Active Virus preventing me from running Anti Virus software, redirecting

ianchesh · 2009/03/02

[Active] Virus preventing me from running Anti Virus software, redirecting

Well I just had this like a month ago, thought I got rid of it and stopped using IE. However just yesterday it happened again.

I had Ad-Ware, AVG (which I scanned my computer with daily).

I tried to run DDS, however it won't let me do it. I did use ATF Cleaner and removed everything I could. It will not let me use Kaspersky Online Scanner. I also had Combofix, which doesn't work anymore. Rootrepeal also doesn't work any longer!

I tried to run Defrag and it wouldn't allow me to do this either.

I'm really frustrated with this stupid virus...

ianchesh · 2009/03/03

I was able to run Rootrepeal, however I had to email it to myself so I could post it via my laptop. I also wanted to add that I am still able to run AVG (and update it), I ran a full scan yesterday and it found this Trojan - Downloader.Zlob.AJXU

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/03/03 11:38
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================Drivers
-------------------
Name: 00000039
Image Path: \Driver\00000039
Address: 0x00000000 Size: 0 File Visible: No
Status: -Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB404D000 Size: 98304 File Visible: No
Status: -Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA63E000 Size: 8192 File Visible: No
Status: -Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2F1C000 Size: 45056 File Visible: No
Status: -Name: UACulkxewso.sys
Image Path: C:\WINDOWS\system32\drivers\UACulkxewso.sys
Address: 0xB437B000 Size: 77824 File Visible: -
Status: Hidden from Windows API!Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACawbwhqpp.db
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACgneikhbq.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACjxjkvrkr.dat
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACltqltpob.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACqowrrixi.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACspklvrgr.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACtkjbmqpp.dll
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\uactmp.db
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\UACtrniopjb.log
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC33c8.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC384c.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC3c63.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC400c.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC4944.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC58a5.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC5bd2.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\Temp\UAC6bb0.tmp
Status: Invisible to the Windows API!Path: C:\WINDOWS\system32\drivers\UACulkxewso.sys
Status: Invisible to the Windows API!Path: C:\Documents and Settings\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Status: Allocation size mismatch (API: 16384, Raw: 12288)Path: C:\Documents and Settings\Ian\Local Settings\temp\UACfb1d.tmp
Status: Invisible to the Windows API!Path: C:\Documents and Settings\Ian\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Status: Locked to the Windows API!Path: C:\Documents and Settings\Ian\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Status: Locked to the Windows API!Stealth Objects
-------------------
Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: winlogon.exe (PID: 720) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: services.exe (PID: 772) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: lsass.exe (PID: 784) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC5bd2.tmpkhbq.dll]
Process: svchost.exe (PID: 948) Address: 0x00710000 Size: 81920Object: Hidden Module [Name: UAC6bb0.tmptpob.dll]
Process: svchost.exe (PID: 948) Address: 0x00a30000 Size: 245760Object: Hidden Module [Name: UAC3c63.tmpmqpp.dll]
Process: svchost.exe (PID: 948) Address: 0x00b40000 Size: 73728Object: Hidden Module [Name: UACspklvrgr.dll]
Process: svchost.exe (PID: 948) Address: 0x00e20000 Size: 57344Object: Hidden Module [Name: UACqowrrixi.dll]
Process: svchost.exe (PID: 948) Address: 0x02c00000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 948) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1044) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1140) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1208) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1376) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: spoolsv.exe (PID: 1628) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: AppleMobileDeviceService.exe (PID: 1824) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: avgwdsvc.exe (PID: 1848) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: mDNSResponder.exe (PID: 1876) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1980) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: jqs.exe (PID: 2040) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: avgrsx.exe (PID: 536) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: LSSrvc.exe (PID: 1112) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: NBService.exe (PID: 1132) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: nTuneService.exe (PID: 1192) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: nvsvc32.exe (PID: 1240) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: IoctlSvc.exe (PID: 1268) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: HPZipm12.exe (PID: 1188) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: PnkBstrA.exe (PID: 1344) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: PnkBstrB.exe (PID: 1300) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: svchost.exe (PID: 1688) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: WMPNetwk.exe (PID: 1084) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: alg.exe (PID: 2204) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: Explorer.EXE (PID: 3052) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UAC4944.tmprixi.dll]
Process: RUNDLL32.EXE (PID: 3712) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UACqowrrixi.dll]
Process: ctfmon.exe (PID: 3740) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UACqowrrixi.dll]
Process: PresentationFontCache.exe (PID: 480) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UACqowrrixi.dll]
Process: RootRepeal.exe (PID: 360) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UACqowrrixi.dll]
Process: avgui.exe (PID: 2932) Address: 0x10000000 Size: 49152Object: Hidden Module [Name: UACqowrrixi.dll]
Process: avgcsrvx.exe (PID: 3460) Address: 0x10000000 Size: 49152Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a980bf8 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a360a00 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_CREATE]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_CLOSE]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_READ]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_WRITE]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_CLEANUP]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: UdfsЅఄ扏济KnownDllPath, IRP_MJ_PNP]
Process: System Address: 0x89a3b838 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x8a52d0e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a5780e8 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x8a980eb0 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a9cb710 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a9cb948 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89ec0490 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_CREATE]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_CLOSE]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_POWER]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: SI3132, IRP_MJ_PNP]
Process: System Address: 0x8a9800e8 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89a34eb0 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89a18538 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_CREATE]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_CLOSE]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_READ]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_WRITE]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_CLEANUP]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Npfsȅ浍瑓ȁః扏济PSched歨詚, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a39a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_READ]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_WRITE]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: Msfsȅఉ䵃慖, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89a30a60 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_CREATE]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_CLOSE]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_READ]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a349a00 Size: -Object: Hidden Code [Driver: CdfsЅఅ瑁䅭ী1쀱ࠁSysLay, IRP_MJ_SHUTDOWN]
Process: SyHidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACulkxewso.sys

ianchesh · 2009/03/04

I ran Dr. Web and here is what it found...

uaculkxewso.sys;c:\windows\system32\drivers;BackDoor.Tdss.84;Deleted.;
psexec.cfexe;C:\32788R22FWJFW;Program.PsExec.171;;
seer.exe\SEER98.BAK;C:\academic\iss2\seer.exe;Probably BATCH.Virus;;
seer.exe\seer98.bat;C:\academic\iss2\seer.exe;Probably BATCH.Virus;;
seer.exe;C:\academic\iss2;Archive contains infected objects;;
seer.exe\SEER98.BAK;C:\academic\orawin95\bin\seer.exe;Probably BATCH.Virus;;
seer.exe\seer98.bat;C:\academic\orawin95\bin\seer.exe;Probably BATCH.Virus;;
seer.exe;C:\academic\orawin95\bin;Archive contains infected objects;;
Seer95.exe\SEER95.BAT;C:\academic\orawin95\bin\Seer95.exe;Probably BATCH.Virus;;
Seer95.exe/SEER95U.EXE\SEER95.BAT;C:\academic\orawin95\bin\Seer95.exe/SEER95U.EXE;Probably BATCH.Virus;;
SEER95U.EXE;C:\academic\orawin95\bin;Archive contains infected objects;;
Seer95.exe;C:\academic\orawin95\bin;Archive contains infected objects;;
C.bat;C:\ComboFix;Probably BATCH.Virus;;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;;
ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;;
tigers.exe/data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Anna\Desktop\tigers.exe/data002;Probably BATCH.Virus;;
tigers.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Anna\Desktop\tigers.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Anna\Desktop;Archive contains infected objects;;
tigers.exe;C:\Documents and Settings\Anna\Desktop;Container contains infected objects;;
Kitty.exe.exe/data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\CD Burning\Kitty.exe.exe/data002;Probably BATCH.Virus;;
Kitty.exe.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\CD Burning\Kitty.exe.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\CD Burning;Archive contains infected objects;;
Kitty.exe.exe;C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\CD Burning;Container contains infected objects;;
C2152591d01/data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla\Firefox\Profiles\1p69o6k6.default\Cache\C2152591d01/data;Probably BATCH.Virus;;
data002;C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla\Firefox\Profiles\1p69o6k6.default\Cache;Archive contains infected objects;;
C2152591d01;C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla\Firefox\Profiles\1p69o6k6.default\Cache;Container contains infected objects;;
A0262564.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Probably BATCH.Virus;;
A0262568.EXE;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Program.PsExec.170;;
A0262569.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262569.exe/data002;Probably BATCH.Virus;;
A0262569.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262569.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262569.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0262572.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262572.exe/data002;Probably BATCH.Virus;;
A0262572.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262572.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262572.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0262573.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262573.exe/data002;Probably BATCH.Virus;;
A0262573.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262573.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262573.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0262574.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262574.exe/data002;Probably BATCH.Virus;;
A0262574.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262574.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262574.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0262576.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262576.exe/data002;Probably BATCH.Virus;;
A0262576.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262576.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262576.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0262596.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262596.exe/data002;Probably BATCH.Virus;;
A0262596.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060\A0262596.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Archive contains infected objects;;
A0262596.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1060;Container contains infected objects;;
A0265307.exe/data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1076\A0265307.exe/data002;Probably BATCH.Virus;;
A0265307.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1076\A0265307.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1076;Archive contains infected objects;;
A0265307.exe;C:\System Volume Information\_restore{5F737E9E-FE15-41D3-91B0-9CD9F782FE1B}\RP1076;Container contains infected objects;;

Geri · 2009/03/07

Hi ianchesh
I'll see what I can do here, but this one may be beyond my skills and noahdfear is away for a while.

Lets start by seeing if we can get some files scanned.

Please go to Jotti's malware scan

Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time

C:\WINDOWS\system32\drivers\UACulkxewso.sys
C:\WINDOWS\system32\UACgneikhbq.dll
C:\WINDOWS\system32\UACtkjbmqpp.dll

Click on the submit button

Please post the results in your next reply.

Thanks
Geri

Log in or Sign up

Active Virus preventing me from running Anti Virus software, redirecting

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Active Virus preventing me from running Anti Virus software, redirecting

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

ianchesh Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches