trojan agnet2.gjl

[blade81 3]

Hi

 

Let's make a test. Have your Internet Explorer web browser open and run DDS again (don't close browser while doing this!). Post back created dds.txt file.

[smichaels8 0]

Here you go.

DDS_4_20_09.txt

Attach_4_20_09.txt

[blade81 3]

Hi

 

Can't see anything there. Let's see if there's anything deeper.

 

Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
  
• Click rootkit-tab and then scan.
  
• Don't check
  Show All
  box while scanning in progress!
  
• When scanning is ready, click Copy.
  
• This copies log to clipboard
  
• Post log in your reply.
  

[smichaels8 0]

Hi

 

Can't see anything there. Let's see if there's anything deeper.

 

Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
  
• Click rootkit-tab and then scan.
  
• Don't check
  Show All
  box while scanning in progress!
  
• When scanning is ready, click Copy.
  
• This copies log to clipboard
  
• Post log in your reply.
  

 

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-21 18:09:06

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667C10]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\SearchIndexer.exe[288] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0124DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0124DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011B1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0125488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01179315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0124DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0124DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01254832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011B1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0136E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0136DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0136DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0136DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0136DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0136E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0136DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3940] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0125488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Program Files\Internet Explorer\iexplore.exe[3172] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[3940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\LastGood 0 bytes

File C:\WINDOWS\LastGood\INF 0 bytes

File C:\WINDOWS\LastGood\INF\oem58.inf 0 bytes

File C:\WINDOWS\LastGood\INF\oem58.PNF 0 bytes

File C:\WINDOWS\LastGood\system32 0 bytes

File C:\WINDOWS\LastGood\system32\DRIVERS 0 bytes

File C:\WINDOWS\LastGood\system32\DRIVERS\Lbd.sys 64160 bytes executable

 

---- EOF - GMER 1.0.15 ----

[blade81 3]

Didn't see anything there. Could you try to uninstall IE 8 to see if same thing still happens with IE 7? Do you have any browser addons installed (Java and Flash plugins excluded)?

[smichaels8 0]

How do I know if I have IE 7 on my computer? All I see is IE8. If I uninstall I have no other way to get online.

[blade81 3]

Hi

 

List of installed programs shows both IE 7 and IE 8 installed. When you uninstall IE 8, you should end up using IE 7.

[smichaels8 0]

When I look in add/ remove programs, all I see is IE8. Should I download Mozilla just to be safe?

[blade81 3]

As I said, " When you uninstall IE 8, you should end up using IE 7" :angry: Having Mozilla Firefox there wouldn't make any harm.

[smichaels8 0]

Here is the new gmer log. Internet explorer may still be on my machine, but I can't find it. Also at about 5:30 every day my adaware turns itself off.

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-05-06 21:29:36

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\SearchIndexer.exe[288] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

[blade81 3]

Internet explorer may still be on my machine, but I can't find it.

 

Hi again,

 

Do you mean that you can't find a way to start Internet Explorer?

 

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here)

@echo off

dir /a /s iexplore.exe >c:\IELocation.txt

Double-click on fixes.bat file to execute it. After that you should have c:\IELocation.txt file there. Post back its contents, please.

 

 

Also at about 5:30 every day my adaware turns itself off.

Please uninstall Ad-aware and reinstall it then. Still same issue?

 

 

 

Re-run DDS and post back its logs too.

[blade81 3]

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !