Author Topic: Can't open EXE programs (virus) (Read 5262 times)

country32 · « **Reply #30 on:** May 17, 2011, 03:44:02 AM »

I went with Avast.. While in firefox it pops up about rootkit and another..

I think they are the same that Eset found. Basically, I think i can delete them, but every time I open firefox it happens again.

-Rick

Corrine · « **Reply #31 on:** May 17, 2011, 02:50:58 PM »

I've checked the Firefox entries in your log and they appear to be ok so let's see if this helps.

Please download GooredFixfrom one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows Vista or Windows 7).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

country32 · « **Reply #32 on:** May 17, 2011, 03:09:49 PM »

not sure if it changes things, but I was using I/E and it happened there too. New tag (page) doesn't load, but when I click to go to a page, it redirects me to another one. *Yellow pages* was one.. another is some search results.

-Rick

country32 · « **Reply #33 on:** May 17, 2011, 05:44:00 PM »

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:41 on 17/05/2011 (owner)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

Removing Orphan:
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:18 03/03/2011]

C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\pj778085.default\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [22:29 11/01/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

country32 · « **Reply #34 on:** May 17, 2011, 05:45:11 PM »

still having (Malicious URL) threats come up through AVAST.

this seems to happen with both firefox and I/E

Rick

Corrine · « **Reply #35 on:** May 17, 2011, 07:03:59 PM »

It does make a difference knowing that the problem includes IE.

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

country32 · « **Reply #36 on:** May 17, 2011, 07:17:24 PM »

2011/05/17 15:14:06.0093 3368   TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 15:14:06.0546 3368   ================================================================================
2011/05/17 15:14:06.0546 3368   SystemInfo:
2011/05/17 15:14:06.0546 3368
2011/05/17 15:14:06.0546 3368   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 15:14:06.0546 3368   Product type: Workstation
2011/05/17 15:14:06.0546 3368   ComputerName: OWNER-3383D268F
2011/05/17 15:14:06.0546 3368   UserName: owner
2011/05/17 15:14:06.0546 3368   Windows directory: C:\WINDOWS
2011/05/17 15:14:06.0546 3368   System windows directory: C:\WINDOWS
2011/05/17 15:14:06.0546 3368   Processor architecture: Intel x86
2011/05/17 15:14:06.0546 3368   Number of processors: 2
2011/05/17 15:14:06.0546 3368   Page size: 0x1000
2011/05/17 15:14:06.0546 3368   Boot type: Normal boot
2011/05/17 15:14:06.0546 3368   ================================================================================
2011/05/17 15:14:06.0890 3368   Initialize success
2011/05/17 15:14:14.0406 0584   ================================================================================
2011/05/17 15:14:14.0406 0584   Scan started
2011/05/17 15:14:14.0406 0584   Mode: Manual;
2011/05/17 15:14:14.0406 0584   ================================================================================
2011/05/17 15:14:14.0625 0584   Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/17 15:14:14.0703 0584   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 15:14:14.0750 0584   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 15:14:14.0796 0584   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 15:14:14.0828 0584   AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 15:14:15.0015 0584   aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/17 15:14:15.0046 0584   aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/17 15:14:15.0078 0584   aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/17 15:14:15.0109 0584   aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/17 15:14:15.0187 0584   aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/17 15:14:15.0203 0584   aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/17 15:14:15.0265 0584   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 15:14:15.0328 0584   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 15:14:15.0359 0584   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 15:14:15.0406 0584   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 15:14:15.0453 0584   b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/17 15:14:15.0500 0584   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 15:14:15.0687 0584   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 15:14:15.0718 0584   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 15:14:15.0765 0584   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 15:14:15.0828 0584   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 15:14:15.0968 0584   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 15:14:16.0046 0584   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 15:14:16.0187 0584   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 15:14:16.0234 0584   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 15:14:16.0281 0584   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 15:14:16.0359 0584   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 15:14:16.0406 0584   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 15:14:16.0437 0584   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 15:14:16.0484 0584   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 15:14:16.0500 0584   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 15:14:16.0562 0584   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/17 15:14:16.0640 0584   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 15:14:16.0687 0584   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 15:14:16.0734 0584   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 15:14:16.0781 0584   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/17 15:14:16.0843 0584   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 15:14:16.0921 0584   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/17 15:14:17.0031 0584   ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/17 15:14:17.0093 0584   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 15:14:17.0140 0584   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/17 15:14:17.0187 0584   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/17 15:14:17.0218 0584   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 15:14:17.0281 0584   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 15:14:17.0328 0584   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 15:14:17.0375 0584   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 15:14:17.0421 0584   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 15:14:17.0453 0584   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 15:14:17.0468 0584   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 15:14:17.0531 0584   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/17 15:14:17.0578 0584   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 15:14:17.0640 0584   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 15:14:17.0703 0584   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 15:14:17.0750 0584   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 15:14:17.0859 0584   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 15:14:17.0875 0584   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/17 15:14:17.0921 0584   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 15:14:17.0984 0584   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 15:14:18.0078 0584   MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/17 15:14:18.0218 0584   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 15:14:18.0250 0584   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 15:14:18.0265 0584   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 15:14:18.0281 0584   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 15:14:18.0328 0584   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 15:14:18.0359 0584   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 15:14:18.0453 0584   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 15:14:18.0531 0584   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 15:14:18.0562 0584   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 15:14:18.0578 0584   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 15:14:18.0609 0584   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 15:14:18.0656 0584   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/17 15:14:18.0703 0584   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 15:14:18.0796 0584   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 15:14:18.0859 0584   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 15:14:18.0921 0584   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 15:14:18.0968 0584   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 15:14:18.0984 0584   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 15:14:19.0015 0584   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 15:14:19.0171 0584   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 15:14:19.0281 0584   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 15:14:19.0328 0584   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 15:14:19.0359 0584   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 15:14:19.0421 0584   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 15:14:19.0546 0584   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 15:14:19.0593 0584   PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2011/05/17 15:14:19.0625 0584   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 15:14:19.0640 0584   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 15:14:19.0750 0584   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 15:14:19.0781 0584   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 15:14:19.0796 0584   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 15:14:19.0812 0584   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 15:14:19.0875 0584   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/17 15:14:19.0937 0584   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 15:14:20.0000 0584   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/17 15:14:20.0062 0584   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 15:14:20.0109 0584   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 15:14:20.0296 0584   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 15:14:20.0359 0584   senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/17 15:14:20.0390 0584   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/17 15:14:20.0453 0584   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/17 15:14:20.0484 0584   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 15:14:20.0578 0584   smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/17 15:14:20.0625 0584   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 15:14:20.0687 0584   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 15:14:20.0734 0584   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 15:14:20.0796 0584   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 15:14:20.0812 0584   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 15:14:20.0906 0584   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 15:14:20.0984 0584   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 15:14:21.0031 0584   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 15:14:21.0046 0584   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 15:14:21.0093 0584   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 15:14:21.0218 0584   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 15:14:21.0296 0584   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 15:14:21.0328 0584   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/17 15:14:21.0390 0584   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 15:14:21.0406 0584   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 15:14:21.0453 0584   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 15:14:21.0484 0584   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/17 15:14:21.0531 0584   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 15:14:21.0593 0584   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 15:14:21.0687 0584   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 15:14:21.0734 0584   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 15:14:21.0843 0584   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/17 15:14:21.0843 0584   ================================================================================
2011/05/17 15:14:21.0843 0584   Scan finished
2011/05/17 15:14:21.0843 0584   ================================================================================
2011/05/17 15:14:21.0859 1700   Detected object count: 1
2011/05/17 15:14:38.0546 1700   \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/17 15:14:38.0546 1700   \HardDisk0 - ok
2011/05/17 15:14:38.0546 1700   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/17 15:14:49.0328 3344   Deinitialize success

Corrine · « **Reply #37 on:** May 17, 2011, 08:42:40 PM »

Ah-ha! Rootkit.Win32.TDSS.tdl4

What happens now with an updated scan with Avast?

country32 · « **Reply #38 on:** May 18, 2011, 12:14:20 AM »

it scanned and didnt find any threats..

Also, for the past couple hours I haven't had any (pop up) pages load..

I think maybe we got it..Lol

Thank you!

Corrine · « **Reply #39 on:** May 18, 2011, 01:52:52 AM »

Good news, Rick.

Now, let's clean up.

1) Click Start >> Run and then copy/paste the following into the box and hit Enter:

"%userprofile%\Desktop\GooredFix.exe" /uninstall

Note: If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

2) If you still have RKill and Security Check, go ahead and delete them.

3) Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

4) Now to answer your questions from before:

Quote

Last, for someone who isn't very savy.. What would you suggest for (firewall/Auto update settings?) I know some turn off auto update and then choose manually what they want to update.. I don't really know the difference. To me it's just a number of updates so I've kept it off.?

If you used Windows Vista or Windows 7, I would suggest using the Windows firewall. However, with Windows XP, you may do better with a third-party firewall. The following firewall programs are free for personal use.

Online Armor Free
-- Setup instructions at http://www.tallemu.com/webhelp3/Welcome.html
-- Additional assistance at the support forum at http://support.tallemu.com/vbforum/
Agnitum Outpost Firewall
-- Guide at http://www.outpostfirewall.com/guide/index.htm for Outpost Free Firewall
-- Outpost FREE FAQ at the support forum here: Outpost Users Support Forum

Microsoft Security Updates have a purpose -- to patch vulnerabilities discovered. Although several years old, you may find my blog post Understanding Microsoft Updates helpful. Because I watch for "Patch Tuesday" (the second Tuesday of the month) for security updates, I use the setting "Download updates but let me choose whether to install them". Of course, I always install all of the updates.

If it has been a while since you have installed security updates, I suggest you check for updates ASAP. However, you may want to install the updates a group at a time. The reason is that I personally don't like to make too many changes at one time, but that's me. After you get the updates caught up, why not change the setting to Automatic? (Note: You will be prompted to restart with some updates. This is because there may be some program or dll in use that is affected by the update. In truth, it is best practice to do a shutdown/restart after installing updates, whether requested or not.)

Please let me know if you have any questions.

country32 · « **Reply #40 on:** May 24, 2011, 05:25:10 PM »

Hi,

My computer seems to be running good now.. (Thanks again) I do have one question for a friend.

They got Xp Anti Virus.

(I know you can't see logs or anything)

They stopped it from running with Rkill and ran Malwarebytes... found 11 (they unchecked the volume info-restore)

ESET also found 5.

On reboot their computer seems to be okay. (there are no pop-ups) but their Windows security Alert icon is still in tool bar.

Also, they turned on firewall but they cannot turn on automatic updates..

I was just wondering if there is a common problem and fix for that?

Thanks again.

winchester73 · « **Reply #41 on:** May 24, 2011, 06:00:02 PM »

It would be best for your friend to start a thread of their own. The icon should be gone if the computer has been totally disinfected. It would be useful to see the MBAM log and also the ESET scan log.

Corrine · « **Reply #42 on:** May 24, 2011, 07:00:55 PM »

Quote

(they unchecked the volume info-restore)

Which is good since some anti-malware programs can "damage" restore points attempting to remove infected items in System Restore. The reason this would not be good is if something went wrong during the cleanup -- especially when working "without guidance". After all, an infected restore point is better than none.

That said, if your friend runs into problems and attempts a System Restore from an infected point prior to it cycling out, it will be necessary to start the cleanup process all over.

So, as Winchester73 said:

Quote from: winchester73 on May 24, 2011, 06:00:02 PM

It would be best for your friend to start a thread of their own. The icon should be gone if the computer has been totally disinfected. It would be useful to see the MBAM log and also the ESET scan log.

LandzDown Forum

News:

Author Topic: Can't open EXE programs (virus) (Read 5262 times)

country32

Re: Can't open EXE programs (virus)

Corrine

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

Corrine

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

Corrine

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

Corrine

Re: Can't open EXE programs (virus)

country32

Re: Can't open EXE programs (virus)

winchester73

Re: Can't open EXE programs (virus)

Corrine

Re: Can't open EXE programs (virus)