TechSpot

Strange infection incl. logs

By pbogdanovic
Dec 4, 2007
  1. Random crashes of various programs (Firefox, Outlook, Skype, FS2004...) usually connected to ntdll.dll or some other .dll file.

    Logs included. Thanks!
    Alex
     
  2. evilfantasy

    evilfantasy Banned Posts: 428

  3. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Here the Hijack log from normal mode. AVG scan will take more time, will post later.

    Thanks for your help!

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

    Hope this is okay now, attached AVG log
     
  4. evilfantasy

    evilfantasy Banned Posts: 428

    Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

    NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser
    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.


    How are things now?
     
  5. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Did everything as instructed. However, problems continue. Got the bluescreen this time and the following after 2-3 hours of normal work (Outlook, Firefox, Skype...) and while scanning with Spyware Doctor:

    The system has recovered from a serious error
    Error signature: BCCode : 24 BCP1 : 001902FE BCP2 : BACE3AA8 BCP3 : BACE37A4
    BCP4 : 8052C491 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

    The following files will be included in this error report:
    C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\Mini120507-01.dmp
    C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\sysdata.xml

    Thanks for your help!
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Delete the copy of combofix you have and run a new scan with the log attached to the next post.

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    2. When finished, it will produce a log for you.
    3. Attach that log in your next reply.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause your computer to stall
     
  7. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Ran ComboFix. After reboot got error messages about two programs that could not be located and cannot run.

    Attached pls find the logfile.

    Thanks again for your help!
     
  8. evilfantasy

    evilfantasy Banned Posts: 428

    Please download the trial version of SpySweeper

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Run the installer. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:

    * Sweep Memory
    * Sweep Registry
    * Sweep Cookies
    * Sweep All User Accounts
    * Enable Direct Disk Sweeping
    * Sweep Contents of Compressed Files
    * Sweep for Rootkits


    * Please UNCHECK Do not Sweep System Restore Folder.


    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.

    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish
    * Paste the contents of the session log you copied into Notepad and save it to your desktop.
    * Attach the summary in your next reply along with a new HijackThis log.

    Also post a new Hijack This log.
     
  9. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Current version of Spy Sweeper seems to differ somewhat from previous ones, but I still managed to scan as instructed.

    Attached please find the log.
    Thanks!
     
  10. evilfantasy

    evilfantasy Banned Posts: 428

    Sorry about the guide, it has been in use for a while, I will need to update it.

    You can uninstall SpySweeper as we are done with it.

    Use the a-squared online scanner

    1. Select Scan your PC now!
    2. Select Deep Scan
    3. Click on scan
    * The scanning engine will load any updates, this may take a few minutes so please be patient.
    **IMPORTANT: Before doing anything else, first click on Save Report and save the report to the Desktop This will put a log on the desktop named a2scan_######
    4. Place a check mark next to the items found and select to Quarantine selected objects
    * To delete the items found hold down the Ctrl button on your keyboard and click each item to hilight it. Once all are selected click Delete

    Add the a2scan_ as an attachment in the next post along with a new HijackThis log.
     
  11. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Unfortunately, I am unable to run a-squared online scanner. I tried it three times, but every time I receive a 0x000000024 stop error / bluescreen.

    I will try again in Safe Mode, but fear the result will be the same. Before it reboots, SpySweeper does find some serious infections in the system.
     
  12. evilfantasy

    evilfantasy Banned Posts: 428

    Those are mainly cookies and temp. files.

    Try to run the online scan.
     
  13. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    It did find also Trojan-Dropper.Win32.Agent.cuj before it crashed also under Safe Mode.
    However, the Stop Error was in ntfs.sys, so there really might be a HDD error. I'm running chkdsk now to make sure everything is okay.

    I was unable to run a-squared online scanner to the end. Each time it was running it simply shutdown Internet Explorer before completing.

    I tried restarting it several times and each time it was the same. I had to manually cancel the scan in order to be able to remove Trojan-Dropper.Win32.Agent.cuj. Continuing the scan afterwards, the same thing happened again - Internet Explorer simply shuts down close to the end of scanning.

    Included is the new Hijack log.
    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
     
  14. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Could anyone please help?
     
  15. evilfantasy

    evilfantasy Banned Posts: 428

    Suggestions.

    Spyware Doctor is heavy on resources, uninstall it and replace it with SUPERAntispyware Free Edition (SAS)

    Zone Alarm is a resource hog as well PC Tools Free firewall is a good replacement.

    Then do a scan with SAS.

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment in the next post.
     
  16. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    It seems everything is clean now!
    Thank you very very much for your kind help!
     
  17. evilfantasy

    evilfantasy Banned Posts: 428

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u

    [​IMG]

    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
     
  18. pbogdanovic

    pbogdanovic TS Rookie Topic Starter

    Thanks again!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...