Conficker made my IEXPLORE disappear!

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Savage Belief]

Hey all,

I'm working on my in-laws PC today and we re-installed XP because their system was bogged down with all kinds of crap so a clear and install was the quickest solution.  Granted, my mom in-law did the reinstall so I don't know if she deleted the partition before the install, but when I tried to activate Windows it wouldn't connect to their servers (or anyother Microsoft site for that matter).  So I figured it had the conficker.  So I downloaded the bd tools cleaner and rebooted.  When it came back up and I tried to connect to the internet it told me it couldn't find IEXPLORE and asked me if I wanted to fix it, so I did.  Then the IE shortcut I was using disappeared.

So now I'm stuck.  What now?

[Samker]

Hi Savage Belief,

Don't worry we will help you with this, please follow next instruction so we can do that ASAP:

1. Provide us all possible details related to yours problems / infection.

2. Run Kaspersky Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html

4. Provide us logs from HijackThis & AntiVirus Online Scan


We will wait your reply (with logs).

Regards,

SCF Team

[Savage Belief]

I can't get to the Kapersky site to DL the software but here's the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:02 PM, on 4/5/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F6F8F8-7545-4A00-8343-2A1EF5E4B202}: NameServer = 72.223.11.96
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: DelSrv Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\DelSrv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe

--
End of file - 4700 bytes

[Savage Belief]

Oh, BTW I ran a StopSign scan and this PC also has Win32.Virut.30

Since Stop Sign wants money to clean it I attempted to load Avira but it will not install.  It runs through the start of the install process but then stops.

[Savage Belief]

Ok, I managed to find Kapersky on cnet but it will not install.  The same situation as Avira.  I hope the hijackthis log helps.

[Samker]

Thanks SB,

We will analyze your HJT log in the next few hours and provide you new instructions.

Regards,

S.

[Samker]

SB, please follow my next instructions and after them provide us new fresh logs (try again Kaspersky):


1. Download and Run Full Scan with Microsoft Removal Tool: http://scforum.info/index.php/topic,4510.0.html

2. Download, Install, Update and Run Full Scan with Malwarebytes' Anti-Malware: http://scforum.info/index.php/topic,2201.0.html

3. My recommendation is also to uninstall current AntiVirus and install AVG (Free Version): http://free.avg.com/download-avg-anti-virus-free-edition
After that, Update your AntiVirus and also run Full Scan.


That's all for now, I'll wait your next reply (logs).

Best Regards,

Samker

[Savage Belief]

It's kinda funny.  I can't get to any of those pages to download any of those tools.  I get page load errors in Mozilla.  Well, it's funny because it's not my PC.  If it was mine I'd be pissed.

So what next?  I'm thinking replace the HDD.  I could probably pick up a 40 gig one for about $20 at Fry's.

[Savage Belief]

Boy, this is nasty.  I can't even pull up task manager.  Or services.  When I try to run services.msc I get an error that it can't find mmc.exe. 

The plot thickens...

[Samker]

SB, this is very difficult "infection".

Try to install and run at least this Microsoft Tool via memory stick.

I also need new HJT log.