Deadly 66.230.188.67 virus [page 2/2]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 1.2.2025 / 22:31

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > deadly 66.230.188.67 virus

Browse by topic

Forums

Start a new thread

Deadly 66.230.188.67 virus

Jump to:

Posted

Message

Page:	< Previous	1	2

2oldGeek

AfterDawn Addict

19. October 2010 @ 19:22

Link to this message

Avira AntiVir is the Best Free AV available.. Stay with it.
Ad-aware is Old technology that has not kept up with the times.. Let it go.
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using SpywareBlaster can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Use CCleaner to clean up Temp and old files, use Malwarebytes? Anti-malware and SUPERAntispyware to scan your computer and then Defrag on a regular basis?.

Other than that; Keep your nose clean and Happy Surfing :)

2oG

[ + quote]

Jack87

Newbie

17. November 2010 @ 08:04

Link to this message

Hello,
I am having the same issue as slub77 and funkk. I keep getting redirected to various pages when ever i click links, checking what it normally redirects to me to: 66.230.188.67 : and then to a diffrent site. I ran a full Avast! scan, full MalwareBytes scan.But links still keeps getting redirected to various pages.

Then I followed what you suggested to funkk and I ran Combofix as you specified.
Here is the log file combofix.txt found in the computer. Please let me know if I still need to do anything else or combofix has rectified the problem. Thanks

----------------------------------------------------------------------------------------
ComboFix 10-11-16.05 - owner 17/11/2010 22:42:55.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.502.238 [GMT 11:00]
Running from: c:\documents and settings\owner\desktop\combofix.exe
Command switches used :: /killall
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\Microsoft . . . . Failed to delete
c:\system volume information\Microsoft\services.exe . . . . Failed to delete
c:\system volume information\Microsoft\smss.exe . . . . Failed to delete

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-16 20:21 . 2010-11-16 20:21 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-11-16 20:21 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 20:20 . 2010-11-16 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-16 20:20 . 2010-11-16 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 20:20 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 21:50 . 2010-04-14 15:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-15 21:50 . 2010-04-14 15:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-15 21:50 . 2010-04-14 15:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-11-15 21:50 . 2010-04-14 15:37 102736 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-11-15 21:50 . 2010-04-14 15:36 196048 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-11-15 21:50 . 2010-04-14 15:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-15 21:50 . 2010-04-14 15:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-15 21:50 . 2010-04-14 15:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-15 21:50 . 2010-04-14 15:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-15 21:50 . 2010-04-14 15:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-15 21:49 . 2010-03-19 20:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-11-15 21:49 . 2010-04-14 15:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-11-15 21:49 . 2010-04-14 15:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-15 21:49 . 2010-11-15 21:49 -------- d-----w- c:\program files\Alwil Software
2010-11-15 21:49 . 2010-11-15 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-15 19:07 . 2010-11-15 19:07 -------- d-----w- c:\program files\Safari
2010-11-15 19:07 . 2010-11-15 19:07 -------- d-----w- c:\program files\Bonjour
2010-11-09 14:07 . 2010-11-15 01:23 -------- d-----w- c:\windows\system32\Dexter Screen Saver dir
2010-10-29 14:54 . 2010-10-29 14:54 657179 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2010-10-29 14:49 . 2010-10-29 14:49 -------- d-----w- C:\Valve

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 02:59 . 2010-06-27 10:56 16184 ----a-w- c:\windows\system32\ROBoot.exe
.

------- Sigcheck -------

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe

c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 15:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-04 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 06:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 11:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 04:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 10:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 04:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemProtector]
2010-10-05 02:59 10000184 ----a-w- c:\program files\Advanced System Optimizer 3\systemprotector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Valve\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [16/11/2010 8:49 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [16/11/2010 8:50 AM 196048]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/12/2009 12:06 PM 30820]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/06/2010 7:03 PM 691696]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [16/11/2010 8:50 AM 102736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/11/2010 8:50 AM 297552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/11/2010 8:50 AM 162768]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [8/03/2005 7:46 PM 61440]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [27/06/2010 9:40 PM 239928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/11/2010 8:50 AM 19024]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [16/11/2010 8:49 AM 119200]
S3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [27/06/2010 9:40 PM 6656]
.
Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]

2010-11-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-25 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://g.live.com/9uxp9en-us/hpg_lnk2
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {A75224EB-83FC-4A72-B393-E03B017EF1FE} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\oidocpx1.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BDAgent - c:\program files\BitDefender\BitDefender 2010\bdagent.exe
MSConfigStartUp-BitDefender Antiphishing Helper - c:\program files\BitDefender\BitDefender 2010\IEShow.exe
MSConfigStartUp-Google Update - c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-{835FBE3E-57D2-BDB6-FE6A-58FBB8030F06} - c:\documents and settings\owner\Application Data\Qivuid\caawh.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 23:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D44446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82d4a504]; MOV EAX, [0x82d4a580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x82D35908]
3 CLASSPNP[0xF857605B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x82C718D0]
\Driver\atapi[0x82D285A0] -> IRP_MJ_CREATE -> 0x82D44446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; PUSH EAX; MOV EAX, 0x337; POP EAX; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x628; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82D44292
\Driver\atapi -> 0x82d861f8
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Internet Explorer\iexplore.exe
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe
.
**************************************************************************
.
Completion time: 2010-11-17 23:08:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 12:08
ComboFix2.txt 2010-07-04 06:40

Pre-Run: 33,667,829,760 bytes free
Post-Run: 33,662,070,784 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F766F5762499471F2B805E3DC5185E5E

[ + quote]

Page:	< Previous	1	2

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > deadly 66.230.188.67 virus


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.