dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed

Albuquerque, NM
reply to Treabone

Re: [Malware] Malware infection from fake adobe update

I do this as a volunteer, on my own time and on occasion I try to have a life of my own. This just happens to be one of those occasions. You are more than welcome to place your logs elsewhere.

If you decide to stay here....
You can delete the Combofix download. We'll go about this another way with a different program.


Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

When you post the Sophos log, also let me know what problem(s) still exist.
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


El Cajon, CA
First let me take a moment to let you know how much I appreciate your help. I REALLY DO. I hope i am able to pay this forward one day.
I ran the tried to run the GMER but it would not run... said it was a file that was marked for deletion. I ran it in Safe Mode.

Here is the Sophos log:
GMER - »www.gmer.net
Rootkit scan 2012-09-23 19:35:49
Windows 6.1.7601 Service Pack 1
Running: knl5bzif.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\8c7cb5ffbbdc
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0xFD 0xDD 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFE 0x92 0x80 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x92 0x1E 0xD1 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\8c7cb5ffbbdc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0xFD 0xDD 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFE 0x92 0x80 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x92 0x1E 0xD1 0xCA ...

---- EOF - GMER 1.0.15 ----

Problems im getting are related to my browsers, firefox and explorer. Every google search sends me to a bogus website. Also, zonealarm is no longer working and everytime the computer boots i get a message that says I'm missing some sort of .dll file. I'll have to reboot so that i can write it word for word.



El Cajon, CA
reply to LoPhatPhuud
Here is the message that i get whenever i boot under the title zatray.exe - Ordinal not found:
The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll.

Crunchin' For Cures
Numquam oblita
Purple Zone
reply to Treabone
said by Treabone:

I really don't mean to be a pain and i certainly don't want to seem impatient but could someone please point me in the direction i need to go next? Combofix would not install and i'm really in a bind. Please help...please.


Just because...we are volunteers here

When you perform the guidelines here for pre-clean requirements, and start a help thread - you are embarking on a journey.

You're one part of the effort to confirm safe passage on the internet, and your "helper" is the other. It's teamwork at it's finest.

It's also time 'gifted' at your helpers discretion & time allowed
Patience is not only appreciated..but certainly expected

Our expectations - from start to finish are that we leave you safe and clean, and educated on how to prevent re-infection.
This is a free service we offer, and our volunteers are unpaid. They do it because they truly enjoy helping people.

Please follow all of the requests made by your Helper, including submitting to the Forum all log results.

Await patiently a reply before questions

This helps others who frequent this forum to learn or who are seeking answers as well, to see what is going on.

We need to ascertain that everything is truly "ok".

Note that many of the utilities utilized require a formal uninstall process to return your system to a normal operating state.

It's work - yes, but it's necessary.

Therefore, we ask you please see this through till your "helper" deems you "clean". You can do it!
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~