have been added to the system:" section and you'll see the %APPDATA%\LimeRunner & %USERPROFILE%\spkpod folders mentioned.
You can try & delete the file and folder manually.
C:\siauh.exe <-file
c:\users\Kev B\AppData\Roaming\LimeRunner <-Folder
You'll have to show hidden files if they're not already.
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/#win7
Am i looking in the right place for the folders to delete?
0 -
Yes. Don't delete Roaming, only delete the LimeRunner folder0
-
DDS Log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Kev B at 0:53:54 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2038.823 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVS4YOU\AVSScreenCapture\AVSScreenCapture.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\kevb~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{528E4786-4344-46FB-BE69-14D5B7F10E6C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6756A43C-7C73-4AE5-BFBB-0A7324897F63} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kev b\appdata\roaming\mozilla\firefox\profiles\ic1tlj6a.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - https://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-28 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-28 320856]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-28 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-28 44768]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-9-3 1740696]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-26 366152]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-3 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-14 22216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-3 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-9-3 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2011-9-3 353280]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-14 9216]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-5-10 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-5-10 398720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-17 1343400]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-10-14 114688]
.
=============== Created Last 30 ================
.
2011-09-27 23:23:34 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-27 23:23:29 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-27 23:22:19 41184 ----a-w- c:\windows\avastSS.scr
2011-09-27 23:22:08
d
w- c:\programdata\AVAST Software
2011-09-27 23:22:08
d
w- c:\program files\AVAST Software
2011-09-27 22:55:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298e49a8-35fb-4712-ad05-d47aae93359c}\offreg.dll
2011-09-27 22:03:12 388096 ----a-r- c:\users\kev b\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-27 22:03:12
d
w- c:\program files\Trend Micro
2011-09-27 21:02:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-27 20:54:49
d-sh--w- C:\$RECYCLE.BIN
2011-09-27 19:25:40 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-27 19:22:55 98816 ----a-w- c:\windows\sed.exe
2011-09-27 19:22:55 518144 ----a-w- c:\windows\SWREG.exe
2011-09-27 19:22:55 256000 ----a-w- c:\windows\PEV.exe
2011-09-27 19:22:55 208896 ----a-w- c:\windows\MBR.exe
2011-09-27 15:53:46 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298e49a8-35fb-4712-ad05-d47aae93359c}\mpengine.dll
2011-09-26 22:11:31 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 22:11:31
d
w- c:\program files\Hitman Pro 3.5
2011-09-26 22:11:06
d
w- c:\programdata\Hitman Pro
2011-09-26 17:11:06 159744 --sh--r- C:\siauh.exe
2011-09-26 15:12:05
d
w- c:\users\kev b\appdata\roaming\LimeRunner
2011-09-24 11:01:48
d
w- c:\users\kev b\appdata\local\WinZip
2011-09-24 10:41:23 781272 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-09-24 10:41:05
d
w- c:\programdata\Premium
2011-09-24 10:41:04
d
w- c:\programdata\InstallMate
2011-09-23 17:38:11
d
w- c:\users\kev b\appdata\roaming\Thinstall
2011-09-23 09:15:36
d
w- c:\windows\Downloaded Installations
2011-09-09 01:10:26 57344
w- c:\windows\system32\mfc70enu.dll
2011-09-09 01:10:20
d
w- c:\program files\common files\Macromedia Shared
2011-09-09 01:10:18
d
w- c:\program files\common files\Macromedia
2011-09-09 01:09:56
d
w- c:\program files\Macromedia
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-03 14:31:31
d
w- c:\users\kev b\appdata\roaming\Birdstep Technology
2011-09-03 14:31:26
d
w- c:\programdata\Birdstep Technology
2011-09-03 14:29:16
d
w- c:\program files\3 Mobile Broadband
.
==================== Find3M ====================
.
2011-09-27 10:24:05 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-24 09:54:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 14:30:19 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 15:44:16 681 ---ha-w- C:\os848618.bin
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 0:57:05.77 ===============0 -
That DDS log looks a whole lot better than the last one.0
-
Going to check out tonight guys.. its getting late.. will check back in the morning to follow instructions.. Thanks again guys.. Night..0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards