3d.exe
|
3d.exe , RunDLL32 -> removeZitat: auf eine Datei in der Systemsteuerung zugreifen will, kommt immer die Fehlermeldung "Ein anderes Programm greift gerade auf diese Datei zu!"
datfindbat
Verzeichnis von C:\WINDOWS\system32 05.11. 13:28 306.681 RunDLL32
Silentrunner
Start > Ausführen --> reinschreiben --> cmd
Verzeichnis von c:\WINDOWS\$NtServicePackUninstall$ 18.08.2001 11:00 32.256 rundll32.exe 1 Datei(en) 32.256 Bytes Verzeichnis von c:\WINDOWS\Prefetch 03.11.2006 16:13 4.744 RUNDLL32.EXE-173DF89B.pf 05.11.2006 12:01 2.934 RUNDLL32.EXE-230BB05F.pf 25.10.2006 15:18 10.974 RUNDLL32.EXE-451FC2C0.pf 05.11.2006 12:01 4.960 RUNDLL32.EXE-46FC1899.pf 4 Datei(en) 23.612 Bytes Verzeichnis von c:\WINDOWS\ServicePackFiles\i386 03.08.2004 23:58 33.792 rundll32.exe 1 Datei(en) 33.792 Bytes Verzeichnis von c:\WINDOWS\system32 08.11.2006 12:48 460.405 RunDLL32 18.08.2001 11:00 10.240 rundll32.exe
Combofix
((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 )))))))))))))))))))))))))))))))))) 2006-10-30 20:33 10,240 --a------ C:\WINDOWS\3d.exe
Avenger
Start > Ausführen --> reinschreiben --> cmd
und ok. kopiere rein
Complete scanning result of "3d.exe", received in VirusTotal at 11.05.2006, 15:43:56 (CET). AntiVir 7.2.0.37 11.03.2006 TR/Small.JS.52 Authentium 4.93.8 11.05.2006 W32/Backdoor.OXF Avast 4.7.892.0 11.03.2006 no virus found AVG 386 11.04.2006 Generic2.AM BitDefender 7.2 11.05.2006 BehavesLike:Win32.ExplorerHijack CAT-QuickHeal 8.00 11.04.2006 no virus found ClamAV devel-20060426 11.05.2006 Trojan.Small-290 DrWeb 4.33 11.05.2006 Trojan.KeyLogger.603 eTrust-InoculateIT 23.73.45 11.03.2006 no virus found eTrust-Vet 30.3.3176 11.03.2006 no virus found Ewido 4.0 11.05.2006 Trojan.Small.js Fortinet 2.82.0.0 11.05.2006 W32/Small.JS!tr!01 F-Prot 3.16f 11.04.2006 security risk named W32/Backdoor.OXF F-Prot4 4.2.1.29 11.04.2006 W32/Backdoor.OXF Ikarus 0.2.65.0 11.03.2006 no virus found Kaspersky 4.0.2.24 11.05.2006 Trojan.Win32.Small.js McAfee 4888 11.03.2006 no virus found Microsoft 1.1609 11.04.2006 no virus found NOD32v2 1.1853 11.03.2006 Win32/Small.JS Norman 5.80.02 11.03.2006 W32/Smalltroj.JRE Panda 9.0.0.4 11.04.2006 no virus found Sophos 4.10.0 10.26.2006 no virus found TheHacker 6.0.1.112 11.03.2006 no virus found UNA 1.83 11.03.2006 Trojan.Win32.Small.AA40 VBA32 3.11.1 11.04.2006 no virus found VirusBuster 4.3.15:9 11.05.2006 Trojan.Small.EEO anderer Rechner
RunDLL32.exe is loading from an odd location in your registry (this could cause your Control
Panel problems) but it is not identified as a Microsoft file and it should be.
This could mean that it has been overwritten by malware.
http://discussions.virtualdr.com/showthread.php?t=209969
HKLM\Software\Microsoft\Active Setup\Installed Components\
{016926EC-A7C2-EB46-0200-040003000402}\(Default) = (no title provided)
\StubPath = "C:\WINDOWS\System32\RunDLL32.exe" [null data]
Start - Ausführen - cmd - reinkopieren:
Type Y and hit Enter Go to Start > Run and type: cmd.exe and ok. Copy and paste the below string after the prompt > and hit Enter.
Directory of c:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\EXZ0H8JA 08/27/2006 11:43 PM 12,324 rundll32[1].htm 1 File(s) 12,324 bytes Directory of c:\Documents and Settings\User\My Documents 08/27/2006 10:37 PM 39,460 RunDLL32 1 File(s) 39,460 bytes Directory of c:\WINDOWS\I386 08/10/2004 08:00 AM 11,853 RUNDLL32.EX_ 1 File(s) 11,853 bytes Directory of c:\WINDOWS\system32 09/01/2006 11:29 PM 16,366 RunDLL32 08/03/2004 06:59 PM 10,240 rundll32.exe 2 File(s) 26,606 bytes
Start -Ausführen - cmd - reinkopieren:
Directory of c:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\EXZ0H8JA 09/02/2006 01:18 AM 64,142 iexplore.exe[1].htm 1 File(s) 64,142 bytes Directory of c:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\G9AZKXAB 09/02/2006 01:15 AM 28,744 iexploreexe_has_generated_an_error_now_what[1].htm 1 File(s) 28,744 bytes Directory of c:\Program Files\Internet Explorer 08/10/2004 08:00 AM 93,184 IEXPLORE.EXE 1 File(s) 93,184 bytes Directory of c:\WINDOWS\Help 08/10/2004 08:00 AM 204,810 iexplore.chm 08/10/2004 08:00 AM 180,335 iexplore.hlp 2 File(s) 385,145 bytes Directory of c:\WINDOWS\I386 08/10/2004 08:00 AM 199,077 IEXPLORE.CH_ 08/10/2004 08:00 AM 37,895 IEXPLORE.EX_ 08/10/2004 08:00 AM 59,881 IEXPLORE.HL_ 3 File(s) 296,853 bytes Directory of c:\WINDOWS\Prefetch 09/02/2006 01:22 AM 13,146 IEXPLORE.EXE-27122324.pf 1 File(s) 13,146 bytes
Avenger
Start -Ausführen - cmd - reinkopieren:
Kaspersky - Onlinescan
Infected Object Name Virus Name Last Action C:\avenger\backup-Sun 09.03.2006-11.11.33.00.zip/avenger/rundll32.exe Infected: Trojan.Win32.Small.js skipped C:\WINDOWS\3d.exe Infected: Trojan.Win32.Small.js skipped C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP79\A0017056.exe Infected: Trojan.Win32.Small.js skipped C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP91\A0017500.exe/instw32.exe Infected: Trojan-Dropper.Win32.DNet.b skipped |
