1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

JambanMuV2 Virus (i think some wrote in malay languge plz help)

Discussion in 'Malware and Virus Removal Archive' started by z4u, 2007/10/29.

  1. 2007/10/29
    z4u

    z4u Inactive Thread Starter

    Joined:
    2003/07/08
    Messages:
    350
    Likes Received:
    0
    suddenly i found my system getting slow very slow then i i do hijack and find susupicious entry .exe in log and my system properties register name has been changed into infected virus name file it's
    Registered To
    jambanMuV2
    Die!Die!Die!
    here combofix log plz have look
    ComboFix 07-10-29.1** - PC11 2007-10-29 22:20:40.1 - FAT32x86
    Running from: C:\Documents and Settings\PC11\My Documents\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\ÿ.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
    .

    2007-10-29 22:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-29 22:09 <DIR> d-------- C:\Documents and Settings\PC11\.housecall6.6
    2007-10-29 22:06 <DIR> d-------- C:\WINDOWS\LastGood
    2007-10-29 22:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-23 13:47 <DIR> d-------- C:\Program Files\Youtube Download
    2007-10-22 12:10 249,627 -rahs---- C:\WINDOWS\Document1.exe
    2007-10-22 12:10 226,587 -rahs---- C:\WINDOWS\*.exe
    2007-10-10 11:04 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
    2007-10-10 11:04 <DIR> d-------- C:\Program Files\Freecorder Toolbar
    2007-10-10 11:04 <DIR> d-------- C:\Program Files\Freecorder
    2007-10-10 11:03 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
    2007-10-10 11:03 <DIR> d-------- C:\Program Files\Replay Media Catcher
    2007-10-10 11:03 2,293,712 --a------ C:\Program Files\FLV PlayerFCSetup.exe
    2007-10-10 11:02 3,655,488 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
    2007-10-10 10:54 <DIR> d-------- C:\WINDOWS\FLV Player
    2007-10-10 10:54 <DIR> d-------- C:\Program Files\FLV Player
    2007-10-10 10:54 <DIR> d-------- C:\Documents and Settings\PC11\Application Data\GetRightToGo
    2007-10-10 10:54 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-27 12:44 --------- d-----w C:\Program Files\Windows Live Favorites
    2007-09-27 12:42 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-09-27 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-09-20 15:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-09-20 15:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-20 15:13 --------- d-----w C:\Documents and Settings\PC11\Application Data\SUPERAntiSpyware.com
    2007-09-20 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-09-18 14:14 --------- d-----w C:\Program Files\Mgtweak
    2007-09-18 14:12 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-09-18 14:12 --------- d-----w C:\Documents and Settings\PC11\Application Data\MegauploadToolbar
    2007-09-15 06:05 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
    2007-09-12 15:05 226,587 --sha-r C:\WINDOWS\*.exe
    2007-08-28 17:42 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-28 15:51 --------- d-----w C:\Documents and Settings\PC11\Application Data\DMCache
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 11:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 11:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CafeAgent "= "C:\WINDOWS\system32\CafeAgent.exe" [2005-03-22 16:39]
    "avgnt "= "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
    "Document1 "= "C:\WINDOWS\*.exe" [2007-09-12 23:05]
    "MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "CafeAgent "=C:\WINDOWS\system32\CafeAgent.exe /normal

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableChangePassword "=1 (0x1)
    "NoSecCPL "=0 (0x0)
    "NoConfigPage "=0 (0x0)
    "NoFileSysPage "=0 (0x0)
    "NoDevMgrPage "=0 (0x0)
    "NoVirtMemPage "=0 (0x0)
    "DisableLockWorkstation "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableChangePassword "=0 (0x0)
    "NoSecCPL "=0 (0x0)
    "NoConfigPage "=0 (0x0)
    "NoFileSysPage "=0 (0x0)
    "NoDevMgrPage "=0 (0x0)
    "NoVirtMemPage "=0 (0x0)
    "DisableLockWorkstation "=0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "DisableChangePassword "=1 (0x1)
    "NoSecCPL "=0 (0x0)
    "NoConfigPage "=0 (0x0)
    "NoFileSysPage "=0 (0x0)
    "NoDevMgrPage "=0 (0x0)
    "NoVirtMemPage "=0 (0x0)
    "NoDispCPL "=0 (0x0)
    "NoDispAppearancePage "=0 (0x0)
    "NoDispScrSavPage "=0 (0x0)
    "NoDispSettingsPage "=0 (0x0)
    "DisableLockWorkstation "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu "=0 (0x0)
    "NoFavoritesMenu "=1 (0x1)
    "NoSMMyPictures "=0 (0x0)
    "NoStartMenuMyMusic "=0 (0x0)
    "NoRecentDocsHistory "=0 (0x0)
    "NoRecentDocsNetHood "=1 (0x1)
    "NoInstrumentation "=0 (0x0)
    "NoSimpleStartMenu "=0 (0x0)
    "NoViewOnDrive "=0 (0x0)
    "NoAddPrinter "=0 (0x0)
    "NoDeletePrinter "=0 (0x0)
    "NoSetActiveDesktop "=0 (0x0)
    "NoTrayContextMenu "=0 (0x0)
    "NoWindowsUpdate "=0 (0x0)
    "DisableLocalMachineRun "=0 (0x0)
    "DisableLocalMachineRunOnce "=0 (0x0)
    "DisableCurrentUserRun "=0 (0x0)
    "DisableCurrentUserRunOnce "=0 (0x0)
    "NoWinKeys "=0 (0x0)
    "NoStartMenuSubFolders "=0 (0x0)
    "NoCommonGroups "=0 (0x0)
    "NoSetFolders "=0 (0x0)
    "NoStartMenuMorePrograms "=0 (0x0)
    "NoStartMenuMFUprogramsList "=0 (0x0)
    "NoStartMenuPinnedList "=0 (0x0)
    "NoLogOff "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu "=0 (0x0)
    "NoFavoritesMenu "=1 (0x1)
    "NoSMMyPictures "=0 (0x0)
    "NoStartMenuMyMusic "=0 (0x0)
    "NoRecentDocsHistory "=0 (0x0)
    "NoRecentDocsNetHood "=0 (0x0)
    "NoUserNameInStartMenu "=1 (0x1)
    "NoStartMenuPinnedList "=0 (0x0)
    "ForceStartMenuLogoff "=0 (0x0)
    "NoViewOnDrive "=0 (0x0)
    "NoAddPrinter "=0 (0x0)
    "NoDeletePrinter "=0 (0x0)
    "NoSetActiveDesktop "=0 (0x0)
    "DisableLocalMachineRun "=0 (0x0)
    "DisableLocalMachineRunOnce "=0 (0x0)
    "DisableCurrentUserRun "=0 (0x0)
    "DisableCurrentUserRunOnce "=0 (0x0)
    "NoStartMenuSubFolders "=0 (0x0)
    "NoCommonGroups "=0 (0x0)
    "NoSetFolders "=0 (0x0)
    "NoStartMenuMorePrograms "=0 (0x0)
    "NoStartMenuMFUprogramsList "=0 (0x0)
    "NoLogOff "=0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood "=1 (0x1)
    "NoRecentDocsHistory "=0 (0x0)
    "NoViewOnDrive "=0 (0x0)
    "NoAddPrinter "=0 (0x0)
    "NoDeletePrinter "=0 (0x0)
    "NoSetActiveDesktop "=0 (0x0)
    "NoWindowsUpdate "=0 (0x0)
    "DisableLocalMachineRun "=0 (0x0)
    "DisableLocalMachineRunOnce "=0 (0x0)
    "DisableCurrentUserRun "=0 (0x0)
    "DisableCurrentUserRunOnce "=0 (0x0)
    "NoStartMenuSubFolders "=0 (0x0)
    "NoCommonGroups "=0 (0x0)
    "NoSetFolders "=0 (0x0)
    "NoStartMenuMorePrograms "=0 (0x0)
    "NoStartMenuMFUprogramsList "=0 (0x0)
    "NoStartMenuPinnedList "=0 (0x0)
    "NoRun "=0 (0x0)
    "NoFind "=0 (0x0)
    "NoFavoritesMenu "=1 (0x1)
    "NoRecentDocsMenu "=0 (0x0)
    "NoLogOff "=0 (0x0)
    "StartMenuLogoff "=0 (0x0)
    "NoSMMyPictures "=0 (0x0)
    "NoStartMenuMyMusic "=0 (0x0)
    "NoActiveDesktopChanges "=0 (0x0)
    "NoViewContextMenu "=0 (0x0)
    "NoTrayContextMenu "=0 (0x0)
    "NoClose "=0 (0x0)
    "NoWinKeys "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TapiSrv "=3 (0x3)
    "gusvc "=3 (0x3)

    R0 AFPAnsi;CafeSuite File Protector;C:\WINDOWS\system32\AFPAnsi.sys
    R2 CafeAgent;CafeAgent of CafeSuite;C:\WINDOWS\system32\CafeAgent.exe /service
    R2 Canon NetSpot Suite Service;Canon NetSpot Suite Service;C:\Program Files\Canon\VDC\AuVdc.exe
    R2 P1100B_CT_CDI;Creative PD1100B HAL Service;C:\WINDOWS\system32\DRIVERS\P1100bCd.sys
    R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
    S3 P1100BVD;Creative WebCam Vista;C:\WINDOWS\system32\DRIVERS\P1100bVd.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e5b69e-3b15-11dc-9734-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e5b6a0-3b15-11dc-9734-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e5b6a1-3b15-11dc-9734-0050ba61d61d}]
    Auto\command - F:\infrom.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{062d7a30-341a-11dc-971f-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aac469e-1ee5-11dc-9721-0050ba61d61d}]
    1\Command - F:\.\RECYCLER\RECYCLER.exe
    2\Command - F:\.\RECYCLER\RECYCLER.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc88436-334c-11dc-971e-0050ba61d61d}]
    Auto\command - Macromedia_Setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Macromedia_Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc88437-334c-11dc-971e-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bsr.exe
    ´Ã²¿ª\command - bsr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e41630e-2f59-11dc-9713-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26036466-77cc-11dc-97a6-0050ba61d61d}]
    Auto\command - autoregistry.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2633e9ea-6007-11dc-976f-0050ba61d61d}]
    AutoRun\command - ntde1ect.com
    explore\Command - ntde1ect.com
    open\Command - ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296c27e7-54bb-11dc-975d-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ba932a9-3bdc-11dc-9735-0050ba61d61d}]
    Auto\command - Macromedia_Setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Macromedia_Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7ecc8a-2dd3-11dc-9710-0050ba61d61d}]
    Auto\command - F:\MicrosoftPowerPoint.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{385a9c4b-3672-11dc-9726-0050ba61d61d}]
    Auto\command - setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ef97f82-1f0f-11dc-9722-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ****er.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{411c80b9-6585-11dc-9779-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - F:\Flash.10.Setup.exe
    Open\command - F:\Flash.10.Setup.exe
    Scan for Viruses\command - F:\Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4227e7c5-707f-11dc-9795-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{431ac3da-454a-11dc-9743-0050ba61d61d}]
    AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5692241c-61bc-11dc-9771-0050ba61d61d}]
    AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5692241d-61bc-11dc-9771-0050ba61d61d}]
    AutoRun\command - F:\lexmark_intro.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5692241f-61bc-11dc-9771-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6546129f-76db-11dc-97a3-0050ba61d61d}]
    AutoRun\command - RavMon.exe
    explore\Command - RavMon.exe -e
    open\Command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69185636-5591-11dc-9761-0050ba61d61d}]
    Auto\command - WScript.exe Iexplore.vbs
    AutoRun\command - WScript.exe Iexplore.vbs
    Explore\command - WScript.exe Iexplore.vbs
    Open\command - WScript.exe Iexplore.vbs
    Search...\command - WScript.exe Iexplore.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d5070ca-3feb-11dc-9739-0050ba61d61d}]
    AutoRun\command - F:\werPoint.exehutvfiqh.exe
    explore\Command - F:\werPoint.exehutvfiqh.exe
    open\Command - F:\werPoint.exehutvfiqh.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f056eaa-4a1d-11dc-974e-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77687760-6cf3-11dc-978c-0050ba61d61d}]
    Auto\command - F:\infrom.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79b751e7-6b2c-11dc-9787-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bccaceb-6be5-11dc-9789-0050ba61d61d}]
    AutoRun\command - ntde1ect.com
    explore\Command - ntde1ect.com
    open\Command - ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bccacec-6be5-11dc-9789-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - F:\Flash.10.Setup.exe
    Open\command - F:\Flash.10.Setup.exe
    Scan for Viruses\command - F:\Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a5c7f70-5f37-11dc-976e-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a5c7f72-5f37-11dc-976e-0050ba61d61d}]
    Auto\command - Ghost.pif
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a5c7f75-5f37-11dc-976e-0050ba61d61d}]
    Auto\command - F:\MicrosoftPowerPoint.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e5b6600-506f-11dc-9757-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bsr.exe
    ´Ã²¿ª\command - bsr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{977f4314-3e52-11dc-9737-0050ba61d61d}]
    Auto\command - setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{977f4315-3e52-11dc-9737-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a647e0fa-3988-11dc-972e-0050ba61d61d}]
    Autoplay\command - MySexy.exe
    AutoRun\command - MySexy.exe
    Explore\command - MySexy.exe
    OPEN\command - MySexy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3f3f1a-2ea1-11dc-9712-0050ba61d61d}]
    Auto\command - F:\setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae7fc25a-803c-11dc-97ac-0050ba61d61d}]
    AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae7fc25d-803c-11dc-97ac-0050ba61d61d}]
    AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2a3ad44-7249-11dc-9799-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3d8f3a4-4942-11dc-974c-0050ba61d61d}]
    AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45a26c3-64e2-11dc-9777-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45a26c4-64e2-11dc-9777-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - Flash.10.Setup.exe
    Open\command - Flash.10.Setup.exe
    Scan for Viruses\command - Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca477ed3-409c-11dc-973a-0050ba61d61d}]
    Auto\command - F:\Ghost.pif
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8bbc5a5-3a57-11dc-9731-0050ba61d61d}]
    Auto\command - Macromedia_Setup.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Macromedia_Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6a8d384-6d68-11dc-978d-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
    Explore\command - F:\Flash.10.Setup.exe
    Open\command - F:\Flash.10.Setup.exe
    Scan for Viruses\command - F:\Scanner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e1787a-3f10-11dc-9738-0050ba61d61d}]
    AutoRun\command - F:\idstick.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e1787e-3f10-11dc-9738-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ****er.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edd54da2-38e0-11dc-972a-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edde2bf4-671e-11dc-977d-0050ba61d61d}]
    AutoRun\command - F:\ntde1ect.com
    explore\Command - F:\ntde1ect.com
    open\Command - F:\ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efb7a9ae-2dc2-11dc-970f-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bsr.exe
    ´Ã²¿ª\command - F:\bsr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9c6e7aa-4174-11dc-973c-0050ba61d61d}]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ****er.vbs

    *Newly Created Service* - CATCHME
    *Newly Created Service* - HTTPFILTER
    *Newly Created Service* - SSMDRV
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-29 14:08:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-29 22:24:07
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-29 22:25:30
    .
    --- E O F ---
    here i upload image view for more clarificatin plz visit
    [​IMG]
    <a href= "http://img91.imageshack.us/my.php?image=jambanqi8.jpg" target= "_blank "><img src= "http://img91.imageshack.us/img91/4039/jambanqi8.th.jpg" border= "0" alt= "Free Image Hosting at www.ImageShack.us" /></a>
     
    z4u,
    #1
  2. 2007/10/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi z4u,

    Please make sure you have Windows set to show hidden files and folders. The files I refer to next have hidden attributes.

    Please upload the following files to my submission channel. Leave a link back to this topic.

    C:\WINDOWS\Document1.exe
    C:\WINDOWS\*.exe << this is actually the name of the file
    C:\WINDOWS\iun6002ev.exe

    Have you been running setups from a flashdrive? I appears that the drive(s) is heavily infected. I'd recommend you insert the flash drive, open My Computer, then right click the flash drive icon (is it the F: drive?) and select format, to erase ALL data.

    We'll continue once I've had an opportunity to inspect the files you are to upload.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/10/30
    z4u

    z4u Inactive Thread Starter

    Joined:
    2003/07/08
    Messages:
    350
    Likes Received:
    0
    thanx for ur response noahdfear i've mass my system and reformeted i found flash kill software to kill this kind of virus once i run i lost my whole windows exe file can't run any thing and final i've reformat and reinstall it. but i have seen it's heavily spreading virus in Malaysia and so far avira antivirus working fine to detect these kind of virus and delete them my system infected .
    tq
     
    z4u,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...