Lill problem..

Lill problem..Sat Mar 28, 2009 6:22 am

Guys, i got some problem with my friend computer.. Anyway, i remove a lot of malware, but cant find one who doing this

Code:

2009-03-27 23:08 28,672 a------- c:\windows\system32\11.tmp
2009-03-27 23:08 162,304 a------- c:\windows\system32\D.tmp
2009-03-27 23:08 128 a------- c:\windows\system32\B.tmp
2009-03-27 23:05 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-03-27 23:05 37,376 a------- c:\windows\system32\reader_s.exe
2009-03-27 23:05 28,672 a------- c:\windows\system32\1A.tmp
2009-03-27 23:03 128 a------- c:\windows\system32\E.tmp
2009-03-27 20:52 37,376 a------- c:\documents and settings\administrator\reader_s.exe
2009-03-27 20:50 28,672 a------- c:\windows\system32\1E.tmp
2009-03-27 20:47 128 a------- c:\windows\system32\3.tmp
2009-03-27 20:30 11,451,347 a------- c:\windows\services.exe
2009-03-27 20:30 28,672 a------- c:\windows\system32\28F.tmp
2009-03-27 20:28 128 a------- c:\windows\system32\287.tmp
2009-03-27 18:56
--d----- c:\program files\Valve
2009-03-27 16:47 29,696 a------- c:\windows\system32\F.tmp
2009-03-27 16:46 71,680 a------- c:\windows\system32\A.tmp
2009-03-27 16:46 124 a------- c:\windows\system32\9.tmp
2009-03-27 15:32 36,864 a------- c:\windows\system32\dxonool32.sys
2009-03-27 15:32 8 a------- c:\windows\system32\comsa32.sys
2009-03-27 15:32 212,992 a------- c:\windows\system32\w.exe
2009-03-27 15:32 212,992 a------- c:\windows\system32\tpszxyd.sys
2009-03-27 15:32 195,072 a------- c:\windows\system32\afisicx.exe
2009-03-27 15:32 0 a------- c:\windows\system32\371.tmp
2009-03-27 15:32 31,744 a------- c:\windows\system32\370.tmp
2009-03-27 15:32 80 a------- c:\windows\system32\36D.tmp
2009-03-27 14:59 4,767 a------- c:\windows\Irremote.ini
2009-03-26 21:13 1,757,184 a------- c:\windows\system32\imagX7.dll
2009-03-26 21:13 802,816 a------- c:\windows\system32\imagXRA7.dll
2009-03-26 21:13 497,296 a------- c:\windows\system32\imagXpr7.dll
2009-03-26 21:13 368,640 a------- c:\windows\system32\TwnLib4.dll
2009-03-26 21:13 258,048 a------- c:\windows\system32\imagXR7.dll

Is that some kind of Vundo or i don't know.. Because create some stupid files name 370.tmp and somehting like that for 100 times.. Already removed some Trojan horse, and a lot of Spyware with Hijack and Malwarebytes. But when DSS scan his computer, only i can't find is that one.

Tell me if you need whole log file.

............................................................................................
Lill problem.. V45u80

Re: Lill problem..Sat Mar 28, 2009 10:34 am

Hello Nazz.
Bad news, it's not Vundo.

It's Virut. I see these files all too often. Virut is a file infecter, infecting every single .exe and .scr type files on the machine.

Sorry, but for this machine, it's game over.
See here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Backup anything the user doesn't want to lose and format the machine.

DO NOT backup any of these file types because they are infected.
htm/html/asp/php/exe/scr

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Lill problem.. DXwU4