something awful

[philtro]

ok here's the latest:


SDFix: Version 1.240
Run by plb on Fri 11/28/2008 at 10:31 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 22:40:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 26 Nov 2008 4,348 A.SH. --- "C:\profiles\All Users\DRM\DRMv1.bak"
Fri 21 Nov 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Wed 26 Nov 2008 0 A.SH. --- "C:\profiles\All Users\DRM\Cache\Indiv02.tmp"

Finished!

[jholland1964]

I would like you to go to the following page:

http://virusscan.jotti.org/

and upload the following files for scanning.
Report back with the info.

c:\windows\system32\VCCLSID.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe

[philtro]

first one found:

c:\windows\system32\VACFix.exe

File: VACFix.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 81bc780e5fd520838c6a417840127635
Packers detected:
PE_PATCH.UPX, UPX

Norman Virus Control
Found W32/Smalldrp.APNN


still need to scan:

c:\windows\system32\IEDFix.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\WS2Fix.exe

[philtro]

next and last positive:

c:\windows\system32\IEDFix.exe

File: IEDFix.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 799a9ea3ffb220780ae3d3c11b08d067
Packers detected:
PE_PATCH.UPX, UPX

A-Squared
Found Hoax.Win32.Renos.vaoz!A2
AntiVir
Found nothing
ArcaVir
Found Trojan.Packed.Cryptexe