SevLancer

PING.exe blocked.

11 posts in this topic

Hi, I have problem, may be serious,I'm unsure.

My browser was getting hijacked and blue screened (Unknown hard error) so I formated, reinstalled everything though the factory dell image restore. But its still doing it, I checked my task manager and resource monitor and both have PING.exe, now in recource manager under memory its got PING.exe alternating from 60-100% every half seccond (not exagerating)

followed by a mbam message

"Successfully blocked access to a potentially malicious website 195.3.145.251

Type: outgoing

Port: 53016

Process: ping.exe"

(the website IP changes and so does the port number)

I updated and ran both McAfee and MBAM and both full scans came back clean.

Decided to format again, without the internet plugged in, or and external HD's, no dice, same thing happens.

I really am lost as to whats going on, some help would be great.

Heres the log thingy that I gather I need to post? and sorry if this is the wrong log or in the wrong forum, im kinda stressed at the moment.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Frost at 8:12:19 on 2011-08-14

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.6132.3798 [GMT 10:00]

.

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\OSD\OSD_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\OSD\OSD.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\system32\perfmon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Syswow64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.alienware.com/

uDefault_Page_URL = hxxp://www.alienware.com/

mWinlogon: Userinit=userinit.exe

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [FAStartup]

mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E184F210-3318-4059-8A4B-12E5D7AB6161} : DhcpNameServer = 150.100.11.4

TCP: Interfaces\{FA703F53-99E8-404E-AD45-38E699180997} : DhcpNameServer = 10.1.1.1

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100822205930.dll

BHO-X64: scriptproxy - No File

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun-x64: [FAStartup]

mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2010-6-25 89600]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-22 14648]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-5 2409800]

R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2009-12-30 16384]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-23 59904]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-14 366640]

R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-23 199032]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-23 244840]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-23 148520]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 0143011313271400mcinstcleanup;McAfee Application Installer Cleanup (0143011313271400);C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\014301~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]

S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]

S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]

S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]

S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

.

=============== Created Last 30 ================

.

2011-08-13 21:41:55 -------- d-----w- C:\Users\Frost\AppData\Roaming\Malwarebytes

2011-08-13 21:41:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-13 21:41:49 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-13 21:41:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-13 21:41:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\Broadcom

2011-08-13 21:37:29 -------- d-----w- C:\Users\Frost\AppData\Local\ATI

.

==================== Find3M ====================

.

.

============= FINISH: 8:12:58.70 ===============

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please go to VirusTotal, and upload the following file for analysis:

C:\Windows\Syswow64\ping.exe

Post the results in your reply.

Also zip up that file and attach it to your reply.

Share this post


Link to post
Share on other sites

Tried going to VirusTotal, with both IE Explorer and Firefox, both are unable to load the page. Also, the file you want me to upload is ping.exe located in C:\Windows\Syswow64, correct?

Share this post


Link to post
Share on other sites

OK, after many bluesceens, redirects, and the page just not working, finally got it to load and analyze.

File name: PING.EXE

Submission date: 2011-08-11 22:06:33 (UTC)

Current status: queued queued analysing finished

Result: 0/ 43 (0.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.08.11.01 2011.08.11 -

AntiVir 7.11.13.26 2011.08.11 -

Antiy-AVL 2.0.3.7 2011.08.11 -

Avast 4.8.1351.0 2011.08.11 -

Avast5 5.0.677.0 2011.08.11 -

AVG 10.0.0.1190 2011.08.11 -

BitDefender 7.2 2011.08.11 -

CAT-QuickHeal 11.00 2011.08.11 -

ClamAV 0.97.0.0 2011.08.12 -

Commtouch 5.3.2.6 2011.08.11 -

Comodo 9711 2011.08.11 -

DrWeb 5.0.2.03300 2011.08.12 -

Emsisoft 5.1.0.8 2011.08.11 -

eSafe 7.0.17.0 2011.08.10 -

eTrust-Vet 36.1.8497 2011.08.11 -

F-Prot 4.6.2.117 2011.08.11 -

F-Secure 9.0.16440.0 2011.08.11 -

Fortinet 4.2.257.0 2011.08.11 -

GData 22 2011.08.11 -

Ikarus T3.1.1.107.0 2011.08.11 -

Jiangmin 13.0.900 2011.08.11 -

K7AntiVirus 9.109.5003 2011.08.10 -

Kaspersky 9.0.0.837 2011.08.11 -

McAfee 5.400.0.1158 2011.08.11 -

McAfee-GW-Edition 2010.1D 2011.08.11 -

Microsoft 1.7104 2011.08.11 -

NOD32 6370 2011.08.12 -

Norman 6.07.10 2011.08.11 -

nProtect 2011-08-11.01 2011.08.11 -

Panda 10.0.3.5 2011.08.11 -

PCTools 8.0.0.5 2011.08.11 -

Prevx 3.0 2011.08.12 -

Rising 23.70.03.03 2011.08.11 -

Sophos 4.67.0 2011.08.11 -

SUPERAntiSpyware 4.40.0.1006 2011.08.11 -

Symantec 20111.2.0.82 2011.08.11 -

TheHacker 6.7.0.1.276 2011.08.11 -

TrendMicro 9.500.0.1008 2011.08.11 -

TrendMicro-HouseCall 9.500.0.1008 2011.08.11 -

VBA32 3.12.16.4 2011.08.10 -

VIPRE 10140 2011.08.11 -

ViRobot 2011.8.11.4617 2011.08.11 -

VirusBuster 14.0.164.0 2011.08.11 -

Additional informationShow all

MD5 : 6242e3d67787ccbf4e06ad2982853144

SHA1 : 6ac7947207d999a65890ab25fe344955da35028e

SHA256: 4ca10dba7ff487fdb3f1362a3681d7d929f5aa1262cdfd31b04c30826983fb1d

ssdeep: 384:lOi8W9+0F7A3fNpl+rKOFvK/WDHlWyzo:slWE0F7gle1j

File size : 15360 bytes

First seen: 2009-08-15 21:26:03

Last seen : 2011-08-11 22:06:33

TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: TCP/IP Ping Command

original name: ping.exe

internal name: ping.exe

file version.: 6.1.7600.16385 (win7_rtm.090713-1255)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2AA7

timedatestamp....: 0x4A5BC964 (Mon Jul 13 23:55:16 2009)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x2672, 0x2800, 6.23, bfe1d27f54c79116c20b2d9c2473b795

.data, 0x4000, 0x16A0, 0x200, 1.58, edb7737499c044af4a7f9d64da9724ed

.rsrc, 0x6000, 0x818, 0xA00, 3.81, bf68860ecea39893c6c8411aabcc84c7

.reloc, 0x7000, 0x2FC, 0x400, 4.29, d7e3b601d3845105ff04d0f1d91e0d84

[[ 7 import(s) ]]

ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

KERNEL32.dll: InterlockedCompareExchange, FormatMessageA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, LocalFree, Sleep, SetConsoleCtrlHandler, LocalAlloc, GetLastError, HeapSetInformation, SetThreadUILanguage

msvcrt.dll: __p__commode, __setusermatherr, _amsg_exit, _initterm, _XcptFilter, _exit, __p__fmode, __getmainargs, memset, isspace, exit, strtoul, __set_app_type, memcpy, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, _write, _setmode

IPHLPAPI.DLL: GetIpForwardTable, IcmpCreateFile, Icmp6CreateFile, IcmpSendEcho2Ex, Icmp6SendEcho2, IcmpCloseHandle, GetIpErrorString

USER32.dll: CharToOemBuffA

ntdll.dll: RtlIpv4StringToAddressA

WS2_32.dll: freeaddrinfo, -, -, -, -, getnameinfo, getaddrinfo

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 10240

CompanyName: Microsoft Corporation

EntryPoint: 0x2aa7

FileDescription: TCP/IP Ping Command

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 15 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)

FileVersionNumber: 6.1.7600.16385

ImageVersion: 6.1

InitializedDataSize: 9728

InternalName: ping.exe

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.1

ObjectFileType: Executable application

OriginalFilename: ping.exe

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 6.1.7600.16385

ProductVersionNumber: 6.1.7600.16385

Subsystem: Windows command line

SubsystemVersion: 6.1

TimeStamp: 2009:07:14 01:55:16+02:00

UninitializedDataSize: 0

PING.rar

Share this post


Link to post
Share on other sites

Just now

McAfee

Trojan Removed

Message vanished before I could note it. Something from c:\temp files

This is getting worse. I havent been doing anything but have this forum open, is someone working on this or?

Its getting to the point I may just run killdisk, I dont want it to come to that though.

Im freaking out cus I have work stuff on this laptop, plus the wife has all her personal stuff, like banking and such. (shes also raging at me)

I just dont know what to do at this point, besides just sit here while god knows what is going on with my computer. =(

Share this post


Link to post
Share on other sites

No need. I payed a techie to fix it for me, he was done in just under an hour. Everything is clean now, no bluescreens, no redirects, no ping.exe in task manager.

Share this post


Link to post
Share on other sites

Thanks for letting us know.

Is there anything else we can help you with?

Share this post


Link to post
Share on other sites

Can you help me I was reading this thread and it seams to be the exact problem that I am having with my laptop. Should I run the ComboFix? Also SevLancer could you maybe have your teche email with some help for this problem?

Thanks

Share this post


Link to post
Share on other sites

Please start a new topic and someone will assist you as soon as possible.

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.