Jump to content


Photo
- - - - -

PING.exe blocked.


  • This topic is locked This topic is locked
10 replies to this topic

#1 SevLancer

SevLancer

    New Member

  • Members
  • Pip
  • 5 posts

Posted 11 August 2011 - 05:30 AM

Hi, I have problem, may be serious,I'm unsure.

My browser was getting hijacked and blue screened (Unknown hard error) so I formated, reinstalled everything though the factory dell image restore. But its still doing it, I checked my task manager and resource monitor and both have PING.exe, now in recource manager under memory its got PING.exe alternating from 60-100% every half seccond (not exagerating)
followed by a mbam message

"Successfully blocked access to a potentially malicious website 195.3.145.251

Type: outgoing
Port: 53016
Process: ping.exe"


(the website IP changes and so does the port number)

I updated and ran both McAfee and MBAM and both full scans came back clean.

Decided to format again, without the internet plugged in, or and external HD's, no dice, same thing happens.

I really am lost as to whats going on, some help would be great.



Heres the log thingy that I gather I need to post? and sorry if this is the wrong log or in the wrong forum, im kinda stressed at the moment.


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Frost at 8:12:19 on 2011-08-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.6132.3798 [GMT 10:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\OSD\OSD.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\perfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Syswow64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienware.com/
uDefault_Page_URL = hxxp://www.alienware.com/
mWinlogon: Userinit=userinit.exe
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup]
mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{E184F210-3318-4059-8A4B-12E5D7AB6161} : DhcpNameServer = 150.100.11.4
TCP: Interfaces\{FA703F53-99E8-404E-AD45-38E699180997} : DhcpNameServer = 10.1.1.1
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll
BHO-X64: scriptproxy - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2010-6-25 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-22 14648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-5 2409800]
R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-30 16384]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-23 59904]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-14 366640]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-23 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-23 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-23 148520]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 0143011313271400mcinstcleanup;McAfee Application Installer Cleanup (0143011313271400);C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
.
=============== Created Last 30 ================
.
2011-08-13 21:41:55 -------- d-----w- C:\Users\Frost\AppData\Roaming\Malwarebytes
2011-08-13 21:41:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-13 21:41:49 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-13 21:41:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-13 21:41:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\Broadcom
2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\ATI
.
==================== Find3M ====================
.
.
============= FINISH: 8:12:58.70 ===============

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 11 August 2011 - 02:43 PM

Hi and welcome to Malwarebytes.

Please go to VirusTotal, and upload the following file for analysis:
C:\Windows\Syswow64\ping.exe

Post the results in your reply.


Also zip up that file and attach it to your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 SevLancer

SevLancer

    New Member

  • Members
  • Pip
  • 5 posts

Posted 11 August 2011 - 04:16 PM

Tried going to VirusTotal, with both IE Explorer and Firefox, both are unable to load the page. Also, the file you want me to upload is ping.exe located in C:\Windows\Syswow64, correct?

#4 SevLancer

SevLancer

    New Member

  • Members
  • Pip
  • 5 posts

Posted 11 August 2011 - 05:25 PM

OK, after many bluesceens, redirects, and the page just not working, finally got it to load and analyze.

File name: PING.EXE
Submission date: 2011-08-11 22:06:33 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)


Antivirus Version Last Update Result
AhnLab-V3 2011.08.11.01 2011.08.11 -
AntiVir 7.11.13.26 2011.08.11 -
Antiy-AVL 2.0.3.7 2011.08.11 -
Avast 4.8.1351.0 2011.08.11 -
Avast5 5.0.677.0 2011.08.11 -
AVG 10.0.0.1190 2011.08.11 -
BitDefender 7.2 2011.08.11 -
CAT-QuickHeal 11.00 2011.08.11 -
ClamAV 0.97.0.0 2011.08.12 -
Commtouch 5.3.2.6 2011.08.11 -
Comodo 9711 2011.08.11 -
DrWeb 5.0.2.03300 2011.08.12 -
Emsisoft 5.1.0.8 2011.08.11 -
eSafe 7.0.17.0 2011.08.10 -
eTrust-Vet 36.1.8497 2011.08.11 -
F-Prot 4.6.2.117 2011.08.11 -
F-Secure 9.0.16440.0 2011.08.11 -
Fortinet 4.2.257.0 2011.08.11 -
GData 22 2011.08.11 -
Ikarus T3.1.1.107.0 2011.08.11 -
Jiangmin 13.0.900 2011.08.11 -
K7AntiVirus 9.109.5003 2011.08.10 -
Kaspersky 9.0.0.837 2011.08.11 -
McAfee 5.400.0.1158 2011.08.11 -
McAfee-GW-Edition 2010.1D 2011.08.11 -
Microsoft 1.7104 2011.08.11 -
NOD32 6370 2011.08.12 -
Norman 6.07.10 2011.08.11 -
nProtect 2011-08-11.01 2011.08.11 -
Panda 10.0.3.5 2011.08.11 -
PCTools 8.0.0.5 2011.08.11 -
Prevx 3.0 2011.08.12 -
Rising 23.70.03.03 2011.08.11 -
Sophos 4.67.0 2011.08.11 -
SUPERAntiSpyware 4.40.0.1006 2011.08.11 -
Symantec 20111.2.0.82 2011.08.11 -
TheHacker 6.7.0.1.276 2011.08.11 -
TrendMicro 9.500.0.1008 2011.08.11 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.11 -
VBA32 3.12.16.4 2011.08.10 -
VIPRE 10140 2011.08.11 -
ViRobot 2011.8.11.4617 2011.08.11 -
VirusBuster 14.0.164.0 2011.08.11 -


Additional informationShow all
MD5 : 6242e3d67787ccbf4e06ad2982853144
SHA1 : 6ac7947207d999a65890ab25fe344955da35028e
SHA256: 4ca10dba7ff487fdb3f1362a3681d7d929f5aa1262cdfd31b04c30826983fb1d
ssdeep: 384:lOi8W9+0F7A3fNpl+rKOFvK/WDHlWyzo:slWE0F7gle1j
File size : 15360 bytes
First seen: 2009-08-15 21:26:03
Last seen : 2011-08-11 22:06:33
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Ping Command
original name: ping.exe
internal name: ping.exe
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2AA7
timedatestamp....: 0x4A5BC964 (Mon Jul 13 23:55:16 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2672, 0x2800, 6.23, bfe1d27f54c79116c20b2d9c2473b795
.data, 0x4000, 0x16A0, 0x200, 1.58, edb7737499c044af4a7f9d64da9724ed
.rsrc, 0x6000, 0x818, 0xA00, 3.81, bf68860ecea39893c6c8411aabcc84c7
.reloc, 0x7000, 0x2FC, 0x400, 4.29, d7e3b601d3845105ff04d0f1d91e0d84

[[ 7 import(s) ]]
ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
KERNEL32.dll: InterlockedCompareExchange, FormatMessageA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, LocalFree, Sleep, SetConsoleCtrlHandler, LocalAlloc, GetLastError, HeapSetInformation, SetThreadUILanguage
msvcrt.dll: __p__commode, __setusermatherr, _amsg_exit, _initterm, _XcptFilter, _exit, __p__fmode, __getmainargs, memset, isspace, exit, strtoul, __set_app_type, memcpy, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, _write, _setmode
IPHLPAPI.DLL: GetIpForwardTable, IcmpCreateFile, Icmp6CreateFile, IcmpSendEcho2Ex, Icmp6SendEcho2, IcmpCloseHandle, GetIpErrorString
USER32.dll: CharToOemBuffA
ntdll.dll: RtlIpv4StringToAddressA
WS2_32.dll: freeaddrinfo, -, -, -, -, getnameinfo, getaddrinfo

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 10240
CompanyName: Microsoft Corporation
EntryPoint: 0x2aa7
FileDescription: TCP/IP Ping Command
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 15 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 9728
InternalName: ping.exe
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: ping.exe
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows command line
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:55:16+02:00
UninitializedDataSize: 0

Attached Files

  • Attached File  PING.rar   7.95KB   18 downloads


#5 SevLancer

SevLancer

    New Member

  • Members
  • Pip
  • 5 posts

Posted 12 August 2011 - 01:14 AM

Just now

McAfee
Trojan Removed

Message vanished before I could note it. Something from c:\temp files

This is getting worse. I havent been doing anything but have this forum open, is someone working on this or?

Its getting to the point I may just run killdisk, I dont want it to come to that though.

Im freaking out cus I have work stuff on this laptop, plus the wife has all her personal stuff, like banking and such. (shes also raging at me)

I just dont know what to do at this point, besides just sit here while god knows what is going on with my computer. =(

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 15 August 2011 - 05:14 PM

Hi,

My apologies for the delay.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 SevLancer

SevLancer

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2011 - 11:35 AM

No need. I payed a techie to fix it for me, he was done in just under an hour. Everything is clean now, no bluescreens, no redirects, no ping.exe in task manager.

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 19 August 2011 - 02:01 PM

Thanks for letting us know.


Is there anything else we can help you with?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 MarkyMark174

MarkyMark174

    New Member

  • Members
  • Pip
  • 1 posts

Posted 23 August 2011 - 01:17 AM

Can you help me I was reading this thread and it seams to be the exact problem that I am having with my laptop. Should I run the ComboFix? Also SevLancer could you maybe have your teche email with some help for this problem?

Thanks

#10 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 August 2011 - 09:55 PM

Please start a new topic and someone will assist you as soon as possible.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 26 August 2011 - 09:55 PM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users