Problems. problems.

Discussion in 'malware problems & news' started by tigerbiter, Aug 19, 2006.

Thread Status:
Not open for further replies.
  1. tigerbiter

    tigerbiter Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    9
    Hello. My name is Jerry Cass.

    I installed a new 80 GB hard drive and installed W2KPro on it, and added the SP2 update on my Compac Presario, with a 1.19 GHz CPU and 128 MG of RAM.


    Ewido found this:
    C:\WINNT\system32\newexe.exe -> Backdoor.Rbot.aeu,
    and ALL the following IN THE SAME DIRECTORY:
    eraseme_01787.exe -> Backdoor.SdBot.qm
    eraseme_30426.exe -> Backdoor.SdBot.qm
    eraseme_54821.exe -> Backdoor.SdBot.qm
    eraseme_67564.exe -> Backdoor.SdBot.qm
    eraseme_67681.exe -> Backdoor.SdBot.qm
    eraseme_73278.exe -> Backdoor.SdBot.qm
    eraseme_78107.exe -> Backdoor.SdBot.qm
    eraseme_80162.exe -> Backdoor.SdBot.qm

    and. in C:\WINNT\system\
    svchost.exe -> Backdoor.SdBot.qm
    svchost.exe_tobedeleted -> Backdoor.SdBot.qm
    All were cleaned with backup (quarantined).

    C:\WINNT\system32\porky.pig -> Proxy.Ranky : Cleaned with backup (quarantined).
    "Porky.pig", is a file that I renamed from "105.tmp", so it would quit loading.

    In safe mode, McAfee AVERT Stinger Version 2.6.0. found these:
    C:\Winnt\system32\i
    Found the W32/Sdbot.worm!ftp virus. It has been deleted.

    C:\Winnt\system32\wins\SVCHOST.EXE
    Found the W32/Nachi!tftpd virus. It has been deleted.

    C:\WINNT\system32\TFTP1480
    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    C:\WINNT\system32\TFTP828
    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    C:\WINNT\system32\TFTP980
    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    Trend Micro VSCAN found:
    Success Clean [ WORM_SDBOT.RD]( 1) from C:\Winnt\system32\eraseme_30037.exe

    Adaware found Alexa

    Spybot S&D found:

    --- Report generated: 2006-08-16 16:13 ---

    Smitfraud-C.: Executable (File, fixing failed)
    C:\WINNT\system\svchost.exe

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    Windows Security Center.SP2Update: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dword:0

    Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile\enablefirewall!=dword:1

    Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile\enablefirewall!=dword:1

    Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Windows Security Center.FirewallOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

    Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Windows Security Center.UpdateDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

    Alexa Related: Link (Replace file, fixed)
    C:\WINNT\Web\RELATED.HTM


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    Now, I keep running into Sygate32.exe viruses, which AVG says that it has healed, when I tell it to.

    I downloaded a new Zone Alarm (Free) and it caused my system to crash when I connected to my dialup ISP, so I uninstalled it, until I could find the reason.

    (After seeing what S&D found in my registry, I can see why it behaved that way.)

    SpybotS&D keeps finding Smitfraud-C
    I can't seem to shake it off.

    Any help will be appreciated.
    Thank you for reading this.
     
    Last edited: Aug 22, 2006
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.