Jump to content
forka

Anyone to review my log?

Recommended Posts

Hi,

I just got SAS and run my first scan because I knew I got infected. My previous AntiSpyware couldn't get rid of it but SAS detected a bunch of stuff and I quarantined all of it.

However, some of my apps won't start now or there'd be a warning saying that the registry was not found in the expected state or something. The registry was in fact disabled by something ( not sure if it was by SAS or by the malware ) but I have enabled it after the clean-up. Still having issues though.

I'm wondering if there's anyone in the support team or otherwise that can review my log and tell me if some of the files that were quarantined are benign. For example "System32.exe" got quarantined, though to me it sounds like a legit file...

I'm on Vista.

Thanks

Share this post


Link to post
Share on other sites

Thank you for the response. I just wasn't sure if this was the right place to post logs. Here it is below. I simply want to verify if this is all bad stuff I can remove permanently or some of it got there by mistake.

I can't run QuickBooks right now. And I get a warning when launching Illustrator CS3 that registry was not found in the expected state but at least the app seems to run.

This may very well have to do with something else. But since I just did this clean-up and started having issues, I figured something might have interfered.

++++++++++++++++++

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 11/26/2008 at 00:58 AM

Application Version : 4.22.1014

Core Rules Database Version : 3653

Trace Rules Database Version: 1635

Scan type : Complete Scan

Total Scan Time : 01:13:03

Memory items scanned : 309

Memory threats detected : 1

Registry items scanned : 5851

Registry threats detected : 11

File items scanned : 53624

File threats detected : 20

Trojan.Dropper/Gen

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE

[xsjfn83jkemfofght] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE

[xsjfn83jkemfofght] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D}

HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}

HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}

HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}#ThreadingModel

HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32

HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32#ThreadingModel

C:\WINDOWS\SYSWOW64\JHSRF832JBNEFE.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{D5BF49A2-94F1-42BD-F434-3604812C807D}

HKU\S-1-5-21-1117240473-2580913285-1194660769-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5BF49A2-94F1-42BD-F434-3604812C807D}

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\3301011664.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\3330700048.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\UPDATER.EXE

C:\Windows\Prefetch\3330700048.EXE-D66E40A2.pf

C:\Windows\Prefetch\UPDATER.EXE-1072ACC9.pf

Trojan.Csrssc/Systemc-B

[Jnskdfmf9eldfd] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CSRSSC.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CSRSSC.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\CSRSSC.EXE

C:\Windows\Prefetch\CSRSSC.EXE-A5EE2DF3.pf

C:\Windows\Prefetch\CSRSSC.EXE-D1572C55.pf

Trojan.DNSChanger-Codec

C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview

C:\Users\anna\Start Menu\Programs\homeview

Trojan.SystemDriver

C:\COMBOFIX\CREG.DAT

Trojan.Dropper/Gen-Stub

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CODEC.EXE

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\IS162815.EXE

Trojan.Zlob/Media-Codec

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\MEDIACODEC.EXE

Trojan.BotNet/Dropper

C:\USERS\ANNA\APPDATA\LOCAL\TEMP\TMP51A9.TMP

Trojan.Unclassified/GadCom

C:\USERS\ANNA\APPDATA\ROAMING\GADCOM\GADCOM.EXE

Trojan.System32

C:\WINDOWS\SYSTEM32.EXE

Share this post


Link to post
Share on other sites

I do not see anything in your SAS scan log that is incorrectly fixed by SAS. All the quarantined items appear to be legitimate removals. Have you rebooted your computer following these removals to see if that corrects the QuickBook issue?

Share this post


Link to post
Share on other sites

Thanks for reviewing the log and confirming it.

I did do a reboot and even reinstalled the program a couple of times but it simply refuses to behave as it did. It would start loading and crash just as the splash screen comes on. Unfortunately I don't get any helpful errors either, just the standard "program stopped working"

I know the program worked just before I got the virus ( I've used it in the morning of that day ). So I'm thinking either the virus or SAS changed something that was important to it. Incidentally Windows also had to install updates the same night, so lots of factors came in at once. I tried uninstalling those updates, but didn't make a difference.

I imagine this will be hard to track now. I've tried various searches on Google and people do report similar issues with those programs but in completely different scenarios that don't necessarily involve malware.

Anyhow, I wanted to rule out the quarantined items, which I did now. So I'll have to dig into something to resolve the crashing.

cheers

Share this post


Link to post
Share on other sites

Have you considered a System Restore using a restore point just prior to when you became infected? That might set things back to normal for you.

Share this post


Link to post
Share on other sites

I actually did, but a little too late it seems. When I went into it there were only 7 restore points, which were all after the fact. When I tried uninstalling the new Windows updates and installing them again it created new restore points for each overwriting everything prior. I guess I didn't have enough disk space to keep more. Unless there is a way a retrieve earlier points?

Share this post


Link to post
Share on other sites

Hey, thanks

I ran that software. Seems it helped with the Illustrator registry warning, but no change for QuickBooks.

Share this post


Link to post
Share on other sites

I'm not sure if it helps, but download Ccleaner from www.ccleaner.com

Install it (be careful at installing) and then run it. Go to registry and scan for errors.

Now, when scan done, save backup (it will ask for it) and fix registry.

After reboot, try to run QB again.

Share this post


Link to post
Share on other sites

Still no go. In the "Event Viewer" this is the Error that appears:

______________

Faulting application qbw32.exe, version 17.0.4001.1077, time stamp 0x4746a34b, faulting module MSVCR80.dll, version 8.0.50727.1434, time stamp 0x4757746d, exception code 0xc000000d, fault offset 0x00047780, process id 0x13d4, application start time 0x01c950c2d1884cd0.

______________

I tried to do a search on it but no clear solutions...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...