Avast WEBforum

Other => Viruses and worms => Topic started by: gy91 on July 22, 2012, 04:26:16 AM

Title: 80000000.@ and 800000cb.@ recurring alerts
Post by: gy91 on July 22, 2012, 04:26:16 AM
Hi,

Every few minutes an Avast alert appears stating Malware detected.

They are all either 80000000.@ or 800000cb.@

Infection: Win32:Malware-gen
Process: C:\Windows\System32\services.exe

I have ran a Malwarebytes scan which found several objects but the alerts continue to appear.

All help greatly appreciated.

Many thanks,

Matt

EDIT: I've attached Malwarebytes, OTL and aswMBR logs.
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: Pondus on July 22, 2012, 09:46:25 AM
malware remover is notified: It may take sveral hours before one arrive so be patient
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on July 22, 2012, 10:29:39 AM
Hello  ;)



Re-run OTL.exe.

Code: [Select]
:files
C:\Windows\Installer\{ecaa638c-8948-8b51-4f49-d593f166684c}
C:\Users\Matt\AppData\Local\{ecaa638c-8948-8b51-4f49-d593f166684c}

:Commands
[emptytemp]

:OTL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
O4:[b]64bit:[/b] - HKLM..\Run: [setlw] C:\Users\Matt\AppData\Roaming\setlw.dll (DT Soft Ltd)
O4:[b]64bit:[/b] - HKLM..\Run: [uiplo] C:\Users\Matt\AppData\Roaming\uiplo.dll (C-Media Electronics Inc.)
**************************************


> Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction. (http://www.bleepingcomputer.com/forums/topic114351.html)

> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.

Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: gy91 on July 22, 2012, 11:25:06 AM
Thank you.

Please find attached the OTL and ComboFix logs.

Matt
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on July 22, 2012, 11:28:36 AM
Ok, re-run OTL and click on QuickScan.
Attach here fresh OTL.txt
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: gy91 on July 22, 2012, 11:38:38 AM
Fresh OTL log attached.

Matt
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on July 22, 2012, 12:05:45 PM
It is necessary to uninstall Combofix


Start >> Run

Code: [Select]
Combofix /Uninstall
Enter

*************************

Re-run OTL.exe.

Code: [Select]
:otl
O4:[b]64bit:[/b] - HKLM..\Run: [setlw] rundll32.exe "C:\Users\Matt\AppData\Roaming\setlw.dll",CreateTableColumnIndex File not found
O4:[b]64bit:[/b] - HKLM..\Run: [uiplo] "C:\Windows\System32\rundll32.exe" "C:\Users\Matt\AppData\Roaming\uiplo.dll",LoadSurfaceFromResourceW File not found
I dont need logreport.
Just re-run OTL and click on CleanUp! button.


that's all  ;)


Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: gy91 on July 22, 2012, 12:24:07 PM
Many thanks.

ComboFix uninstalled successfully.

However when I ran OTL it did not ask to reboot after I clicked Run Fix.

I rebooted anyway and clicked Cleanup but I am getting 2 dialogue boxes on every startup.

First one:

RunDLL
There was a problem starting
C:\Users\Matt\AppData\Roaming\setlw.dll

The specified module could not be found.

and the other one:

RunDLL
There was a problem starting
C:\Users\Matt\AppData\Roaming\uiplo.dll

The specified module could not be found.

Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on July 22, 2012, 12:52:35 PM
    * Open Notepad by click start

    * Type notepad into the box and click enter
    * Notepad will open
    * Copy and Paste everything from the Code box into Notepad:



Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setlw"=-
"uiplo"=-



NOTE: Make sure there are NO blank lines before Windows Registry Editor Version 5.00
NOTE: Make sure there IS one blank line at the end of the file.

    * Go to File > Save As
    * Save File name as Fix.reg
    * Change Save as Type to All Files and save the file to your desktop
    * Close Notepad, and double-click Fix.reg on your Desktop
    * When it asks if you want to merge the info to the registry, hit YES/OK
      Reboot computers





 Better? 
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: gy91 on July 22, 2012, 01:02:08 PM
All sorted.  :)

Thanks very much for your help!

Matt
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on July 22, 2012, 03:18:55 PM
np  ;)
I'm glad that I helped.
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: The_Scrupulous_1 on August 02, 2012, 10:24:59 PM
I'm having the same problem as gy91.
I do have Malwarebytes but i dont have OTL or aswMBR

I was just wondering if you could help me fix this problem as well.
Title: Re: 80000000.@ and 800000cb.@ recurring alerts
Post by: magna86 on August 02, 2012, 10:29:10 PM
@The_Scrupulous_1
Open new topic  ;)