Emptied.
Sorry for double post.
Separated the logs into 2 posts,now…
Regarding WIN32.DLL quarantined in Combofix…scanned with Virustotal.com but 0/41?
The only two removal are (below)
c:\windows\system32\w32apiw.dll (Can anyone clarify on this?)
c:\windows\system32\win32.dll (from avast.com basically a Worm sends the above mentioned file WIN32.DLL in a separate message to the all e-mail recipients. Such message has no subject and no text body and attached file has one of the following names (PIF files are executed by doubleclick!):
But i didn’t use any mailing software ,not even MSN. Does it affects forum messaging?
Is my computer clean? and what to do next …
Can anyone help please? ???
Active tasks seem OK:
Survey of active taksls:
smss.exe
System task
Session Manager Subsystem
winlogon.exe
System task
Microsoft Windows Logon Process
services.exe
System task
Windows Service Controller
lsass.exe
Systeem taak
Local Security Authority Service
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
aswUpdSv.exe
Virusscan
Avast Anti-Virus Component
ashServ.exe
Virusscan
Avast
spoolsv.exe
System task
Microsoft Printer Spooler Service
nvsvc32.exe
Application
NVIDIA Driver Helper Service
wuauclt.exe
System task
AutoUpdate Client
ashMaiSv.exe
Virusscan
Avast Anti-Virus Component
ashWebSv.exe
Virusscan
avast! Web Scanner
Explorer.EXE
System task
Microsoft Windows Explorer
RTHDCPL.EXE
Driver
Realtek HD Audio Sound Effect Manager
RUNDLL32.EXE
System task
Microsoft Rundll32
ashDisp.exe
Virusscan
Avast AntiVirus
TeaTimer.exe
Application
Spybot S&D Realtime Scanner
ctfmon.exe
System task
Alternative User Input Services
HijackThis.exe
Application
Hijackthis 2.0
You seem not to have an active software firewall,
Check: http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3669
http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3753
http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3627 version 0.0.0.
polonus
Using microsoft firewall and what about these?
c:\windows\system32\w32apiw.dll (this? any info?)
c:\windows\system32\win32.dll (worm)
will reply tomorrow.
Hi newbie7,
This could be the malware dll:
Trojan.Win32 Removal Instructions
Trojan.Win32 (also know as Trojan.Win32.agent.akk or Trojan.Win32.Obfuscated.gx) used to be a real virus, now fake anti-spyware software will display Trojan.Win32 as their scan result to trick user to buy the fake anti-spyware program. The fake anti-spyware program usually get installed onto your PC without your permission, through Trojan, malware and virus (or you could get it by installing a fake video codec). fake anti-spyware will display the Trojan.Win32 fake system alerts or fake security alerts to trick user to buy the Paid Version of the fake anti-spyware program.
Manual Trojan.Win32 Removal Instructions:
Unregister Trojan.Win32 DLL Files:
windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll
Find and Delete these Trojan.Win32 Files:
windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll
Remove Trojan.Win32 Registry Values:
7a329404de21925daacbbbee093ff6dc
bb5be1c92c299a1c6bcfe67655b0a0c7
9a9f57899a28547b04fc2da3700c95cf
7d4b39e4cab018496e2fe9bf9c3234b2
And consider this cleansing routine:http://www.mydigitallife.info/2008/02/16/how-to-clean-and-remove-trojanwin32obfuscatedgx-trojanwin32agentakk-trojanzlob-and-etc/
polonus
c:\windows\system32\w32apiw.dll - what harm does it cause?
c:\windows\system32\win32.dll - i thought its this http://www.avast.com/eng/win32mtx.html
It’s weird…used Avast quick scanner option to scan those 2 files (above) in the
quarantine folder by Combofix but nothing found same goes for Virustotal.
But the w32apiw.dll was 0 bytes so can’t be upload to Virustotal
Questions
is my computer safe now?
what to do with the Quarantined files in Combofix?
what if i uninstall Combofix?
Lastly previously run Combofix in normal mode,should i run in Safe mode? and sees somewhere about ‘‘renaming’’ Combofix ,i did not rename it before i run. Should i rename to Combo-Fix?
Please read my previous post,can anyone else help ? since polonus seems not around
Questionsis my computer safe now?
what to do with the Quarantined files in Combofix?
what if i uninstall Combofix?Lastly previously run Combofix in normal mode,should i run in Safe mode? and sees somewhere about ‘‘renaming’’ Combofix ,i did not rename it before i run. Should i rename to Combo-Fix?
Quote from Bleepingcomputer:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
Check you computer for Malware with
MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button “remove selected” to quarantine anything found, and restart
SAS http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
If anything is found other than cookies you may post the scan logs here
Nothing found ,both scanned in normal and safe mode.
Can you read Reply #7 and clarify please? and well since already used Combofix…
Can you read Reply #7 and clarify please? and well since already used Combofix..Sorry but i am not trained in the use of combofix........maybe oldman or essexboy can tell you
Waiting for that ;D
Anyone can help?
I tend to ignore people that promote IOBit in their signature:
http://www.malwarebytes.org/forums/index.php?showtopic=29681
That thing has nothing to do with a thread located in a IObit forum.
If you bother to read,that thread aren’t based on IObit anyways…