Author Topic: Problems with a virus  (Read 25614 times)

0 Members and 1 Guest are viewing this topic.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #30 on: June 23, 2007, 03:48:03 PM »
Things look good now, chinhis13.  If the computer is running well now we'll proceed to some final cleanup.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #31 on: June 23, 2007, 06:58:38 PM »
Things look good now, chinhis13.  If the computer is running well now we'll proceed to some final cleanup.

Okay.
« Last Edit: October 12, 2008, 05:55:51 PM by chinhis13 »

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #32 on: June 23, 2007, 11:35:47 PM »
I'm going to put one more step in and recommend removal of resouese.dll.  Even without a Virus Total scan it has every indication of being nasty.  It can't be uploaded, its reported as being 0 bytes, its name looks like a valid file but it isn't, there is little to nothing on google and, most importantly, it was created at the same time as pvpkelepwc.dll and mrmnxjtiyd.dll which we know were infected.

EDIT:  Right click the avast! a-icon in your system tray and click Start avast! Antivirus.  When the interface opens click the chest icon, then click User Files.  Now click File>Add, navigate to C:\WINDOWS\resouese.dll and click Open.  Finally, highlight resouese.dll, click File>Email to ALWIL Software and allow it through your firewall if asked.  Keep this copy of the file in the chest for now.

Now open OTMoveIt again and paste the following line into the List of Files/Folders to be moved  pane. Click the MoveIt button and past the results in your next response

C:\WINDOWS\resouese.dll


BTW - You need to decide now whether to keep avast! or McAfee as your antivirus.  Continuing to run both is not a good idea.

Oh, and there's that Norton stuff too ..
« Last Edit: June 24, 2007, 05:28:00 AM by mauserme »
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84607
  • No support PMs thanks
Re: Problems with a virus
« Reply #33 on: June 24, 2007, 01:04:31 AM »
I think you should send a sample to avast for analysis as possible malware before removing it.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32954
  • malware fighter
Re: Problems with a virus
« Reply #34 on: June 24, 2007, 01:21:09 AM »
Hi mauserme,

Will you consider this cleansing routine for this Chinese spyware infection as well. I mean it is instructive for the final cleansing routine and the rootkit connections:
http://www.geekstogo.com/forum/lofiversion/index.php/t161342.html

polonus

Click the wolf to make it howl!
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #35 on: June 24, 2007, 02:41:37 AM »
I think you should send a sample to avast for analysis as possible malware before removing it.
If you mean to submit it as undetected I agree.  But I wouldn't want to wait for it to be added to the detections as it would be difficult to predict how long that might take.


Hi mauserme,

Will you consider this cleansing routine for this Chinese spyware infection as well. I mean it is instructive for the final cleansing routine and the rootkit connections:
http://www.geekstogo.com/forum/lofiversion/index.php/t161342.html

polonus

Click the wolf to make it howl!
Hi polonus,

I had actually seen that thread when researching chinhis13's problem but, since no one has responded to mambo123 yet, I didn't take alot from it.  I mean, I think its more than coincidental that resouese.dll shows up in the 30 day list in both ComboFix logs and the deletions are much the same too.  But I'm not able to draw from another analysis as there is none in that thread.

M
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84607
  • No support PMs thanks
Re: Problems with a virus
« Reply #36 on: June 24, 2007, 03:00:49 AM »
I think you should send a sample to avast for analysis as possible malware before removing it.
If you mean to submit it as undetected I agree.  But I wouldn't want to wait for it to be added to the detections as it would be difficult to predict how long that might take.

Yes send it but don't wait for action, I think it is important that we take every opportunity to send samples (no matter how long it might take) but it could be added the the User Files section of the chest so it can be monitored to see if it is eventually analysed and seen as malicious.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #37 on: June 24, 2007, 04:57:57 AM »
I've edited my post above to include instructions for sending the file to avast!

I must say, though, I look forward to that improved submission process that's been alluded to.  An explorer extension might be nice.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #38 on: June 24, 2007, 06:45:39 AM »
I'm going to put one more step in and recommend removal of resouese.dll.  Even without a Virus Total scan it has every indication of being nasty.  It can't be uploaded, its reported as being 0 bytes, its name looks like a valid file but it isn't, there is little to nothing on google and, most importantly, it was created at the same time as pvpkelepwc.dll and mrmnxjtiyd.dll which we know were infected.

EDIT:  Right click the avast! a-icon in your system tray and click Start avast! Antivirus.  When the interface opens click the chest icon, then click User Files.  Now click File>Add, navigate to C:\WINDOWS\resouese.dll and click Open.  Finally, highlight resouese.dll, click File>Email to ALWIL Software and allow it through your firewall if asked.  Keep this copy of the file in the chest for now.

Now open OTMoveIt again and paste the following line into the List of Files/Folders to be moved  pane. Click the MoveIt button and past the results in your next response

C:\WINDOWS\resouese.dll


BTW - You need to decide now whether to keep avast! or McAfee as your antivirus.  Continuing to run both is not a good idea.

Oh, and there's that Norton stuff too ..

Thanks.
Here is the result, there is an error when I click on "Move it":

LoadLibrary failed for C:\WINDOWS\resouese.dll
C:\WINDOWS\resouese.dll NOT unregistered.
C:\WINDOWS\resouese.dll moved successfully.
 
Created on 06/24/2007 12:33:02


McAfee is the antivirus provides when I bought this computer, but it had expired for a long long time.
Norton<- I had deleted this software before

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #39 on: June 24, 2007, 07:26:26 AM »
Open HJT again and click to Open the Misc Tools Section.  Then click Delete an NT Service.  Paste the following into the empty field and click OK

resouese.dll

Now open Add/Remove Programs in the Control Panel and uninstall anything related to McAfee and Symantec/Norton you find.

Reboot and post one last HJT log.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #40 on: June 24, 2007, 09:42:43 AM »
Open HJT again and click to Open the Misc Tools Section.  Then click Delete an NT Service.  Paste the following into the empty field and click OK

resouese.dll

Now open Add/Remove Programs in the Control Panel and uninstall anything related to McAfee and Symantec/Norton you find.

Reboot and post one last HJT log.

There is an error, "Service resouese.dll was not found in Registry."

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #41 on: June 24, 2007, 03:37:16 PM »
OK, let's give this one more try.

Open Administrator Tools in the Control Panel and select Services.  Scroll down and see if you find a service named resouese.  If you do, double click it and stop it.  Then, in the drop down box, set it to disabled.

Then let me know how that went.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #42 on: June 24, 2007, 06:29:15 PM »
OK, let's give this one more try.

Open Administrator Tools in the Control Panel and select Services.  Scroll down and see if you find a service named resouese.  If you do, double click it and stop it.  Then, in the drop down box, set it to disabled.

Then let me know how that went.

I have tried. There isn't resouese too.
Thanks mauserme.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #43 on: June 24, 2007, 06:47:20 PM »
Thanks for checking.

If you haven't already done this uninstall the McAfee and Norton/Symantec stuff in Add/Remove Programs.  Then post a fresh JT log and we will finish things up.

Later on, if you want a secondary antivirus as a back up scanner, you can install the free version of BitDefender or ClamWin.  These are non-resident and will not conflict with avast!
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #44 on: June 25, 2007, 08:19:11 AM »
Thanks for checking.

If you haven't already done this uninstall the McAfee and Norton/Symantec stuff in Add/Remove Programs.  Then post a fresh JT log and we will finish things up.

Later on, if you want a secondary antivirus as a back up scanner, you can install the free version of BitDefender or ClamWin.  These are non-resident and will not conflict with avast!

I have done the uninstallation long long time ago. Is it the files discovered only the remaining? How could I delete them? Thanks.

By the way, what is JT log? Thanks
« Last Edit: October 12, 2008, 05:56:27 PM by chinhis13 »