Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Need Help With Virus Removal, Gen:Trojan.Heur.P.cm4@carBkrf
mariannegamble
post Jul 24 2010, 12:33 AM
Post #1


Newbie


Group: Members
Posts: 5
Joined: 23-July 10
Member No.: 35,475



Bitdefender 2010
MS Windows XP, Home Edition V2 SP3
Desktop HP Pavilion a257c

Virus locations:
C:\WINDOWS\system32\ernel32.dll
C:\WINDOWS\system32\spool\prtprocs\w32x86

computer>properties>"system restore tab" content now looks like the "general" information tab
so there is no obvious way to "turn off system restore"

CD burner stopped working
Flash drive stopped working but now works after running %temp% and deleting temporary files using unlocker 1.8.8
Internet only goes to pop ups

I was able to do a deep scan with bitdefender
I copied the scan log to word, and then to a flash drive
I am very affraid to load it on my laptop, which is what I am using now

Thanks
Go to the top of the page
 
+Quote Post
Cristi
post Jul 24 2010, 09:38 AM
Post #2


Technical Support
*****

Group: Technical Support
Posts: 1,560
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



Hello mariannegamble,

Can you send me by PM the word file containing the deep scan results?
Also run BDSI and GMER and send me by PM the logs.
Note: you need to upload the logs to www.sendspace.com or www.rapidshare.com or on any upload site of your choice and send only the links.

http://kb.bitdefender.com/KB490-en--The-sy...s-infected.html
Go to the top of the page
 
+Quote Post
Cristi
post Jul 25 2010, 06:42 PM
Post #3


Technical Support
*****

Group: Technical Support
Posts: 1,560
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



2 new files were signed as Trojan.BHO.OHU after analyzing the sent logs:

c:\windows\system32\setqp.dll
c:\windows\system32\oetqp.dll

Please run a BitDefender deep scan and post here the results
Note: make sure your BitDefender is up to date before running the scan.
Go to the top of the page
 
+Quote Post
mariannegamble
post Jul 27 2010, 01:36 AM
Post #4


Newbie


Group: Members
Posts: 5
Joined: 23-July 10
Member No.: 35,475



QUOTE (Cristi Raducu @ Jul 25 2010, 01:42 PM) *
2 new files were signed as Trojan.BHO.OHU after analyzing the sent logs:

c:windowssystem32setqp.dll
c:windowssystem32oetqp.dll

Please run a BitDefender deep scan and post here the results
Note: make sure your BitDefender is up to date before running the scan.


I am not able to update BD
Last update 7-19-10 4:12:54
I get an error message

BD Support instructed me to create a rescue cd
System will not boot from the cd
I tried changing the bios to first boot from cd but it would not boot

Start in Safe mode will not work
Start in recovery will not work

I'll run a deep scan and post the results

Thanks,

Marianne
Go to the top of the page
 
+Quote Post
mariannegamble
post Jul 27 2010, 02:17 PM
Post #5


Newbie


Group: Members
Posts: 5
Joined: 23-July 10
Member No.: 35,475



BitDefender Log File


Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 7/27/2010 3:00:02 AM
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1280214002_1_01.xml

Scan paths:
Path 0000: C:\
Path 0001: K:\

Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes

Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured

Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only

Scan Engines Summary
Virus signatures: 6560304
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 14
System plugins: 5
Unpack plugins: 10

Basic
Scanned items: 459768
Infected items: 11
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 11
Unresolved items: 0 (no issues remained unresolved)

Advanced
Scan time: 02:26:53
Files per second: 52
Skipped items: 304129
Password-protected items: 2
Over-compressed items: 0
Individual viruses found: 1
Scanned folders: 46128
Scanned boot sectors: 4
Scanned archives: 3006
Input-output errors: 28
Scanned processes: 70
Infected processes: 0
Scanned registry keys: 1822
Infected registry keys: 0
Scanned cookies: 246
Infected cookies: 0



Resolved issues:Object Path Threat Name Final Status
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2421\A0338742.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2422\A0338754.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2422\A0338755.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2422\A0339754.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2422\A0339755.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2423\A0339767.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2423\A0339768.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2423\A0340767.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2423\A0341772.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine
C:\WINDOWS\system32\ernel32.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine after reboot
C:\WINDOWS\system32\spool\prtprocs\w32x86\M1g9i17q.dll Gen:Trojan.Heur.P.cm4@carBkrf Moved to Quarantine after reboot

Not scanned objects:Object Path Reason: Final Status
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2419\A0338279.apm=>ams_xml_pl.xml Password-protected Not scanned (file was password-protected)
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP2419\A0338279.apm=>ams_xml_temp.xml Password-protected Not scanned (file was password-protected)

Go to the top of the page
 
+Quote Post
mariannegamble
post Jul 28 2010, 05:27 AM
Post #6


Newbie


Group: Members
Posts: 5
Joined: 23-July 10
Member No.: 35,475



I was able to update BF with Cristi's recommendations.
The deep scan was sent in to the customer support email

I restarted the computer after the scan
I was not able to update BD again after that
The computer locked up
on restart it would not load Windows XP
I just run into dead ends when I tried to reboot

The system did attempt to reboot from the cd rom
The BD recover cd gave an error message
I have a set of 6 recovery cds for the computer, the 1st cd would not reboot
I tried a windows xp cd (2003)from my laptop as a repair and did not get very far.
I'm going to take the PC to a local shop and see if they can get windows to reboot and go from there
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st October 2014 - 04:11 PM