Jump to content

PING.exe blocked.


Recommended Posts

Hi, I have problem, may be serious,I'm unsure.

My browser was getting hijacked and blue screened (Unknown hard error) so I formated, reinstalled everything though the factory dell image restore. But its still doing it, I checked my task manager and resource monitor and both have PING.exe, now in recource manager under memory its got PING.exe alternating from 60-100% every half seccond (not exagerating)

followed by a mbam message

"Successfully blocked access to a potentially malicious website 195.3.145.251

Type: outgoing

Port: 53016

Process: ping.exe"

(the website IP changes and so does the port number)

I updated and ran both McAfee and MBAM and both full scans came back clean.

Decided to format again, without the internet plugged in, or and external HD's, no dice, same thing happens.

I really am lost as to whats going on, some help would be great.

Heres the log thingy that I gather I need to post? and sorry if this is the wrong log or in the wrong forum, im kinda stressed at the moment.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Frost at 8:12:19 on 2011-08-14

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.6132.3798 [GMT 10:00]

.

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\OSD\OSD_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\OSD\OSD.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\system32\perfmon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Syswow64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.alienware.com/

uDefault_Page_URL = hxxp://www.alienware.com/

mWinlogon: Userinit=userinit.exe

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [FAStartup]

mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E184F210-3318-4059-8A4B-12E5D7AB6161} : DhcpNameServer = 150.100.11.4

TCP: Interfaces\{FA703F53-99E8-404E-AD45-38E699180997} : DhcpNameServer = 10.1.1.1

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll

BHO-X64: scriptproxy - No File

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun-x64: [FAStartup]

mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2010-6-25 89600]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-22 14648]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-5 2409800]

R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-30 16384]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-23 59904]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-14 366640]

R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-23 199032]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-23 244840]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-23 148520]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 0143011313271400mcinstcleanup;McAfee Application Installer Cleanup (0143011313271400);C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]

S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]

S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]

S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]

S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

.

=============== Created Last 30 ================

.

2011-08-13 21:41:55 -------- d-----w- C:\Users\Frost\AppData\Roaming\Malwarebytes

2011-08-13 21:41:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-13 21:41:49 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-13 21:41:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-13 21:41:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\Broadcom

2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\ATI

.

==================== Find3M ====================

.

.

============= FINISH: 8:12:58.70 ===============

Link to post
Share on other sites

OK, after many bluesceens, redirects, and the page just not working, finally got it to load and analyze.

File name: PING.EXE

Submission date: 2011-08-11 22:06:33 (UTC)

Current status: queued queued analysing finished

Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.11.01 2011.08.11 -

AntiVir 7.11.13.26 2011.08.11 -

Antiy-AVL 2.0.3.7 2011.08.11 -

Avast 4.8.1351.0 2011.08.11 -

Avast5 5.0.677.0 2011.08.11 -

AVG 10.0.0.1190 2011.08.11 -

BitDefender 7.2 2011.08.11 -

CAT-QuickHeal 11.00 2011.08.11 -

ClamAV 0.97.0.0 2011.08.12 -

Commtouch 5.3.2.6 2011.08.11 -

Comodo 9711 2011.08.11 -

DrWeb 5.0.2.03300 2011.08.12 -

Emsisoft 5.1.0.8 2011.08.11 -

eSafe 7.0.17.0 2011.08.10 -

eTrust-Vet 36.1.8497 2011.08.11 -

F-Prot 4.6.2.117 2011.08.11 -

F-Secure 9.0.16440.0 2011.08.11 -

Fortinet 4.2.257.0 2011.08.11 -

GData 22 2011.08.11 -

Ikarus T3.1.1.107.0 2011.08.11 -

Jiangmin 13.0.900 2011.08.11 -

K7AntiVirus 9.109.5003 2011.08.10 -

Kaspersky 9.0.0.837 2011.08.11 -

McAfee 5.400.0.1158 2011.08.11 -

McAfee-GW-Edition 2010.1D 2011.08.11 -

Microsoft 1.7104 2011.08.11 -

NOD32 6370 2011.08.12 -

Norman 6.07.10 2011.08.11 -

nProtect 2011-08-11.01 2011.08.11 -

Panda 10.0.3.5 2011.08.11 -

PCTools 8.0.0.5 2011.08.11 -

Prevx 3.0 2011.08.12 -

Rising 23.70.03.03 2011.08.11 -

Sophos 4.67.0 2011.08.11 -

SUPERAntiSpyware 4.40.0.1006 2011.08.11 -

Symantec 20111.2.0.82 2011.08.11 -

TheHacker 6.7.0.1.276 2011.08.11 -

TrendMicro 9.500.0.1008 2011.08.11 -

TrendMicro-HouseCall 9.500.0.1008 2011.08.11 -

VBA32 3.12.16.4 2011.08.10 -

VIPRE 10140 2011.08.11 -

ViRobot 2011.8.11.4617 2011.08.11 -

VirusBuster 14.0.164.0 2011.08.11 -

Additional informationShow all

MD5 : 6242e3d67787ccbf4e06ad2982853144

SHA1 : 6ac7947207d999a65890ab25fe344955da35028e

SHA256: 4ca10dba7ff487fdb3f1362a3681d7d929f5aa1262cdfd31b04c30826983fb1d

ssdeep: 384:lOi8W9+0F7A3fNpl+rKOFvK/WDHlWyzo:slWE0F7gle1j

File size : 15360 bytes

First seen: 2009-08-15 21:26:03

Last seen : 2011-08-11 22:06:33

TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: TCP/IP Ping Command

original name: ping.exe

internal name: ping.exe

file version.: 6.1.7600.16385 (win7_rtm.090713-1255)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2AA7

timedatestamp....: 0x4A5BC964 (Mon Jul 13 23:55:16 2009)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x2672, 0x2800, 6.23, bfe1d27f54c79116c20b2d9c2473b795

.data, 0x4000, 0x16A0, 0x200, 1.58, edb7737499c044af4a7f9d64da9724ed

.rsrc, 0x6000, 0x818, 0xA00, 3.81, bf68860ecea39893c6c8411aabcc84c7

.reloc, 0x7000, 0x2FC, 0x400, 4.29, d7e3b601d3845105ff04d0f1d91e0d84

[[ 7 import(s) ]]

ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

KERNEL32.dll: InterlockedCompareExchange, FormatMessageA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, LocalFree, Sleep, SetConsoleCtrlHandler, LocalAlloc, GetLastError, HeapSetInformation, SetThreadUILanguage

msvcrt.dll: __p__commode, __setusermatherr, _amsg_exit, _initterm, _XcptFilter, _exit, __p__fmode, __getmainargs, memset, isspace, exit, strtoul, __set_app_type, memcpy, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, _write, _setmode

IPHLPAPI.DLL: GetIpForwardTable, IcmpCreateFile, Icmp6CreateFile, IcmpSendEcho2Ex, Icmp6SendEcho2, IcmpCloseHandle, GetIpErrorString

USER32.dll: CharToOemBuffA

ntdll.dll: RtlIpv4StringToAddressA

WS2_32.dll: freeaddrinfo, -, -, -, -, getnameinfo, getaddrinfo

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 10240

CompanyName: Microsoft Corporation

EntryPoint: 0x2aa7

FileDescription: TCP/IP Ping Command

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 15 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)

FileVersionNumber: 6.1.7600.16385

ImageVersion: 6.1

InitializedDataSize: 9728

InternalName: ping.exe

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.1

ObjectFileType: Executable application

OriginalFilename: ping.exe

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 6.1.7600.16385

ProductVersionNumber: 6.1.7600.16385

Subsystem: Windows command line

SubsystemVersion: 6.1

TimeStamp: 2009:07:14 01:55:16+02:00

UninitializedDataSize: 0

PING.rar

Link to post
Share on other sites

Just now

McAfee

Trojan Removed

Message vanished before I could note it. Something from c:\temp files

This is getting worse. I havent been doing anything but have this forum open, is someone working on this or?

Its getting to the point I may just run killdisk, I dont want it to come to that though.

Im freaking out cus I have work stuff on this laptop, plus the wife has all her personal stuff, like banking and such. (shes also raging at me)

I just dont know what to do at this point, besides just sit here while god knows what is going on with my computer. =(

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.