Hi, the other day when I started my laptop, Symantec Antivirus detected over 1000 infostealer.gampass threats under C:\WINDOWS\system32\, most of which are repeated, here are the representatives:
cedafb.dll
cliconfgzx.dll
hhrdxd.dll
kbdswjr.dll
mfdesy.dll
midimapwl.dll
mndsgsrv.dll
msobjstl.dll
oswxdttb.dll
ozfyebyt.dll
rfdswc.dll
tdggrz.dll
Symantec can only delete a few of them and most of them were left unchanged.
The system then freezed and I had to force it shut down. After turning it on again, a few more threats were detected and there were several pop-up messages :The application or DLL C:\Windows\System32\abcdefg.DLL is not a valid Windows Image. Please check this against your installation diskette (i don't remember the exact dll file name), which pops up again when I closed it.
Later I used AVG antivirus to scan it and quarantined some trojan horse PSW.Generic6.pll, downloader.Generic.ufo, PSW.onlinegames.auxa, etc. Since then there are no more pop-up threats and error messages and no obvious symptom except the system is slower. But I am still very concerned since the trojan can steal passwords.
I am a computer novice and it takes me quite a while to complete the preliminary removal procedures. When I run combofix, I did not see any prompts and it just did its thing and the computer automatically reboot. I am not sure it is done the right way. Anyway here are the logs. Also Panda Antirootkit scan and vundofix did not detect anything.
Thanks for help in advance.
ps:my windows is chinese, so there are some chinese characters in the logs, but i guess that's not a problem, right?
cedafb.dll
cliconfgzx.dll
hhrdxd.dll
kbdswjr.dll
mfdesy.dll
midimapwl.dll
mndsgsrv.dll
msobjstl.dll
oswxdttb.dll
ozfyebyt.dll
rfdswc.dll
tdggrz.dll
Symantec can only delete a few of them and most of them were left unchanged.
The system then freezed and I had to force it shut down. After turning it on again, a few more threats were detected and there were several pop-up messages :The application or DLL C:\Windows\System32\abcdefg.DLL is not a valid Windows Image. Please check this against your installation diskette (i don't remember the exact dll file name), which pops up again when I closed it.
Later I used AVG antivirus to scan it and quarantined some trojan horse PSW.Generic6.pll, downloader.Generic.ufo, PSW.onlinegames.auxa, etc. Since then there are no more pop-up threats and error messages and no obvious symptom except the system is slower. But I am still very concerned since the trojan can steal passwords.
I am a computer novice and it takes me quite a while to complete the preliminary removal procedures. When I run combofix, I did not see any prompts and it just did its thing and the computer automatically reboot. I am not sure it is done the right way. Anyway here are the logs. Also Panda Antirootkit scan and vundofix did not detect anything.
Thanks for help in advance.
ps:my windows is chinese, so there are some chinese characters in the logs, but i guess that's not a problem, right?