Closed

Emptied.

Sorry for double post.

Separated the logs into 2 posts,now…

Regarding WIN32.DLL quarantined in Combofix…scanned with Virustotal.com but 0/41?

The only two removal are (below)

c:\windows\system32\w32apiw.dll (Can anyone clarify on this?)

c:\windows\system32\win32.dll (from avast.com basically a Worm sends the above mentioned file WIN32.DLL in a separate message to the all e-mail recipients. Such message has no subject and no text body and attached file has one of the following names (PIF files are executed by doubleclick!):

But i didn’t use any mailing software ,not even MSN. Does it affects forum messaging?
Is my computer clean? and what to do next …

Can anyone help please? ???

Active tasks seem OK:
Survey of active taksls:
smss.exe
System task

Session Manager Subsystem

winlogon.exe
System task

Microsoft Windows Logon Process

services.exe
System task

Windows Service Controller

lsass.exe
Systeem taak

Local Security Authority Service

svchost.exe
System task

Microsoft Service Host Process

svchost.exe
System task

Microsoft Service Host Process

aswUpdSv.exe
Virusscan

Avast Anti-Virus Component

ashServ.exe
Virusscan

Avast

spoolsv.exe
System task

Microsoft Printer Spooler Service

nvsvc32.exe
Application

NVIDIA Driver Helper Service

wuauclt.exe
System task

AutoUpdate Client

ashMaiSv.exe
Virusscan

Avast Anti-Virus Component

ashWebSv.exe
Virusscan

avast! Web Scanner

Explorer.EXE
System task

Microsoft Windows Explorer

RTHDCPL.EXE
Driver

Realtek HD Audio Sound Effect Manager

RUNDLL32.EXE
System task

Microsoft Rundll32

ashDisp.exe
Virusscan

Avast AntiVirus

TeaTimer.exe
Application

Spybot S&D Realtime Scanner

ctfmon.exe
System task

Alternative User Input Services

HijackThis.exe
Application

Hijackthis 2.0

You seem not to have an active software firewall,
Check: http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3669

http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3753

http://www.computer-support.nl/Systeemtaken/Taakinfo.php?ID=3627 version 0.0.0.

polonus

Using microsoft firewall and what about these?

c:\windows\system32\w32apiw.dll (this? any info?)

c:\windows\system32\win32.dll (worm)

will reply tomorrow.

Hi newbie7,

This could be the malware dll:
Trojan.Win32 Removal Instructions

Trojan.Win32 (also know as Trojan.Win32.agent.akk or Trojan.Win32.Obfuscated.gx) used to be a real virus, now fake anti-spyware software will display Trojan.Win32 as their scan result to trick user to buy the fake anti-spyware program. The fake anti-spyware program usually get installed onto your PC without your permission, through Trojan, malware and virus (or you could get it by installing a fake video codec). fake anti-spyware will display the Trojan.Win32 fake system alerts or fake security alerts to trick user to buy the Paid Version of the fake anti-spyware program.

Manual Trojan.Win32 Removal Instructions:

Unregister Trojan.Win32 DLL Files:

windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll

Find and Delete these Trojan.Win32 Files:

windivx.dll
stream32a.dll
vipextqtr.dll
ecxwp.dll

Remove Trojan.Win32 Registry Values:

7a329404de21925daacbbbee093ff6dc
bb5be1c92c299a1c6bcfe67655b0a0c7
9a9f57899a28547b04fc2da3700c95cf
7d4b39e4cab018496e2fe9bf9c3234b2

And consider this cleansing routine:http://www.mydigitallife.info/2008/02/16/how-to-clean-and-remove-trojanwin32obfuscatedgx-trojanwin32agentakk-trojanzlob-and-etc/

polonus

c:\windows\system32\w32apiw.dll - what harm does it cause?

c:\windows\system32\win32.dll - i thought its this http://www.avast.com/eng/win32mtx.html

It’s weird…used Avast quick scanner option to scan those 2 files (above) in the
quarantine folder by Combofix but nothing found same goes for Virustotal.
But the w32apiw.dll was 0 bytes so can’t be upload to Virustotal

Questions

is my computer safe now?
what to do with the Quarantined files in Combofix?
what if i uninstall Combofix?

Lastly previously run Combofix in normal mode,should i run in Safe mode? and sees somewhere about ‘‘renaming’’ Combofix ,i did not rename it before i run. Should i rename to Combo-Fix?

Please read my previous post,can anyone else help ? since polonus seems not around

Questions

is my computer safe now?
what to do with the Quarantined files in Combofix?
what if i uninstall Combofix?

Lastly previously run Combofix in normal mode,should i run in Safe mode? and sees somewhere about ‘‘renaming’’ Combofix ,i did not rename it before i run. Should i rename to Combo-Fix?

Quote from Bleepingcomputer:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Check you computer for Malware with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button “remove selected” to quarantine anything found, and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found other than cookies you may post the scan logs here

Nothing found ,both scanned in normal and safe mode.

Can you read Reply #7 and clarify please? and well since already used Combofix…

Can you read Reply #7 and clarify please? and well since already used Combofix..
Sorry but i am not trained in the use of combofix........maybe oldman or essexboy can tell you

Waiting for that ;D

Anyone can help?

I tend to ignore people that promote IOBit in their signature:
http://www.malwarebytes.org/forums/index.php?showtopic=29681

That thing has nothing to do with a thread located in a IObit forum.
If you bother to read,that thread aren’t based on IObit anyways…