Infection with different viruses

Hello,
My email is infected with the Daemon virus in multiple forms, and some other things. I think it may have infected a word file that I downloaded onto a thumb drive. I have done two tests, and would like to attach them so you can tell me the next step. They are the main.txt and extra.txt scanning. And, also your robokit.
Thank you.
Abigail

The program was combofix, not robofix.
Abigail


Welcome to the forums, Abigail. :slight_smile:

You can do this one of 2 ways.

Your can use the “copy & paste” method to insert the text of both in your next post. You will most likely have to use several postings to get it all in.

OR, you can add both of these to your next post by attaching the text files. When you make the post, click on “Additional Options” at below left of the post text box. Click on (more attachments) to give yourself a second place for the second attachment.


Here are the program reports.
Thank you.
Abigail

Hi Abigail the DSS report looks OK could you attach the combofix report (c:\combofix.txt) so I can have a look at it :smiley:

Okay. I thought I had.

Hi Abigail neither of those reports show any sign of infection

What symptoms are you experiencing ?

Hi,
Well, my email is sending out emails to other people that I do not know. It also has things to me from:
Mailer-Daemon@mail.absolutemotion.com
" @prodigy.net
" @swip.net
" @catawbavalleymc.org
" @mail.mhcdns.com
" @quark5.retaurus.de
" @happeware.net

Then, I get mail from odd names like:
bergei@debilt.nl
soficiptowardoyo
a-yone@mvc.bilo…
amavisd-new
nulligraphicserver.com

New ones seem to come everyday.

And, I’m not sure, but I typed a word file on MS 2007, put it on a thumb drive, and then tried to send it out as an attachment from my work email. I had saved it in MS 2003 format, but it would not attach and go through. That one I don’t know if it is related.

Thanks,
Abigail

Hello-o-o,
Are you there?
Abigail


Have you scanned the thumb drive for malware?


Hi Abigail sorry for the delay I was doing a bit of research

Please RIGHT-CLICK HERE and Save As (in IE it’s “Save Target As”, in FF it’s “Save Link As”) to download Silent Runners.
[*]Save it to the desktop.
[*]Run Silent Runner’s by doubleclicking the “Silent Runners” icon on your desktop.
[*]You will receive a prompt:
Do you want to skip supplementary searches?
click NO

[*]If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
[*]You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
NOTE If you receive any warning message about scripts, please choose to allow the script to run.

Hi,

Depending on what silent runners give, consider this:
Removal Procedure:

  1. Delete SPTD.SYS from the C:\Windows\System32\Drivers folder.
  2. Reboot.
  3. Delete SPTD9885.SYS or the driver with similar name from the C:\Windows\System32\Drivers folder.
  4. You may use regedit to delete protected keys without problems.
    Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPTD.
    Right click and choose “Permissions” in the popup menu.
    Change the rights for Administrator group to Full access.
    Delete SPTD subkey.
    Do the same for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD,

pol

This attachment is the silent runners report.
I will work on the next step you suggested.
Thanks,
Abigail

:slight_smile: Hi “Abigail” :

The Log from Silent Runners indicates you have an out-of-date Adobe ; IF
this is their “Reader” program, there has been recent News about serious
security vulnerabilities and you should consider uninstalling it and “replacing”
it with “Foxit Reader”, with Info at www.foxitsoftware.com/pdf/rd_intro.php

Even more alarming is that the java program from Sun is extremely outdated
and an extreme security risk ; should uninstall ALL “Versions” of this program
on your computer, then go to www.majorgeeks.com/download4648.html
for the latest .

Totally agree with Spiritsongs re adobe and java. Again though silent runners shows nothing untoward

I did find this though from someone else who was plagued, and the advice sounds good
http://hometown.aol.co.uk/Tigergonebonkers/Mailer-Daemon.html

Hi,
Thank you, both.

I will talk with my husband about the outdated programs.
I am unable to connect to the aol url.

Whatever the virus/worm is, it’s not showing up in my email for the last few days.
What do you think abouit us making the last 2 suggested changes, and then hope
it’s done?
Abigail

Definitely get the latest java here is the link and destructions ;D

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
[*]Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
[*]Scroll down to where it says “JJava Runtime Environment (JRE) 6 Update 4allows end-users to run Java applications”.
[*]Click the “Download” button to the right.
[*]Read the License Agreement and then check the box that says: “Accept License Agreement”. The page will refresh.
[*]Click on the link to download Windows Offline Installation and save the file to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
[*]Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

.
.
And Foxit PDF is here http://www.foxitsoftware.com/pdf/rd_intro.php

Hi, I replaced the Java program.

Should I replace the adobe as well? If so, would you give me the step by step instructions like you did for the Java program?

And, a step by step on how to use Avast to check thubdrives and cd’s for viruses before opening them.

Thanks for your help. My email has not had those bad Daemon things for several days.

Abigail

If it is outdated…
You can download the latest version from adobe site.
Uninstall the old version through Control Panel.
Boot.
Install the new downloaded version.

Let the avast Standard Shield settings on default ones (Normal level) and any file opened or executed from the drivers/cd will be scanned.

Thanks.
Please see the Essexboy answer above with the click by click instructions. Can you do that for me on these 2 issues?
Abigail