[A] win32/Small.CA virus

Inactive
By kmorford
Jan 18, 2013
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    See if you can open Notepad by double clicking on this file:
    C:\Windows\System32\notepad.exe
  2. kmorford

    kmorford TechSpot Member Topic Starter Posts: 49

    Nope same thing icon shows up on the task bar as if it is open and minimized. I can not get it to maximize. running notepad.exe from cmd does he same thing.
  3. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    What about 32-bit from here:
    C:\Windows\SysWOW64\notepad.exe
  4. kmorford

    kmorford TechSpot Member Topic Starter Posts: 49

    Nope samething
  5. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Go ahead with other steps.
  6. kmorford

    kmorford TechSpot Member Topic Starter Posts: 49

    Farbar Service Scanner Version: 16-01-2013
    Ran by moradm (administrator) on 21-01-2013 at 21:33:08
    Running from "C:\Users\moradm\Downloads"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
    "NoAutoUpdate"=DWORD:1


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    I still need Security Check and Eset logs...
  8. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Still with me?
  9. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.