RSS Feed
Twitter
Got an IBM T41 that the Norton 360 program keeps alerting about the Trojan infostealer.gampass; Norton 360 cannot remove/quarantine this Trojan. I used Malwarebytes Anti-malware to scan for the virus, but it could even find it, let alone remove it. the T41 is running Windows XP Pro, the Norton 360 has expired, but the virus was acqired while Norton was still active and not expired.
I have a Ubuntu boot disk and the Bart PE boot disk also.
DDS (Ver_09-12-01.01) – NTFSx86
Run by Sly at 19:27:16.06 on Tue 03/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.121 [GMT -5:00]
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32svchost.exe -k hpdevmgmt
C:Program FilesJavajre6binjqs.exe
C:Program FilesNorton 360Engine3.8.0.41ccSvcHst.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSAGRSMMSG.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesStreamzapRemotezremote.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPalmHotsync.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesMagicDiscMagicDisc.exe
C:Program FilesNorton 360Engine3.8.0.41ccSvcHst.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesHPDigital Imagingbinhpqbam08.exe
C:Program FilesHPDigital Imagingbinhpqgpc01.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32msfeedssync.exe
C:Documents and SettingsSlyDesktopdds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} – c:program filesyahoo!companioninstallscpnyt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} – c:program filesyahoo!companioninstallscpnyt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} – c:program fileshpdigital imagingsmart web printinghpswp_printenhancer.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} – c:program filesnorton 360engine3.8.0.41coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} – c:program filesnorton 360engine3.8.0.41IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} – c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} – c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} – c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} – c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} – c:program filesnorton 360engine3.8.0.41coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} – c:program filesyahoo!companioninstallscpnyt.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [ccApp] “c:program filescommon filessymantec sharedccApp.exe”
mRun: [osCheck] “c:program filesnorton 360osCheck.exe”
mRun: [StreamZap Remote] c:program filesstreamzapremotezremote.exe
mRun: [QuickTime Task] “c:program filesquicktimeqttask.exe” -atboottime
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [hpqSRMon] c:program fileshpdigital imagingbinhpqSRMon.exe
mRun: [iTunesHelper] “c:program filesitunesiTunesHelper.exe”
mRun: [GrooveMonitor] “c:program filesmicrosoft officeoffice12GrooveMonitor.exe”
mRun: [SunJavaUpdateSched] “c:program filesjavajre6binjusched.exe”
StartupFolder: c:docume~1slystartm~1programsstartupmagicd~1.lnk – c:program filesmagicdiscMagicDisc.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphotsyn~1.lnk – c:program filespalmHotsync.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk – c:program fileshpdigital imagingbinhpqtra08.exe
IE: E&xport to Microsoft Excel – c:progra~1micros~2office12EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} – c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} – {48E73304-E1D6-4330-914C-F5F514E3486C} – c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} – {FF059E31-CC5A-4E2E-BF3B-96E929D65503} – c:progra~1micros~2office12REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} – hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254436595947
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: symres – {AA1061FE-6C41-421f-9344-69640C9732AB} – c:program filesnorton 360engine3.8.0.41CoIEPlg.dll
Notify: AtiExtEvent – Ati2evxx.dll
Notify: GoToAssist – c:program filescitrixgotoassist514G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} – c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
================= FIREFOX ===================
FF – ProfilePath – c:docume~1slyapplic~1mozillafirefoxprofilesiu5nvivc.default
FF – component: c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortoncoffplgncomponentscoFFPlgn.dll
FF – component: c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortonipsffplgncomponentsIPSFFPl.dll
FF – component: c:program filesmozilla firefoxcomponentscoFFPlgn.dll
FF – plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF – plugin: c:program filesgoogleupdate1.2.183.17npGoogleOneClick8.dll
FF – HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} – c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF – HiddenExtension: Java Console: no Registry Reference – c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF – HiddenExtension: Java Console: no Registry Reference – c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2010-3-6 28552]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversn360308000.029SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:windowssystem32driversn360308000.029BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversn360308000.029cchpx86.sys [2010-2-2 482432]
R2 N360;Norton 360;c:program filesnorton 360engine3.8.0.41ccSvcHst.exe [2010-2-2 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-3-3 102448]
S1 IDSxpx86;IDSxpx86;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsipsdefs20100224.002IDSXpx86.sys [2010-2-26 329592]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-10-8 133104]
S3 atimtai;atimtai;c:windowssystem32driversatimtai.sys [2009-8-21 281600]
S3 NAVENG;NAVENG;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100305.025NAVENG.SYS [2010-3-5 84912]
S3 NAVEX15;NAVEX15;c:documents and settingsall usersapplication datanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}nortondefinitionsvirusdefs20100305.025NAVEX15.SYS [2010-3-5 1324720]
S3 zremote;zremote;c:windowssystem32driverszremote.sys [2004-3-1 10368]
=============== Created last 30 ================
2010-03-07 03:03:08 28552 —-a-w- c:windowssystem32driverspavboot.sys
2010-03-07 03:01:56 0 d—–w- c:program filesPanda Security
2010-03-07 02:12:30 0 d—–w- c:windowspss
2010-03-05 21:11:21 0 d—–w- c:docume~1slyapplic~1Malwarebytes
2010-03-05 21:11:10 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2010-03-05 21:11:05 19160 —-a-w- c:windowssystem32driversmbam.sys
2010-03-05 21:11:05 0 d—–w- c:docume~1alluse~1applic~1Malwarebytes
2010-03-05 21:11:04 0 d—–w- c:program filesMalwarebytes’ Anti-Malware
==================== Find3M ====================
2009-12-21 19:14:05 916480 —-a-w- c:windowssystem32wininet.dll
2009-12-16 18:43:27 343040 —-a-w- c:windowssystem32mspaint.exe
2009-12-14 07:08:23 33280 —-a-w- c:windowssystem32csrsrv.dll
2009-08-31 18:48:44 32768 –sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009081720090824index.dat
2009-08-31 18:48:44 32768 –sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009083120090901index.dat
============= FINISH: 19:28:53.34 ===============
Posted in 
Tags: 
