Help - Search - Members - Calendar
Full Version: I think I'm infected - Please Help
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
dilleyo725
Feb 12 2009, 05:55 PM
Hi,

I just ran my antivirus scan and discovered that I have some virus called W32.Parite.B. I also ran malware which found some kind of backdoorBOT. I've noticed that my internet starts up slower and find myself frequently scanning my computer after I've already quarantined the same viruses. I feel paralyzed since I don't know what information can be compromised. If anyone can please take a look at my logs I would greatly appreciate it.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.33
Database version: 1739
Windows 5.1.2600 Service Pack 3

2/11/2009 12:12:10 PM
mbam-log-2009-02-11 (12-12-10).txt

Scan type: Quick Scan
Objects scanned: 60298
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\temp\qla2.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\Documents and Settings\Chris Chua\Local Settings\temp\gbmD7.tmp (Backdoor.ProRat) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\temp\qla2.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\Documents and Settings\Chris Chua\Local Settings\temp\gbmD7.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\WINDOWS\temp\oba1A.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\uba1B.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.


Clamwin Log:



Scan Started Sun Feb 08 11:07:22 2009

-------------------------------------------------------------------------------



WARNING: Can't open file \\?\C:\Documents and Settings\Chris Chua\Application Data\Mozilla\Firefox\Profiles\sv7eubcp.default\places.sqlite-journal, Permission denied

WARNING: Can't open file \\?\C:\Documents and Settings\Chris Chua\Local Settings\temp\etilqs_7phDvI3mAYLrZIbUVos5, Permission denied

WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\chandir.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\chn.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\D0000000.FCS, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\L0000018.FCS, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\prs.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\prs_die.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\prs_dnd.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\prs_ext.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\prs_rcv.idx, Permission denied

WARNING: Can't open file \\?\C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Chris Chua\Data\storydb.idx, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied



C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Driver2\CNMPV.EXE: W32.Parite.B FOUND

C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Driver2\CNMQUEUE.EXE: W32.Parite.B FOUND

C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Driver2\CNMSMSD.EXE: W32.Parite.B FOUND

C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Driver2\CNMSTMN.EXE: W32.Parite.B FOUND

C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\Cnmvsa.exe: W32.Parite.B FOUND

C:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\helpkicker.exe: W32.Parite.B FOUND

C:\dell\ATAPI.EXE: W32.Parite.B FOUND

C:\dell\EXPRESS.EXE: W32.Parite.B FOUND

C:\dell\MediaDirect\XPePatch_070512.exe: W32.Parite.B FOUND

C:\dell\Utilities\DSR\DSRIRRemv2.exe: W32.Parite.B FOUND

C:\dell\UWAKEOFF.exe: W32.Parite.B FOUND

C:\dell\UWAKEON.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\DellSupportODBK.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\TransferAgentSetup.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\fix\DellSupportODBK.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\RunGdp.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportODBK.exe: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\MakeDesktopShortcut.EXE: W32.Parite.B FOUND

C:\Documents and Settings\All Users\Application Data\3276BE95_AF08_429F_A64F_CA64CB79BCF6\x86\DifXInstall32.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Application Data\Azureus\plugins\azemp\azmplay.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Application Data\Microsoft\Installer\37E1EB56-C59B-4C5C-B0B3-B5076046EF8A\DesktopMgr.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Application Data\U3\temp\cleanup.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Application Data\U3\temp\Launchpad Removal.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Desktop\Spyware Tools\ATF-Cleaner.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\redist\WindowsInstaller-KB893803-v2-x86.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\redist\WindowsServer2003-KB898715-ia64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\redist\WindowsServer2003-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\redist\WindowsServer2003-KB898715-x86-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\redist\WindowsXP-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2348\Setup.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\redist\WindowsInstaller-KB893803-v2-x86.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\redist\WindowsServer2003-KB898715-ia64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\redist\WindowsServer2003-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\redist\WindowsServer2003-KB898715-x86-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\redist\WindowsXP-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2424\Setup.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\redist\WindowsInstaller-KB893803-v2-x86.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\redist\WindowsServer2003-KB898715-ia64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\redist\WindowsServer2003-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\redist\WindowsServer2003-KB898715-x86-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\redist\WindowsXP-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\Application Data\Installer2868\Setup.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\temp\Div55.tmp\DivXInstaller.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\temp\Patcher\Patcher524\RTPatch\patch.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\temp\seagate\BlackArmor.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\Local Settings\temp\seagate\monFDE.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\redist\WindowsInstaller-KB893803-v2-x86.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\redist\WindowsServer2003-KB898715-ia64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\redist\WindowsServer2003-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\redist\WindowsServer2003-KB898715-x86-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\redist\WindowsXP-KB898715-x64-enu.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Adobe CS3\Photoshop\Adobe CS3\Setup.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Downloaded Program Updates\Update Manager\DLA Update 4.98\dla498.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Downloaded Program Updates\Update Manager\RecordNow Audio (Basic) 2.0.0.1\Audio2001Basic.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Downloaded Program Updates\Update Manager\RecordNow Copy (Basic) 2.0.0.1\Copy2001Basic.exe: W32.Parite.B FOUND

C:\Documents and Settings\Chris Chua\My Documents\Downloaded Program Updates\Update Manager\RecordNow Data (Basic) 2.0.0.1\Data2001Basic.exe: W32.Parite.B FOUND

C:\drivers\audio\onboard\stacsv.exe: W32.Parite.B FOUND

C:\drivers\audio\onboard\stsystra.exe: W32.Parite.B FOUND

C:\drivers\audio\onboard\suhlp.exe: W32.Parite.B FOUND

C:\drivers\i960xp173eusZ\cnmunins.exe: W32.Parite.B FOUND

C:\drivers\i960xp173eusZ\cnmvsa.exe: W32.Parite.B FOUND

C:\drivers\i960xp173eusZ\setup.exe: W32.Parite.B FOUND

C:\drivers\modem\onboard\HXFSetup.exe: W32.Parite.B FOUND

C:\drivers\modem\onboard\kb888111.exe: W32.Parite.B FOUND

C:\drivers\modem\onboard\Setup.exe: W32.Parite.B FOUND

C:\drivers\video\onboard\hkcmd.exe: W32.Parite.B FOUND

C:\drivers\video\onboard\ialmudlg.exe: W32.Parite.B FOUND

C:\i386\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\$NtServicePackUninstall$\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\$NtUninstallKB890859$\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\$NtUninstallKB925902$\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\ServicePackFiles\i386\user32.dll: Worm.Pinit-4 FOUND

C:\WINDOWS\system32\user32.dll: Worm.Pinit-4 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 512575

Engine version: 0.91.2

Scanned directories: 10869

Scanned files: 93475

Skipped non-executable files: 2786

Infected files: 79



Data scanned: 25212.50 MB

Time: 20225.422 sec (337 m 5 s)

--------------------------------------

Completed

--------------------------------------

Thanks in advance.


LoPhatPhuud
Feb 13 2009, 03:30 PM
Is this the same computer as this log?
http://gladiator-antivirus.com/forum/index...mp;#entry225449
dilleyo725
Feb 13 2009, 05:25 PM
Yes, sorry LPP. I had thought that maybe my first post was overlooked. Sentinel and Chachazz already addressed multiple posting with me. I apologize. I just wasn't sure if my first post fell through the - Read our board rules -s as I'm sure you guys are super busy.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.