Solved Antimalware Doctor Inc

living life · 2010/08/23

sys WOW 64

File name:
wininit.exe
Submission date:
2010-08-23 12:52:21 (UTC)
Current status:
queued (#12) queued (#12) analysing finished
Result:
21/ 41 (51.2%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.23.06 2010.08.23 -
AntiVir 8.2.4.38 2010.08.23 TR/Spy.96256.30
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.23 -
Avast 4.8.1351.0 2010.08.22 Win32:Malware-gen
Avast5 5.0.332.0 2010.08.22 Win32:Bamital-X
AVG 9.0.0.851 2010.08.23 -
BitDefender 7.2 2010.08.23 Win32.Loader.O
CAT-QuickHeal 11.00 2010.08.23 -
ClamAV 0.96.2.0-git 2010.08.23 -
Comodo 5830 2010.08.23 -
DrWeb 5.0.2.03300 2010.08.23 modification of Win32.Dat.2
Emsisoft 5.0.0.37 2010.08.23 Gen.Trojan!IK
eSafe 7.0.17.0 2010.08.23 Win32.TRSpy
eTrust-Vet 36.1.7804 2010.08.21 Win32/Patcher.F
F-Prot 4.6.1.107 2010.08.22 -
F-Secure 9.0.15370.0 2010.08.23 Win32.Loader.O
Fortinet 4.1.143.0 2010.08.23 -
GData 21 2010.08.23 Win32.Loader.O
Ikarus T3.1.1.88.0 2010.08.23 Gen.Trojan
Jiangmin 13.0.900 2010.08.23 -
Kaspersky 7.0.0.125 2010.08.23 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.08.23 Artemis!ED9D72465A62
McAfee-GW-Edition 2010.1B 2010.08.23 Artemis!ED9D72465A62
Microsoft 1.6103 2010.08.23 Virus:Win32/Bamital.C
NOD32 5388 2010.08.23 -
Norman 6.05.11 2010.08.23 -
nProtect 2010-08-23.01 2010.08.23 Win32.Loader.O
Panda 10.0.2.7 2010.08.22 Suspicious file
PCTools 7.0.3.5 2010.08.23 -
Prevx 3.0 2010.08.23 Medium Risk Malware
Rising 22.62.00.04 2010.08.23 Trojan.Win32.Generic.5225A171
Sophos 4.56.0 2010.08.23 -
SUPERAntiSpyware 4.40.0.1006 2010.08.23 -
Symantec 20101.1.1.7 2010.08.23 WS.Reputation.1
TheHacker 6.5.2.1.355 2010.08.23 -
TrendMicro 9.120.0.1004 2010.08.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.23 -
VBA32 3.12.14.0 2010.08.23 -
ViRobot 2010.8.23.4003 2010.08.23 Win32.Patched.AF
VirusBuster 5.0.27.0 2010.08.22 -
Additional information
Show all
MD5 : ed9d72465a62706e3f4849b61b5df33b
SHA1 : 8f5e39f9986e25de7abc6bd949bab5b5c12e64f9
SHA256: 29f2bab686339ad17217623a5a8c7a533896c614f901db0665bd6ddd5a38b74c

broni · 2010/08/23

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
wininit.exe
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

living life · 2010/08/23

system look

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:22 on 23/08/2010 by Andrew (Administrator - Elevation successful)

========== filefind ==========

Searching for "wininit.exe "
C:\Windows\System32\wininit.exe --a--- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] ED9D72465A62706E3F4849B61B5DF33B
C:\Windows\SysWOW64\wininit.exe --a--- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] ED9D72465A62706E3F4849B61B5DF33B
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a--- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a--- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

-=End Of File=-

broni · 2010/08/23

Please upload following files to VirusTotal:
- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Post scan results.

living life · 2010/08/23

File name: wininit.exe

File name:
wininit.exe
Submission date:
2010-08-24 02:43:08 (UTC)
Current status:
queued (#11) queued (#11) analysing finished
Result:
0/ 42 (0.0%)

Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.24.00 2010.08.23 -
AntiVir 8.2.4.38 2010.08.23 -
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.24 -
Avast 4.8.1351.0 2010.08.23 -
Avast5 5.0.332.0 2010.08.23 -
AVG 9.0.0.851 2010.08.24 -
BitDefender 7.2 2010.08.24 -
CAT-QuickHeal 11.00 2010.08.23 -
ClamAV 0.96.2.0-git 2010.08.24 -
Comodo 5838 2010.08.24 -
DrWeb 5.0.2.03300 2010.08.24 -
Emsisoft 5.0.0.37 2010.08.24 -
eSafe 7.0.17.0 2010.08.23 -
eTrust-Vet 36.1.7810 2010.08.23 -
F-Prot 4.6.1.107 2010.08.24 -
F-Secure 9.0.15370.0 2010.08.24 -
Fortinet 4.1.143.0 2010.08.23 -
GData 21 2010.08.24 -
Ikarus T3.1.1.88.0 2010.08.24 -
Jiangmin 13.0.900 2010.08.23 -
Kaspersky 7.0.0.125 2010.08.24 -
McAfee 5.400.0.1158 2010.08.24 -
McAfee-GW-Edition 2010.1B 2010.08.24 -
Microsoft 1.6103 2010.08.23 -
NOD32 5391 2010.08.24 -
Norman 6.05.11 2010.08.23 -
nProtect 2010-08-23.01 2010.08.23 -
Panda 10.0.2.7 2010.08.23 -
PCTools 7.0.3.5 2010.08.24 -
Prevx 3.0 2010.08.24 -
Rising 22.62.00.04 2010.08.23 -
Sophos 4.56.0 2010.08.24 -
Sunbelt 6782 2010.08.24 -
SUPERAntiSpyware 4.40.0.1006 2010.08.24 -
Symantec 20101.1.1.7 2010.08.23 -
TheHacker 6.5.2.1.355 2010.08.24 -
TrendMicro 9.120.0.1004 2010.08.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.24 -
VBA32 3.12.14.0 2010.08.23 -
ViRobot 2010.8.23.4003 2010.08.23 -
VirusBuster 5.0.27.0 2010.08.23 -
Additional information
Show all
MD5 : 94355c28c1970635a31b3fe52eb7ceba
SHA1 : 2de5c051c0d7d8bcc14b1ca46be8ab9756f29320
SHA256: c4e98f07170cec69cacdd5cedb8927e48a2a299cb1b8cda87526e768af6174f0

living life · 2010/08/23

File name: wininit.exe x86

File name:
wininit.exe
Submission date:
2010-08-24 02:47:20 (UTC)
Current status:
queued (#13) queued analysing finished
Result:
0/ 42 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.24.00 2010.08.23 -
AntiVir 8.2.4.38 2010.08.23 -
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.24 -
Avast 4.8.1351.0 2010.08.23 -
Avast5 5.0.332.0 2010.08.23 -
AVG 9.0.0.851 2010.08.24 -
BitDefender 7.2 2010.08.24 -
CAT-QuickHeal 11.00 2010.08.23 -
ClamAV 0.96.2.0-git 2010.08.24 -
Comodo 5838 2010.08.24 -
DrWeb 5.0.2.03300 2010.08.24 -
Emsisoft 5.0.0.37 2010.08.24 -
eSafe 7.0.17.0 2010.08.23 -
eTrust-Vet 36.1.7810 2010.08.23 -
F-Prot 4.6.1.107 2010.08.24 -
F-Secure 9.0.15370.0 2010.08.24 -
Fortinet 4.1.143.0 2010.08.23 -
GData 21 2010.08.24 -
Ikarus T3.1.1.88.0 2010.08.24 -
Jiangmin 13.0.900 2010.08.23 -
Kaspersky 7.0.0.125 2010.08.24 -
McAfee 5.400.0.1158 2010.08.24 -
McAfee-GW-Edition 2010.1B 2010.08.24 -
Microsoft 1.6103 2010.08.23 -
NOD32 5391 2010.08.24 -
Norman 6.05.11 2010.08.23 -
nProtect 2010-08-23.01 2010.08.23 -
Panda 10.0.2.7 2010.08.23 -
PCTools 7.0.3.5 2010.08.24 -
Prevx 3.0 2010.08.24 -
Rising 22.62.00.04 2010.08.23 -
Sophos 4.56.0 2010.08.24 -
Sunbelt 6782 2010.08.24 -
SUPERAntiSpyware 4.40.0.1006 2010.08.24 -
Symantec 20101.1.1.7 2010.08.23 -
TheHacker 6.5.2.1.355 2010.08.24 -
TrendMicro 9.120.0.1004 2010.08.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.24 -
VBA32 3.12.14.0 2010.08.23 -
ViRobot 2010.8.23.4003 2010.08.23 -
VirusBuster 5.0.27.0 2010.08.23 -
Additional information
Show all
MD5 : b5c5dcad3899512020d135600129d665
SHA1 : c7bba9840c44e7739fb314b7a3efe30e6b25cc48
SHA256: f6b4d18fa0d3c4958711ac0d476c21a6fdf2897f989a0ad290b43f463dd8b5b0

broni · 2010/08/23

Very good
Let's get to it....

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Windows\System32\wininit.exe|C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe /replace
C:\Windows\SysWOW64\wininit.exe|C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe /replace

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
When done, re-run SystemLook with a very same script like in my reply #22.

living life · 2010/08/24

OTL RunFix

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\wininit.exe with C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe without a reboot.
File C:\Windows\SysWOW64\wininit.exe successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 106147964 bytes
->Temporary Internet Files folder emptied: 373031 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 64137271 bytes
->Flash cache emptied: 4080 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35887 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 163.00 mb

[EMPTYFLASH]

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Grant
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08242010_002343

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

broni · 2010/08/24

...and...

When done, re-run SystemLook with a very same script like in my reply #22.
Click to expand...

living life · 2010/08/24

SystemLook

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 01:09 on 24/08/2010 by Andrew (Administrator - Elevation successful)

========== filefind ==========

Searching for "wininit.exe "
C:\Windows\System32\wininit.exe --a--- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\SysWOW64\wininit.exe --a--- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a--- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA

-=End Of File=-

broni · 2010/08/24

Looks good

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

living life · 2010/08/24

last Malwarebyte

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/24/2010 10:06:36 AM
mbam-log-2010-08-24 (10-06-36).txt

Scan type: Quick scan
Objects scanned: 152321
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also downloaded Secunia.. Thank you very much!

broni · 2010/08/24

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Antimalware Doctor Inc

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Antimalware Doctor Inc

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches