Infection with different viruses

[Abigail Brown]

Hello,
My email is infected with the Daemon virus in multiple forms, and some other things.  I think it may have infected a word file that I downloaded onto a thumb drive.  I have done two tests, and would like to attach them so you can tell me the next step.  They are the main.txt and extra.txt scanning.  And, also your robokit.
Thank you.
Abigail

[Abigail Brown]

The program was combofix, not robofix.
Abigail

[CharleyO]

***

Welcome to the forums, Abigail.   

You can do this one of 2 ways.

Your can use the "copy & paste" method to insert the text of both in your next post. You will most likely have to use several postings to get it all in.

OR, you can add both of these to your next post by attaching the text files.  When you make the post, click on "Additional Options"  at below left of the post text box. Click on (more attachments) to give yourself a second place for the second attachment.


***

[Abigail Brown]

Here are the program reports.
Thank you.
Abigail

[essexboy]

Hi Abigail the DSS report looks OK could you attach the combofix report (c:\combofix.txt) so I can have a look at it 

[Abigail Brown]

Okay.  I thought I had. 

[essexboy]

Hi Abigail neither of those reports show any sign of infection

What symptoms are you experiencing ?

[Abigail Brown]

Hi,
Well, my email is sending out emails to other people that I do not know.  It also has things to me from:
Mailer-Daemon@mail.absolutemotion.com
"                   @prodigy.net
"                   @swip.net
"                   @catawbavalleymc.org
"                   @mail.mhcdns.com
"                   @quark5.retaurus.de
"                   @happeware.net

Then, I get mail from odd names like:
bergei@debilt.nl
soficiptowardoyo
a-yone@mvc.bilo...
amavisd-new
nulligraphicserver.com

New ones seem to come everyday.

And, I'm not sure, but I typed a word file on MS 2007, put it on a thumb drive, and then tried to send it out as an attachment from my work email.  I had saved it in MS 2003 format, but it would not attach and go through.  That one I don't know if it is related.

Thanks,
Abigail

[Abigail Brown]

Hello-o-o,
Are you there?
Abigail

[CharleyO]

***

Have you scanned the thumb drive for malware?


***

[essexboy]

Hi Abigail sorry for the delay I was doing a bit of research

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:

Do you want to skip supplementary searches?
click NO[/list]

• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
  

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[polonus]

Hi,

Depending on what silent runners give, consider this:
Removal Procedure:

   1. Delete SPTD.SYS from the C:\Windows\System32\Drivers folder.
   2. Reboot.
   3. Delete SPTD9885.SYS or the driver with similar name from the C:\Windows\System32\Drivers folder.
   4. You may use regedit to delete protected keys without problems.
      Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPTD.
      Right click and choose "Permissions" in the popup menu.
      Change the rights for Administrator group to Full access.
      Delete SPTD subkey.
      Do the same for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPTD,

pol

[Abigail Brown]

This attachment is the silent runners report.
I will work on the next step you suggested.
Thanks,
Abigail

[Spiritsongs]

   Hi "Abigail" :

  The Log from Silent Runners indicates you have an out-of-date Adobe ; IF
   this is their "Reader" program, there has been recent News about serious
   security vulnerabilities and you should consider uninstalling it and "replacing"
   it with "Foxit Reader", with Info at www.foxitsoftware.com/pdf/rd_intro.php

   Even more alarming is that the java program from Sun is extremely outdated
   and an extreme security risk ; should uninstall ALL "Versions" of this program
   on your computer, then go to www.majorgeeks.com/download4648.html
   for the latest .

[essexboy]

Totally agree with Spiritsongs re adobe and java.  Again though silent runners  shows nothing untoward

I did find this though from someone else who was plagued, and the advice sounds good
http://hometown.aol.co.uk/Tigergonebonkers/Mailer-Daemon.html