Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: A trojan that exists but does not? (gert0.dll)

10 Sep 2010   #31
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

Wow, this must be some serious piece of software!

Anyway, here's the ComboFix log, and a new HJT one too:

Btw, it must've took nearly 40 minutes to do all the scanning!




Attached Files
File Type: txt ComboFix.txt (21.6 KB, 10 views)
File Type: log hijackthis.log (9.7 KB, 6 views)
My System SpecsSystem Spec
.
10 Sep 2010   #32
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Navigate to this file C:\comment.htt, make sure you have hidden files and folders set to show, so you can find it.

Upload it to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! have it scanned and save the log to post back here.
My System SpecsSystem Spec
11 Sep 2010   #33
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

Hmmm, it says the file is not found.

Could this be because I've restarted my computer since then?

My System SpecsSystem Spec
.

11 Sep 2010   #34
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download OTMoveIt from here:
http://oldtimer.geekstogo.com/OTM.exe
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    Code:
    :Processes
     
    :Services
     
    :Reg
     
    :Files
    C:\comment.htt
    c:\windows\winstart.bat
     
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • The list will be processed and the results for each line will be displayed in the right-hand pane.
  • Highlight everything in the Results window, press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
My System SpecsSystem Spec
12 Sep 2010   #35
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

Results window? I presume you mean everything in the OTM log file (I also assume it's the same info as what was in the right-hand column?)?

(and btw, I thought I'd try and see if VirSCAN could detect the comment.htt file again after moving it, but to no avail)


Attached Files
File Type: log 09122010_173523.log (3.4 KB, 7 views)
My System SpecsSystem Spec
12 Sep 2010   #36
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\comment.htt folder moved successfully.
c:\windows\winstart.bat moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gareth
->Temp folder emptied: 1678124 bytes
->Temporary Internet Files folder emptied: 15002883 bytes
->Java cache emptied: 20112950 bytes
->FireFox cache emptied: 160458057 bytes
->Google Chrome cache emptied: 92304208 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10890 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Temporary
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6761155 bytes
->FireFox cache emptied: 72318300 bytes
->Flash cache emptied: 1927 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15978 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3194296 bytes

Total Files Cleaned = 355.00 mb


OTM by OldTimer - Version 3.1.16.0 log created on 09122010_173523
Files moved on Reboot...
Registry entries deleted on Reboot...
Looks like OTM found and deleted it

Did you notice your computer not working right ater opening an email?
ThreatExpert Report: Email-Worm.Rays, W32.Wullik@mm, Email-Worm.Win32.Rays.c, W32/Wukill.worm.gen..
My System SpecsSystem Spec
12 Sep 2010   #37
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
14 Sep 2010   #38
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

Quote   Quote: Originally Posted by Jacee View Post
Looks like OTM found and deleted it

Did you notice your computer not working right ater opening an email?
ThreatExpert Report: Email-Worm.Rays, W32.Wullik@mm, Email-Worm.Win32.Rays.c, W32/Wukill.worm.gen..
btw, how could you tell that OTM found and deleted it based on that log file? To me it just looks like it's cleared the cache out, and moved comment.htt & winstart.bat to a different location (but not deleted it).

I haven't really had any problems with my computer (as far as I know), and I don't remember opening any e-mails from someone who I don't know [also. 'as far as I remember']

Quote   Quote: Originally Posted by Jacee View Post
I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
I'm not sure if this was what I've been after for ages now, but ESET has found and deleted 4 threats on my computer.

Here's the log file you requested


Attached Files
File Type: txt ESET results.txt (485 Bytes, 9 views)
My System SpecsSystem Spec
14 Sep 2010   #39
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Use Shark007's codecs .. Shark007.net - Windows 7 Codecs - WMP12 Codecs (download from MajorGeeks)
How is your computer running now?

Quote:
Trojan.Packed.Autoit.Gen can bring about:
  • Infamous Blue Screen of Death Errors brought by Trojan.Packed.Autoit.Gen
  • Constantly appeared system freezes
  • Network corruption Serious data loss caused by Trojan.Packed.Autoit.Gen
  • Drained system resources
  • Applications freezing
  • Computer reboot failure
  • Advertisements bombard by Trojan.Packed.Autoit.Gen
  • System setting and software setting have been rewritten by Trojan.Packed.Autoit.Gen
  • Browser with additional components come with Trojan.Packed.Autoit.Gen
My System SpecsSystem Spec
16 Sep 2010   #40
Gaz1701

Windows 7 Home Premium 64-bit (6.1, Build 7601)
 
 

It seems to be running fine, although TBH I can't really tell much difference in my compter's performance anyway (ie. it didn't really show any of those signs before-hand anyway; although I did get a few BSODs a while back before I knew about this, so who knows?).

Does explorer.exe not loading up after I login (just today) be part of the list?


I'd still like to know how you could tell that OTM found and deleted it based on that log file? To me it just looks like it's cleared the cache out, and moved comment.htt & winstart.bat to a different location (but not deleted it).
My System SpecsSystem Spec
Reply

 A trojan that exists but does not? (gert0.dll)




Thread Tools




Similar help and support threads
Thread Forum
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
A connection with a name you specified already exists!
Hi, My network adapter is named Local area connection 6 for unknown reasons http://i.imgur.com/Zwu1wDh.png I tried renaming it to Local area connection 1-5, but all were failed http://i.imgur.com/U9LynXz.png I tried hidden driver remover but still no use.:( Here is a screenshot of network...
Network & Sharing
White / Beige Blu-ray Drive Exists?
Hey Guys, I was putting some new life into an old (beige) computer I built a few years ago, and was curious if anyone has seen any internal blu-ray players that were white? Looking at newegg, all I see currently are black ones: Newegg.com - Blu-ray Drives, Blu-ray Readers I want to match...
Hardware & Devices
ATI 3D Rage II+ driver needed (if something like that exists)
hi everyone! first time i'm here. i've been browsing sevenforums before and i quite liked it, so i'm feeling positive about my situation :) i'm trying to find a driver, or just to set up my screen refresh rate to something more than painful 60Hz. i'm using LG Flatron CRT monitor T710B and ATI 3D...
Drivers
Printer port already exists
New to forum I was trying to add an HP 1200SE printer manually by way of linksys printer server(no Win 7 updated drivers). After configuring it, it didn't work so I attempted to redo entries. I now get a message "port already exists" after I deleted the previous install. How do I delete...
Hardware & Devices
No minidump folder exists (it is enabled)
A process or thread crucial to the system operation has unexpectedly exited or been terminated. STOP: 0x000000F4 0x0000000000000003 0xFFFFFA800C2F1E10 0xFFFFF8000318BDBO I don't know what to do or how to find what the cause is.
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:23.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App