TechSpot

Virus Infection, please help!

By krystal
Aug 6, 2007
  1. Hi,

    I am running MS Windows Server 2003 Enterprise Edition on my development PC with SP2. It has been infected with virus and I always thought that my Anti virus software will clean and disinfect for me. Somehow, they keep on coming back. The anti virus software reports that they have found and quarantined the viruses everyday when I start up the PC, which means the viruses are still on the PC. I cannot afford to reformat the hard disk as there are so many development environment settings that's been done previously. Would greatly appreciate if anyone could lend a helping hand to see how should I overcome my problem.

    The following is the list of viruses reported by Symantec:
    file: od3mdi.dll virus name: Infostealer.Phax
    file: 1.sfx.exe virus name: Infostealer.Lineage
    file: DWHE8EP.tmp virus name: Hacktool.Rootkit
    file: DWHE4F7.tmp virus name: Trojan Horse
    file: avp.exe virus name: Infostealer.Gampass

    I ran HijactThis tool today and the log is attached as follow:


    Thank you.

    Krystal
     
  2. ttray33y

    ttray33y TS Rookie

    whats AV do your use:

    Symantec?
    F-Prot?
    AVG?
    ------------------
    DWHE8EP.tmp virus name: Hacktool.Rootkit - it is hidden virus/trojan

    maybe your AV dont support Rootkit removing, download some rootkit removers (search the forum) or you may try Kaspersky 7 the best=beast AV ever made.
     
  3. tester

    tester TS Rookie

    go to F-secure.com and enter thenames and odds are they will have a removal tool for each that you have listed
     
  4. almcneil

    almcneil TS Guru Posts: 1,277

    Symantec has instructions at its web site on how to manually remove any virus that the utility detects but cannot remove itself.
     
  5. krystal

    krystal TS Rookie Topic Starter

    hi ttray33y:
    Originally I had Symantec, but it didn't do the job so I added F-prot. I also added AVG spyware after the infection. I'll remove all except Symantec once I have the PC cleansed.
    I downloaded Kaspersky 7 but I can't install on W2003 server, it says OS not supported.
    tester:
    Tried to search for the virus name on F-Secure site but didn't find much help.
    almcneil:
    Went to Symantec site and gather all information on how to remove the above viruses. Followed the instruction and removed Infostealer.Phax but when reboot symantec still reported that avp.exe and od3mdi.dll (files from Infostealer.Phax) had been quarantined. I am suspecting that the viruses are still there... However, symantec didn't report the rest of viruses found except Infostealer.Phax.

    Thanks for all your pointers, I have just install another sypware tool: Spyware Doctor from PC Tools, and the scan has reported no threats detected. I hope this is true.

    Thank you.

    Krystal
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of krystal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. krystal

    krystal TS Rookie Topic Starter

    hi howard_hopkinso,

    Thank you for your reply and the detail steps to proceed. I am now at step13, running a full system scan with system administrator's right.

    Here's the outcome:
    Step1: All real time monitoring programs disabled.

    Step2: I use the original windows firewall, and symantec corporate edition antivirus.

    Step3: I ran the online scan 3 times.
    First time while it's running, I tried to click on one of the link on the result page and I was lead to some other page and I cannot get back to the scanning page so I restarted the scan. There were some vulnerable and 2 infections found(ADWARE_BHOT_IEHELPER & TSPY_LINEAGE).
    2nd time: It halted at the time when it said 1.25 minutes left for 2 hours+ and I have to leave, so I terminated everything and shutdown the PC. No vulnerable were reported this time but only the 2 infections above.
    This morning I run the 3rd time. It started off ok, running for about 1.5 hours, but gave me the blue screen at the end and rebooted the PC. On result page, before blue screen, only the vulnerable were shown but no infections reported reported.

    Step4&5: Downloaded HijackThis.exe and renamed.

    Step6: AVG Antispyware were previously installed. Updated and inactivated it.

    Step7&8: Downloaded and installed SS&D, Ad-Aware and done the setting and update.

    Step9: Ran CCleaner and cleaned for 3 times.

    Step 10: Downloaded and install all the 3 tools. Not infections were reported.

    Step11: AVG Antirootkit were installed previously. Disconnect from net and rebooted the PC to run the program. No rootkit path were found. Reconnect to the net.

    Step12: Combofix.exe reported incompatible OS when tried to install. (I am running windows server 2003).

    Here is a copy of the log from Tool1-rapport.txt and Tool3-VBG.txt

    I will post the result from step 13 onwards later. What's your opinion on the result so far? Thank you very much for your time and effort in helping me.

    Krystal
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    My opinion so far, is that things are looking encouraging. However, once I have your AVG Antispyware and HJT logs, I`ll be in a better position to advise you.

    Regards Howard :)

    This thread is for the use of krystal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. krystal

    krystal TS Rookie Topic Starter

    Continue...

    Hi Howard,

    Step13:
    Symantec Antivirus Corporate Edition reported no virus found.

    Step14:
    SS&D reported no immediate threats were found.
    Ran Ad-Aware 2007 instead of Ad-Aware personal se. Found and cleaned some traking cookies.
    Ran AVG-Antispyware. Log file is attached here.

    Step15:
    Ran HijackThis, log file is attached here.

    The system seems running ok now, no hiccups for the time being, I hope it's clean.

    Please analyze the HJT log file and let me know if anything I should do to make sure it is really clean.

    Thank you.

    Krystal
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your log files are clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of krystal only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. krystal

    krystal TS Rookie Topic Starter

    Thank you.

    Thank you for your help, I'll keep on monitoring my PC closely for any suspicious activities...

    Regards,
    Krystal
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...