TechSpot

Funny UST Scandal virus help

By c8ddymon
Mar 1, 2008
  1. Hey everyone...Well, apparently I got this virus from a friend that I momentarily lent my jump drive to, so that he could get some files off of me. My laptop, which received the infection, did not say anything. It wasn't until recently that I remembered to install ad-aware to all my computers that I found a worm, the W32.Imaut.AA. My msconfig was disabled and it wouldn't let me choose show hidden files in explorer. Well, the weird thing however, is that I have not used my jump drive in this computer for awhile, which would mean that the worm has been there for awhile, but I have not had the show hidden files function disabled on me until this pas Wednesday, when I ran ad-aware. The good thing was that Ad-aware was able to remove the virus and I ran it once again in safe-mode and it found some restore files that it seems to have deleted. Then I ran trendmicro and they found something that affects jumpdrives, and I deleted all those things as well. After the initial scan from as-aware, I could not click on my C: drive through my computer. It would tell me that it could not run the process in win32 or something, but I was able to browse to my c: drive through the drop down address box in explorer. I do not know if it was after the second scan in safe mode or if it was trendmicro that did this, but I am able to click on the C: icon again to get in. So I just want to make sure that everything is clean, and then I plan on doing a format just to be safe (I don't want to run the chance of a re-installing virus if you remember from my first post!). Ok, on to why I think it was in my jump drive...when I put that jump drive into my desktop, Norton found the funny ust scandal virus and was able to delete it immediately. I think it worked, because ad-aware was not able to find anything and trendmicro found a trojan_generic and it deleted it, but I do not know how long that has been there. I will be scanning that computer fully to just to make sure, so should I be putting that in this thread or a new one?

    Panda antirootkit found nothing and neither did combofix.

    finally, a few questions/concerns that I have:
    -I have had combofix on my desktop for awhile and all of a sudden yesterday, norton said that it detected a trojan horse in combofix what could have happened?
    - I don't remember this about smitfraud, but whenever I started it, it would say "input error, there is no script engine for file .vbs. System cannot find specified." but the program worked fine (to my knowledge)
    - when I installed AVG, it detected NOT.A.VIRUS.Monitor.W32.AKL.25, and another file like that, it is in my AVG scan log. I did select quarantine items but for some reason it did not quarantine, and my log file says no action taken. So I really do not know what happened there.
    - I forget which program notice this, but there was a Toshiba file that was affected. I forget which one, I apologize, but I believe it was through my first ad-aware scan

    If you need anymore information please let me know! I apologize for the lengthy message, but there was so much that happened. Thanks in advance everyone, you guys are the best!
     

    Attached Files:

  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    STEP12:

     
  3. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Did I not do that? I did everything before I posted the logs...right?
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Just making sure as this made me think you may have an older version


    How do you know that combofix found nothing?
     
  5. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Hey Blind Dragon,
    Sorry for the confusion, but the computer that is being worked on is the laptop, and Norton did not say anything about combofix on the laptop. However, I had placed all the removal tools on my desktop computer from a previous fix that I did, and all of a sudden yesterday, Norton said that it was a trojan horse, but it was unable to remove it because "access denied". i have had the folder of all the removal tools there for awhile, and Norton never popped up with that message before.

    In regards to combofix, I apologize, i might have been confused. Well, this combofix seems different then the one i used last time...unless i am completely wrong. Last time i ran combofix and it found the virus Kxxxxxxxxxxxxxxxx and removed it for me. I forget the name, but it was a long name with a whole bunch of numbers. This time it did not find anything. I thought it was like that last time, not too sure anymore. I apologize for any confusions. It has been awhile so I don't really remember.
     
  6. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    can I assume that my laptop is ok to use when numerous scans from AVG, Spybot S&D, trendmicro all come back negative for viruses or malware? the only thing being found are Not.A.Virus.Downloader.W32 and Not.A.Virus.Monitor.W32, which apparently come from espn.com. Please if anyone can read my logs! being able to use the laptop is really important! thanks in advance.
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  8. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    thanks, but I do not have a sony computer, I have a Toshiba laptop, sorry if I forgot to mention this. When I tried the program, it said that there were no Sony drivers installed. Is there one for toshiba? also, I believe that either spybot or avg antispyware, found that virus but I have quarantined it for now.
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    run the kaspersky online scan then as I am sure they have definitions for it, and let's see what else it finds.

    :Run Kaspersky Online AV Scanner:

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
     
  10. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Hey Blind Dragon, here are a few updates:
    My Norton is expired, and it seemingly just does not want to detect anything for me, so I installed avast! anti-virus. I ran a virus scan during boot up, and it detected a vbs:malware-gen, and detected over 2000 traces of it. I believe they were all located in the restore files i believe, of windows. I cleaned them all (I apologize if I was not suppose to do this).

    I then ran he Kaspersky online scanner you told me to and included here is a log file of the scan.

    Lastly, I ran hijackthis once more and have included that log as well.

    Hopefully my laptop will be ok, I still plan on formatting and zero-filling the drive (by the way, do you know any program that will do this?) but I want to be sure that I can at least use the laptop for now, and that no traces will be left behind whatsoever.

    Thank you again Blind Dragon for all of your assitance so far. It is greatly appreciated!
     
  11. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Hey Blind Dragon, here are a few updates:
    My Norton is expired, and it seemingly just does not want to detect anything for me, so I installed avast! anti-virus. I ran a virus scan during boot up, and it detected a vbs:malware-gen, and detected over 2000 traces of it. I believe they were all located in the restore files i believe, of windows. I cleaned them all (I apologize if I was not suppose to do this).

    I then ran he Kaspersky online scanner you told me to and included here is a log file of the scan.

    Lastly, I ran hijackthis once more and have included that log as well.

    Hopefully my laptop will be ok, I still plan on formatting and zero-filling the drive (by the way, do you know any program that will do this?) but I want to be sure that I can at least use the laptop for now, and that no traces will be left behind whatsoever.

    Thank you again Blind Dragon for all of your assitance so far. It is greatly appreciated!
     
  12. kritius

    kritius TS Guru Posts: 2,084

    I would completely get rid of all the Symantec stuff that you have in there.

    An optional step may be to get rid of the viewpoint stuff if you dont use it, its classed as foistware,
    To get rid of it,

    Go to Start > Run and copy/paste or type: taskmgr

    * Under the Processes tab find the following tasks or processes:
    ViewpointService.exe
    ViewMgr.exe

    * Highlight and click "End Process".
    * Exit Task Manager.

    Click on Start > Run and type: services.msc

    * Press "OK".
    * Click the "Extended tab".
    * Scroll down the list and find the service called "Viewpoint Manager Service"
    * When you find the service, double-click on it.
    * In the Properties Window > General Tab that opens, click the "Stop" button.
    * From the drop-down menu next to "Startup Type", click on "Disabled".
    * Now click "Apply", then "OK" and close any open windows.

    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Finally, delete the following folders if they still exist:
    C:\Program Files\ViewManager\ <-- and delete this folder
    C:\Program Files\Viewpoint\ <-- and delete this folder


    As I said though, this is optional.
     
  13. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Hey Kritius, thanks for the suggestions. So, should I delete all symantec stuff as in uninstall norton anti-virus? I will definitely delete all the viewpoint stuff too when i get the chance...swamped with work right now, so I will take care of that as soon as possible. As for my logs, how do they look? also, what about what avast! found (the VBS malware-gen)? Is my laptop going to be ok to format and possibly zero-fill? Because I do not know if this virus will still linger in the system, like the last virus I had? Thanks again for all the help everyone!
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  15. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    the last time I had a virus, I formatted the drive and I kept getting the virus over and over again. I don't think I connected anything to it, but the virus kept coming back. Last time i only formatted though, I heard that 0-filling destroys the boot sector thus making sure that there is nothing there anymore? I just want to do a clean just to make sure that nothing comes back after a fresh install. Also, do you know of any free program that I can use to 0-fill? I have a maxtor max-blast cd, and I think I got it to work with a non-maxtor drive once, but other times were unsuccessful. Also, I am not able to format right at this instant, so I wanted to be able to use the laptop without risk of stolen information.
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  17. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    Hey everyone, So I am finally zero-filling my laptop, so hopefully that will be all done and taken care of. But, I am scanning my home computer now with avg anti-spyware, and it says that I have not-a-virus.downloader.keylogger.a ....I am hoping that AVG can take care of it, but could I use the Kaspersky scan for that as well? how serious is that adware, because AVG classifies it as low? I have no idea how I even got that thing. I think I scanned that computer a few weeks ago and it didnt get detected i don't think. Any help with this is much appreciated! And should i start using spybot teatimer to help stop installation of these files? Please help!!
     
  18. kritius

    kritius TS Guru Posts: 2,084

    Use Kaspersky to get rid of it, its better to get rid of it.

    A low risk virus is still a virus.
     
  19. c8ddymon

    c8ddymon TS Rookie Topic Starter Posts: 17

    hey, thanks for the response! So I checked out where it came from and it was loaded in a program that converted dvds to ipods. I don't think I have installed it, because it can't find any other traces of it, but I deleted the setup file anyways. Would it really have been a keylogger?
     
  20. kritius

    kritius TS Guru Posts: 2,084

    You never know, sometimes they can throw false positives at you so Im not really sure.
     
  21. ungrounded

    ungrounded TS Rookie


    i dont know what the hell is that HJT and where to get it. here's the combofix that u were saying. hope u could help me. thank you.​
     
  22. kritius

    kritius TS Guru Posts: 2,084

    Please post your own thread and do not hijack someone elses.
     
  23. ungrounded

    ungrounded TS Rookie

    im just new here and im must've clicked the wrong button. u just relax, alright? haha
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    http://www.techspot.com/vb/menu28.html

    you can click new thread from here to start your own thread. The instructions given in this thread are specific to the person that started the thread. Just like in your thread -> your instructions will be specific to your problems
     
  25. ungrounded

    ungrounded TS Rookie

    i did the 'kasperky' thing and this all i've got. what should i do next?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...