Jump to content

Can not Remove malware.packer.gen , Need Help! :(


Recommended Posts

Hello,

this is my log, i have scanned and remove the malware. but, after i restart my computer the malware is back again to my computer. it's look like the malware need expert touch.

sorry about my english.

Database version: v2012.03.16.03

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

SH :: SH-382911F848F2 [administrator]

Protection: Enabled

3/16/2012 10:31:49 PM

mbam-log-2012-03-17 (00-50-06).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 240791

Time elapsed: 2 hour(s), 15 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\wsgy.exe (Malware.Packer.Gen) -> No action taken.

D:\nacce.exe (Malware.Packer.Gen) -> No action taken.

D:\Eric's Documents\File Transfer\Driver & Software\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> No action taken.

help me please...

mbam-log-2012-03-17 (00-50-06).txt

Link to post
Share on other sites

  • 2 weeks later...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by SH at 10:56:33 on 2012-03-18

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2483 [GMT 7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\rundll32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.id/

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRunOnce: [<NO NAME>] c:\program files\hp\print projects\common01\bin\HpqWLPG03.exe /WebOffer

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{67EE0F51-CF76-42A7-9355-2766C1AAF14C} : DhcpNameServer = 8.8.8.8 8.8.4.4

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: TPSvc - TPSvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sh\application data\mozilla\firefox\profiles\70loutph.default\

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

.

============= SERVICES / DRIVERS ===============

.

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-1-4 72080]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-3-16 101112]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

RUnknown amsint32;amsint32; [x]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]

.

=============== Created Last 30 ================

.

2012-03-18 03:46:06 -------- d-----w- c:\documents and settings\all users\application data\WEBREG

2012-03-18 03:45:34 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2012-03-18 03:45:34 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2012-03-18 03:45:25 315392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp6en.dll

2012-03-18 03:45:25 271704 ----a-r- c:\windows\system32\hpzids01.dll

2012-03-18 03:45:25 126976 ----a-w- c:\windows\system32\hpfll6en.dll

2012-03-18 03:45:01 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2012-03-18 03:45:01 309760 ----a-r- c:\windows\system32\difxapi.dll

2012-03-18 03:45:01 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2012-03-18 03:43:05 -------- d-----w- c:\program files\common files\Hewlett-Packard

2012-03-18 03:42:11 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2012-03-18 03:40:32 -------- d-----w- c:\program files\HP

2012-03-18 03:37:35 -------- d-----w- c:\documents and settings\sh\local settings\application data\Temp

2012-03-18 03:37:35 -------- d-----w- c:\documents and settings\sh\local settings\application data\Adobe

2012-03-16 23:04:29 103140 ----a-w- C:\wsgy.exe

2012-03-16 16:17:30 42864 ----a-r- c:\windows\system32\SBBD.EXE

2012-03-16 16:17:30 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-03-16 16:17:22 -------- d-----w- c:\program files\STOPzilla!

2012-03-16 16:17:22 -------- d-----w- c:\program files\common files\iS3

2012-03-16 16:17:21 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!

2012-03-16 15:26:35 -------- d-----w- c:\windows\system32\XPSViewer

2012-03-16 15:26:08 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-03-16 15:26:03 14048 ------w- c:\windows\system32\spmsg2.dll

2012-03-16 04:40:00 -------- d-----w- c:\documents and settings\sh\application data\Malwarebytes

2012-03-16 04:39:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 04:39:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-16 04:39:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-16 04:14:36 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-16 01:30:53 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2012-03-16 01:30:52 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2012-03-16 01:30:37 -------- d-----w- c:\documents and settings\sh\application data\TuneUp Software

2012-03-16 01:30:24 -------- d-----w- c:\program files\TuneUp Utilities 2011

2012-03-16 01:30:06 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software

2012-03-16 01:29:33 -------- d-sh--w- c:\documents and settings\all users\application data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2012-03-16 01:09:54 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-03-16 01:09:30 -------- d-s---w- c:\documents and settings\sh\UserData

.

==================== Find3M ====================

.

2012-03-15 18:15:42 315392 ----a-w- c:\windows\HideWin.exe

2012-03-14 10:55:18 23376 ----a-r- c:\windows\system32\SZIO5.dll

2012-03-14 10:55:06 546640 ----a-r- c:\windows\system32\SZComp5.dll

2012-03-14 10:55:02 481104 ----a-r- c:\windows\system32\SZBase5.dll

2012-02-24 08:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys

2012-02-24 08:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys

2012-02-23 07:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll

2012-02-23 07:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll

2012-02-23 07:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll

2012-02-23 07:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll

2012-02-23 07:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll

2012-02-23 07:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll

2012-02-23 07:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll

2012-02-23 07:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll

2012-02-23 07:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll

2012-01-04 07:06:32 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys

.

============= FINISH: 10:57:03.39 ===============

DDS.txt

Attach.txt

post-109641-0-15162700-1332947597.jpg

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.