avast!WEBforum
November 23, 2009, 12:09:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: avast! Home Edition - free for home non-commercial use!
 
   Home   Help Search Calendar Login Register  
avast!WEBforum > viruses and worms > viruses and worms (Moderators: Pavel, Maxx_original, misak) > Please Help. Win32:Bredolab-AQ [Trj]
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Please Help. Win32:Bredolab-AQ [Trj]  (Read 203 times)
illsun00
Newbie
*
Offline Offline

United States United States

Posts: 2


Personal Message (Offline)
« on: November 07, 2009, 11:52:05 PM »
Good Evening,

Please Help.

I have followed the Malware Removal Guide and performed Avast scans to no avail, below are the Log reports and details.

Win32:Bredolab-AQ [Trj] pops up roughly every 8-10 minutes and my PC is moving slower and slower.

OS - Windows XP
Security - Avast
Infection - Win32:Bredolab-AQ [Trj]



Logs:

Malwarebytes Anti-Malware
Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3

11/4/2009 5:50:33 PM
mbam-log-2009-11-04 (17-50-33).txt

Scan type: Quick Scan
Objects scanned: 97943
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/04 18:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D15000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89E3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA90BA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\user\application data\utorrent\resume.dat
Status: Size mismatch (API: 283594, Raw: 282352)

Path: C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec96b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec9a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec914c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec964e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec908c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec90f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec976e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec972e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9ec98ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" at address 0xf8b44812

==EOF==
Logged
FreewheelinFrank
avast! Evangelist
*****
Offline Offline

Gender: Male
United Kingdom United Kingdom

Posts: 4548


I'm a GNU


WWW Personal Message (Offline)
« Reply #1 on: November 08, 2009, 05:16:47 AM »
Hi illsun00,

Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

Try a scan with DrWeb CureIT!

Try these free adware/spyware scanners.

SUPERAntiSpyware Free
a-Squared Free

Download, install and update the programs.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog
.: L' arc :.
avast! Evangelist
*****
Online Online

Gender: Male
Philippines Philippines

Posts: 1426



Personal Message (Online)
« Reply #2 on: November 08, 2009, 08:11:48 AM »
Consider disabling uTorrent on startup then run a scan with the tools mentioned by Frank.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 0.068 seconds with 16 queries.