Greetings, I’ve acquired a rather nasty virus, and I humbly come to you for help.
OS : Windows Vista
Symptoms:
-
Internet explorer popup advertisements (I currently use Firefox.)
-
Security Center automatically disables. I have run services, and set it back to automatic, and it simply turns back to disabled immediately.
-
Failure of Spy bot Search & Destroy and other anti spy-ware software. The program crashed, and when I try to run it again, it fails. The following message is given, “(program name) has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available”. This occurs with Spy bot S&D, Superantispyware, and Malwarebytes.
*When I run avast scan, it pops up 4-5 different warnings that a virus / trojan has infected my computer. Delete / Move to Virus Chest do nothing. Move to virus chest tells me that the file cannot be accessed due to current use.
Here is a somewhat large copy and paste of a log of these 4-5 warnings that pop up over and over again. (Deleted repetitive middle portion to save some space.)
8/12/2009 10:20:30 PM 1250133630 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:20:30 PM 1250133630 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/12/2009 10:20:37 PM 1250133637 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:20:37 PM 1250133637 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:20:37 PM 1250133637 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:24:31 PM 1250133871 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:25:11 PM 1250133911 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:25:23 PM 1250133923 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/12/2009 10:25:32 PM 1250133932 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/12/2009 10:25:41 PM 1250133941 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:25:47 PM 1250133947 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 10:25:54 PM 1250133954 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/12/2009 10:26:04 PM 1250133964 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
\UACrhttajeqxc.dll" file.
8/12/2009 10:45:04 PM 1250135104 SYSTEM 1840 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/12/2009 10:45:13 PM 1250135113 SYSTEM 1840 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 11:31:43 PM 1250137903 SYSTEM 1928 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Windows\System32\UACrhttajeqxc.dll” file.
8/12/2009 11:31:44 PM 1250137904 SYSTEM 1928 Sign of “Win32:Fasec [Trj]” has been found in “C:\Windows\System32\UAChhfeuusppy.dll” file.
8/13/2009 12:01:13 AM 1250139673 SYSTEM 1928 Sign of “JS:Pdfka-MQ [Trj]” has been found in “C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K322BZ4\README[1].pdf” file.
- Failure of Boot-time scan. I’ve tried to run the boot-time scan multiple times to avoid the currently running issue. The scan freezes on the same file each time I run it. “D:\windows…TMContainer00000000000000000002.regtrans-ms”
I have tried other anti-virus software including AVG Free and OneCare, with no sucess. I disabled both of these before running Avast. I’m currently running the free demo version, and I plan to pay for the upgrade if it can repair my system.
Below is a copy / paste of my HijackThis logfile, if it is of any use.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:51 PM, on 8/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\system32\rundll32.exe
C:\Users\John\AppData\Local\Temp\b.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [Monopod] C:\Users\John\AppData\Local\Temp\b.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User ‘Default user’)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
–
End of file - 2078 bytes
I will check back regularly, and if more information is required to help, I’ll provide it ASAP.
I’m grateful for any help with this issue.
-BlackRoseBaron