trojan.gen 2

Fruggyman · ‎06-07-2012

I'm getting the same trojan as this one, but mine is a different file and I can't see it when I go to the area it is supposed to be.

Full Path: c:\windows\installer\{b6b05d6e-5d81-e709-1dae-2cefa390dfab}\u\80000000.@
Threat: Trojan.Gen.2
____________________________
____________________________
On computers as of 6/7/2012 at 8:03:04 PM
Last Used 6/7/2012 at 8:03:04 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________

____________________________
File Actions
File: c:\windows\installer\{b6b05d6e-5d81-e709-1dae-2cefa390dfab}\u\80000000.@
Blocked
____________________________
File Thumbprint - SHA:
af47fc350c1902b94ab0b2ea8bba4daa8350e5e1d5fb61ff2f271612e511d4ae
____________________________
File Thumbprint - MD5:
1bf005160d6c0469601128d75e8a0044
____________________________

Quads · ‎07-21-2008

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Download OTL hxxp://oldtimer.geekstogo.com/OTL.exe (change the hxxp to http) save it to your Desktop.

Double click on OTL.exe to run it. Right click OTL.exe and select run as administator for Vista and Win 7.

Disable Norton for say 30 minutes

Start OTL,

Click the Scan All Users checkbox.

Change file age to 60 days

under Copy and paste what is below between the lines

msconfig
activex
drivers32
netsvcs
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe

mswsock.dll
wininit.exe
services.exe

svchost.exe
tdx.sys
afd.sys
cdrom.sys
i8042prt.sys
netbt.sys
redbook.sys

mrxsmb.sys

/md5stop

hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Press the

An OTL.txt will be created.

Quads

Fruggyman · ‎06-07-2012

Here is the OTL Quads.

Thanks for trying to help.

Quads · ‎07-21-2008

You did not do as the instructions said, if you do not do as I instruct with these advanced tools I cannot help.

Read the instructions again

Quads

Fruggyman · ‎06-07-2012

I'm sorry about that Quad.Let's try again.

Here it is.

Quads · ‎07-21-2008

Your system is a mess and will take some steps and time to break the infections and clean the system up.

I see you used Combofix BAD and why??

It looks like at least you have 2 variants of zeroaccess rootkit and gawd knows what else is going on.

Quads

Fruggyman · ‎06-07-2012

It was a long time ago I think, someone else helped me back then.

Thanks.

Fruggyman · ‎06-07-2012

I forgot to add this picture that I captured at the end, or I think so, of the scan.

Quads · ‎07-21-2008

End of what scan??

Quads

Fruggyman · ‎06-07-2012

The OTL scan. It just stops working but still looks like it is stuck on a single file trying to scan it, but there is a text file on the desktop. It did it both times I ran it.