Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

qtplugin.exe and rundll32_s.exe removal?

  • 20-01-2010 12:12am
    #1
    Closed Accounts Posts: 7


    noticed this 2 probably malware processes running on my computer a couple of days ago . Deleting them only helped to stop qtplugin.exe from starting, but rundll32_s.exe still keeps starting periodically and creating multiple instances, and a file ,also called rundll32_s.exe, on c:windows\temp. there's nothing about this process in registry so I can't figure out where it is started from. Help?


Comments

  • Closed Accounts Posts: 7 highlander87


    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 01:32:13, on 1/20/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Programi\avast\aswUpdSv.exe
    D:\Programi\avast\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    D:\Programi\avast\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    D:\Programi\hamachi\hamachi-2.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Programi\avast\ashMaiSv.exe
    D:\Programi\avast\ashWebSv.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\TEMP\rundll32_s.exe
    C:\WINDOWS\TEMP\rundll32_s.exe
    C:\WINDOWS\TEMP\rundll32_s.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O1 - Hosts: 172.31.31.254 msnfix.changelog.fr
    O1 - Hosts: 172.31.31.254 www.incodesolutions.com
    O1 - Hosts: 172.31.31.254 virusinfo.prevx.com
    O1 - Hosts: 172.31.31.254 download.bleepingcomputer.com
    O1 - Hosts: 172.31.31.254 www.dazhizhu.cn
    O1 - Hosts: 172.31.31.254 foro.noticias3d.com
    O1 - Hosts: 172.31.31.254 www.spybotupdates.com
    O1 - Hosts: 172.31.31.254 club.myce.com
    O1 - Hosts: 172.31.31.254 www.k7computing.com
    O1 - Hosts: 172.31.31.254 softwaresecuritysolutions.com
    O1 - Hosts: 172.31.31.254 www.nabble.com
    O1 - Hosts: 172.31.31.254 lurker.clamav.net
    O1 - Hosts: 172.31.31.254 lexikon.ikarus.at
    O1 - Hosts: 172.31.31.254 research.sunbelt-software.com
    O1 - Hosts: 172.31.31.254 www.virusdoctor.jp
    O1 - Hosts: 172.31.31.254 www.elitepvpers.de
    O1 - Hosts: 172.31.31.254 guru.avg.com
    O1 - Hosts: 172.31.31.254 downloads.sophos.com
    O1 - Hosts: 172.31.31.254 share.skype.com
    O1 - Hosts: 172.31.31.254 myantispyware.com
    O1 - Hosts: 172.31.31.254 www.computerhilfen.de
    O1 - Hosts: 172.31.31.254 www.superuser.co.kr
    O1 - Hosts: 172.31.31.254 ntfaq.co.kr
    O1 - Hosts: 172.31.31.254 v.dreamwiz.com
    O1 - Hosts: 172.31.31.254 cit.kookmin.ac.kr
    O1 - Hosts: 172.31.31.254 forums.whatthetech.com
    O1 - Hosts: 172.31.31.254 forum.hijackthis.de
    O1 - Hosts: 172.31.31.254 avg.vo.llnwd.net
    O1 - Hosts: 172.31.31.254 ftp.drweb.com
    O1 - Hosts: 172.31.31.254 www.zonealarm.com
    O1 - Hosts: 172.31.31.254 smadaver.com
    O1 - Hosts: 172.31.31.254 support.emsisoft.com
    O1 - Hosts: 172.31.31.254 www.huaifai.go.th
    O1 - Hosts: 172.31.31.254 www.mostz.com
    O1 - Hosts: 172.31.31.254 www.krupunmai.com
    O1 - Hosts: 172.31.31.254 www.cddchiangmai.net
    O1 - Hosts: 172.31.31.254 forum.malekal.com
    O1 - Hosts: 172.31.31.254 tech.pantip.com
    O1 - Hosts: 172.31.31.254 sapcupgrades.com
    O1 - Hosts: 172.31.31.254 www.elguruinformatico.com
    O1 - Hosts: 172.31.31.254 forums.avg.com
    O1 - Hosts: 172.31.31.254 zastita.com
    O1 - Hosts: 172.31.31.254 support.kaspersky.com
    O1 - Hosts: 172.31.31.254 www.247fixes.com
    O1 - Hosts: 172.31.31.254 forum.sysinternals.com
    O1 - Hosts: 172.31.31.254 forum.telecharger.01net.com
    O1 - Hosts: 172.31.31.254 sophos.com
    O1 - Hosts: 172.31.31.254 foros.softonic.com
    O1 - Hosts: 172.31.31.254 avast-home.uptodown.com
    O1 - Hosts: 172.31.31.254 dr-web-cureit.softonic.com
    O1 - Hosts: 172.31.31.254 heavenward.ru
    O1 - Hosts: 172.31.31.254 forum.smadav.net
    O1 - Hosts: 172.31.31.254 www.forum.kaspersky.com
    O1 - Hosts: 172.31.31.254 www.f-secure.com
    O1 - Hosts: 172.31.31.254 www.chkrootkit.org
    O1 - Hosts: 172.31.31.254 diamondcs.com.au
    O1 - Hosts: 172.31.31.254 www.rootkit.nl
    O1 - Hosts: 172.31.31.254 www.sysinternals.com
    O1 - Hosts: 172.31.31.254 z-oleg.com
    O1 - Hosts: 172.31.31.254 espanol.dir.groups.yahoo.com
    O1 - Hosts: 172.31.31.254 ftp01net.telechargement.fr
    O1 - Hosts: 172.31.31.254 modelayu.com
    O1 - Hosts: 172.31.31.254 vaksin.com
    O1 - Hosts: 172.31.31.254 bbs.kaspersky.com.cn
    O1 - Hosts: 172.31.31.254 www.castlecrops.com
    O1 - Hosts: 172.31.31.254 www.misec.net
    O1 - Hosts: 172.31.31.254 safecomputing.umn.edu
    O1 - Hosts: 172.31.31.254 www.antirootkit.com
    O1 - Hosts: 172.31.31.254 www.greatis.com
    O1 - Hosts: 172.31.31.254 ar.answers.yahoo.com
    O1 - Hosts: 172.31.31.254 www.elhacker.org
    O1 - Hosts: 172.31.31.254 research.pandasecurity.com
    O1 - Hosts: 172.31.31.254 www.tpu.ro
    O1 - Hosts: 172.31.31.254 www.pinoyden.com
    O1 - Hosts: 172.31.31.254 forum.avira.de
    O1 - Hosts: 172.31.31.254 www.rootkit.com
    O1 - Hosts: 172.31.31.254 www.pctools.com
    O1 - Hosts: 172.31.31.254 www.pcsupportadvisor.com
    O1 - Hosts: 172.31.31.254 www.resplendence.com
    O1 - Hosts: 172.31.31.254 www.personal.psu.edu
    O1 - Hosts: 172.31.31.254 foro.ethek.com
    O1 - Hosts: 172.31.31.254 foro.elhacker.net
    O1 - Hosts: 172.31.31.254 download.zonealarm.com
    O1 - Hosts: 172.31.31.254 spywarehammer.com
    O1 - Hosts: 172.31.31.254 www.codelain.com
    O1 - Hosts: 172.31.31.254 www.thaicert.org
    O1 - Hosts: 172.31.31.254 vil.nail.com
    O1 - Hosts: 172.31.31.254 search.mcafee.com
    O1 - Hosts: 172.31.31.254 wwww.mcafee.com
    O1 - Hosts: 172.31.31.254 download.nai.com
    O1 - Hosts: 172.31.31.254 wwww.experts-exchange.com
    O1 - Hosts: 172.31.31.254 www.bakunos.com
    O1 - Hosts: 172.31.31.254 www.darkclockers.com
    O1 - Hosts: 172.31.31.254 www2.gmer.net
    O1 - Hosts: 172.31.31.254 ariefew.com
    O1 - Hosts: 172.31.31.254 www.emsisoft.com
    O1 - Hosts: 172.31.31.254 forum.romeonet.ro
    O1 - Hosts: 172.31.31.254 www.Merijn.org
    O1 - Hosts: 172.31.31.254 www.spywareinfo.com
    O1 - Hosts: 172.31.31.254 www.spybot.info
    O1 - Hosts: 172.31.31.254 www.viruslist.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program
    Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
    C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program
    Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] D:\Programi\avast\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search
    Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program
    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Danijel\pifj.exe \u
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL
    SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK
    SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default
    user')
    O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup
    Defender\Startup Defender.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google
    Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
    C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
    C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices -
    {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates -
    {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
    http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
    http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
    http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
    C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - D:\Programi\superspyware\SASWINLO.dll
    O20 - Winlogon Notify: csbdll - csbdll.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
    C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -
    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -
    D:\Programi\avast\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Programi\avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programi\avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programi\avast\ashWebSv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. -
    D:\Programi\hamachi\hamachi-2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
    C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common
    Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner -
    D:\Programi\matlab7\webserver\bin\win32\matlabserver.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony
    Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - D:\Programi\nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
    Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony
    Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
    Solution\ServiceLayer.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common
    Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common
    Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program
    Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    --
    End of file - 12722 bytes


  • Closed Accounts Posts: 7 highlander87


    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 2
    [32_bits] - x86 Family 15 Model 67 Stepping 3, AuthenticAMD
    .
    [wscsvc] STOPPED (state:1) : Security Center -> Disabled !
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Disabled !
    .
    Internet Explorer 7.0.5730.13
    .
    A:\ [Removable]
    C:\ [Fixed-NTFS] .. ( Total:19 Go - Free:6 Go )
    D:\ [Fixed-NTFS] .. ( Total:129 Go - Free:62 Go )
    E:\ [Fixed-NTFS] .. ( Total:298 Go - Free:116 Go )
    F:\ [CD_Rom]
    G:\ [CD_Rom]
    .
    Scan : 01:41.01
    Path : E:\programs\Rooter.exe
    User : Danijel ( Administrator -> YES )
    .
    \\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (952)
    ______ \??\C:\WINDOWS\system32\csrss.exe (1000)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (1024)
    ______ C:\WINDOWS\system32\services.exe (1068)
    ______ C:\WINDOWS\system32\lsass.exe (1080)
    ______ C:\WINDOWS\system32\svchost.exe (1256)
    ______ C:\WINDOWS\system32\svchost.exe (1304)
    ______ C:\WINDOWS\System32\svchost.exe (1656)
    ______ C:\WINDOWS\system32\svchost.exe (1844)
    ______ C:\WINDOWS\system32\svchost.exe (1928)
    ______ D:\Programi\avast\aswUpdSv.exe (380)
    ______ D:\Programi\avast\ashServ.exe (436)
    ______ C:\WINDOWS\system32\LEXBCES.EXE (1356)
    ______ C:\WINDOWS\system32\spoolsv.exe (1384)
    ______ C:\WINDOWS\system32\LEXPPS.EXE (1400)
    ______ C:\WINDOWS\Explorer.EXE (1712)
    ______ C:\WINDOWS\RTHDCPL.EXE (1700)
    ______ D:\Programi\avast\ashDisp.exe (1864)
    ______ C:\WINDOWS\system32\RUNDLL32.EXE (1980)
    ______ C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (1996)
    ______ C:\WINDOWS\system32\ctfmon.exe (164)
    ______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1128)
    ______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (888)
    ______ C:\WINDOWS\system32\svchost.exe (1140)
    ______ C:\WINDOWS\system32\cisvc.exe (1936)
    ______ D:\Programi\hamachi\hamachi-2.exe (2220)
    ______ C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (3296)
    ______ C:\WINDOWS\system32\nvsvc32.exe (3652)
    ______ C:\WINDOWS\system32\PnkBstrA.exe (3820)
    ______ C:\WINDOWS\system32\svchost.exe (3888)
    ______ C:\WINDOWS\system32\wdfmgr.exe (3940)
    ______ D:\Programi\avast\ashMaiSv.exe (2252)
    ______ D:\Programi\avast\ashWebSv.exe (2352)
    ______ C:\WINDOWS\System32\alg.exe (4064)
    ______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (3276)
    ______ C:\WINDOWS\system32\cidaemon.exe (768)
    ______ C:\WINDOWS\system32\cidaemon.exe (4036)
    ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (4120)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (1148)
    ______ C:\WINDOWS\TEMP\rundll32_s.exe (1480)
    ______ C:\WINDOWS\TEMP\rundll32_s.exe (5104)
    ______ C:\WINDOWS\system32\msiexec.exe (6048)
    ______ C:\WINDOWS\TEMP\rundll32_s.exe (4224)
    ______ E:\programs\Rooter.exe (4580)
    .
    \\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:20974431744)
    \Device\Harddisk0\Partition0 (Start_Offset:20974464000 | Length:139056583680)
    \Device\Harddisk0\Partition2 (Start_Offset:20974496256 | Length:139056551424)
    .
    \\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\SA.DAT
    .
    \\ Registry
    .
    .
    \\ Files & Folders
    .
    \\ Scan completed at 01:41.01
    .
    C:\Rooter$\Rooter_3.txt - (20/01/2010 | 01:41.01)


  • Closed Accounts Posts: 17 Candlemaker


    your hosts file gets seriously infected. I replaced mine (same problem different thread as you've already seen). I'd look through that list and make sure that any website that's there you don't try an access. do a dns lookup and use the ip instead (online website not your own computer).


  • Closed Accounts Posts: 7 highlander87


    your hosts file gets seriously infected. I replaced mine (same problem different thread as you've already seen). I'd look through that list and make sure that any website that's there you don't try an access. do a dns lookup and use the ip instead (online website not your own computer).
    how, and what exactly did u replace? did it solve it? My host file is unedited, it only has the localhost entry... I think that list of websites was created by this malware, since I havent seen any of those sites ever, and I'm having a lots of trouble accessing some online virus scan sites since the infection. And honestly, I dont really know what ur trying to say in that second part, call me a Noob if u must.:confused::)


  • Closed Accounts Posts: 17 Candlemaker


    make sure you scroll down. On mine it had a massive empty gap before it had all the rest of the entries.


  • Advertisement
  • Closed Accounts Posts: 7 highlander87


    You were right, it was seriously messed up, nice catch.;) So I just deleted everything below the localhost entry. Anyway, somehow I managed to stop rundll_s.32 from running today, I ran about 5 spyware+registry clean-up and anti-virus scans, and I just hope it is gone this time, but it's too soon to tell...


Advertisement