Unknown Virus on XP Professional system

[mchain]

essexboy,

You OK?

mchain

[essexboy]

Aye the first link was for the document explaining sp 3 in spanish and not the spanish download 

The second link I posted is the correct one for a spanish language version

[mchain]

Aye the first link was for the document explaining sp 3 in spanish and not the spanish download 

The second link I posted is the correct one for a spanish language version

essexboy,

Good enough.  Ensuring option to download in Spanish!

mchain

[mchain]

essexboy,

The link provided is for an .exe file.  Transfer to download folder of infected computer and execute?  Other download for .iso is almost complete.

mchain

[essexboy]

Whichever would be easiest for you the infection is just about beaten now, we are in the repair phase 

[mchain]

esseexboy,

name of file is: WindowsXP-KB936929-SP3-x86-ESN.exe, which is different from -ENU.  I believe that to be an English file, so will not continue downloading that.

mchain

[essexboy]

Enu is English and Esn is Spanish

[mchain]

Whichever would be easiest for you the infection is just about beaten now, we are in the repair phase  

Major malware component name?

Thanks for clarification.

mchain

[essexboy]

It was for lack of a better name a trojan downloader, it managed to do some damage but failed to install the main paylod... One of the rogue AV's probably

[mchain]

It was for lack of a better name a trojan downloader, it managed to do some damage but failed to install the main paylod... One of the rogue AV's probably

essexboy,

I was waylaid by an unknown virus yesterday (the human kind), so slowly recovering.  Major, major slam down at 2:00 PM here, went to bed straightaway and did not get up until now.  You are right, we tend not to worry what the name of a cold virus is (only the doctors would know) and same here for the computer we are working on.  Have to tell you though, comp was near death when I got to it.

SP3 has been successfully installed, security center is running properly, Windows Firewall is turned on, Windows Update is running (though computer cannot be connected to Internet, per Qwest policy, must be connected at clients' house, sadly), a/v is showing Avast! is running and reported properly.

Belarc Advisor reporting 97 updates missing, also the Security settings are only 1.33? out of 10 for this Pro system.

Bit of work ahead for me.  System is still booting in 2:05, with some new programs showing on startup.

Attached find new OTL log below.

Still do not see 'System Restore'.

mchain

XP Home SP3 P4 2.8 2 GB RAM Avast! Free 6.0.1289

[essexboy]

Whilst I look at the log

Click Start, Run and type %Windir%\INF
Locate the SR.INF file.
Right-click the SR.INF file, and then click Install

EDIT : Just noticed the System restore is stopped, so try to start it in services.msc first
  SRV - File not found [Auto | Stopped] -- -- (srservice)

[mchain]

Whilst I look at the log

Click Start, Run and type %Windir%\INF
Locate the SR.INF file.
Right-click the SR.INF file, and then click Install

EDIT : Just noticed the System restore is stopped, so try to start it in services.msc first
  SRV - File not found [Auto | Stopped] -- -- (srservice)

Gotcha, be offline for a bit.

mchain

[essexboy]

OK lets clear the rest of the rubbish and replace the infected file, which may well re-enable system restore 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
  FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=2&q="
  [2011/08/08 18:41:19 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\jo3sdfij.default\searchplugins\SearchResults.xml
  [2011/08/08 18:41:19 | 000,002,493 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchResults.xml
  
  :Files
  ipconfig /flushdns /c
  c:\windows\system32\srsvc.dll|C:\WINDOWS\ServicePackFiles\i386\srsvc.dll /replace
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[mchain]

I am going to hold off on enabling Sys Restore and run the script above.

Get back to you soon.

mchain

[essexboy]

Here is a little programme that you may find useful in your line of work http://www.tweaking.com/content/page/windows_repair_all_in_one.html