Backdoor virus

[Warmachine]

So my other computer has been out of commission for awhile, since Norton kept popping up with warnings about a trojan. So I've done a few scans and such and it says intelppm.sys is the infected file?

Any advice? I've googled a bit and found a thing called TDSSKiller (http://www.softpedia.com/get/Antivirus/TDSSKiller.shtml) Not quite sure what it does though, like if it actually finds the file and gets rid of it or is just a scan. Would that be the best plan of action or do you have any other suggestions?

 

[sqrage]

I'd download malwarebytes. Install it, update it and do a quick scan. Remove any traces found.

http://www.malwarebytes.org/

 

[Prometheus]

Also, I'd run hijack this.

Download: http://free.antivirus.com/hijackthis/
Log File Checker: http://www.hijackthis.de/

 

[Warmachine]

Should I be in safe mode while doing the malewarebytes scan?

(It's been a few years since I've done computer tech, I've forgotten a lot..)

 

[sqrage]

No you don't need to be, but it's always preferred. Make sure you update the database before going into safemode though.

 

[Warmachine]

Well I just ran a TDSSKiller scan and it found it and said it was removed. Hopefully that solves it, but I'm going to run the malewarebytes and hijackthis scans anyway to make sure.

 

[Warmachine]

Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5394

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

12/25/2010 3:56:28 PM
mbam-log-2010-12-25 (15-56-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295265
Time elapsed: 1 hour(s), 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B4C3B43-49B6-42A7-A602-F7ACDCA0D409} (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Xstudio_Packet_Capture (LSP.Hijacker) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\HP_Owner\application data\registrysmart (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\Log (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\registry backups (Rogue.RegistrySmart) -> No action taken.
c:\program files\registrysmart (Rogue.RegistrySmart) -> No action taken.

Files Infected:
c:\WINDOWS\system32\dllcache\calc.exe (Trojan.Agent.Gen) -> No action taken.
c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\HP_Owner\application data\registrysmart\registry backups\2008-01-14_13-31-21.reg (Rogue.RegistrySmart) -> No action taken.




~~~~~~~~~~~~~~~~~~

Clicked remove and all items are said to be quarantined and removed successfully.

Just a few more scans and hopefully it will be solved for good...

 

[Warmachine]

Didn't necessarily find anything wrong in the hijackthis log. There were two "nasty" files, which were Ask toolbars. So I removed those and some other toolbars and random things that aren't necessary. Just running malwarebytes again and then I'll run a full norton scan in safe mode. After that the computer should be back in service!

 

[DioD]

google >> cureit >> download >> run