Generic.sdbot.d645f474

onlywiseman
edited November 2007 in Malware talk

I did BitDefender scan last night and got the warning that the svchost.exe is infected. BitDefender seems to be removing the malware/virus/etc.


However, whenever I reboot the computer and re-run the scan, the same virus is being detected.


I did scan in safe mode as well.


I just performed another scan and the following is the log and HighJack result before the scan.


Is this false positive? or real virus?


Thanks


//-----------------------------------------------------------------


//


// ProductBitDefender Antivirus Plus v10


// Product10.2


//


// Created on: 27/11/2007 17:17:06


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\


D:\


F:\


G:\


Folders : 8260


Files : 60343


Memory processes scanned : 60


Archives : 85


Runtime packers : 5008


Identified viruses : 2


Infected files : 1


Memory processes infected : 1


Suspect files : 1


Warnings : 0


Disinfected files : 0


Deleted files : 1


Moved files : 0


I/O errors : 9


Scan time : 00:28:15


Scan speed (files/sec) : 35


Spyware Statistics


Registry keys scanned : 2702


Registry keys infected : 0


Cookies scanned : 278


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 0


Virus definitions : 951645


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 7


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[ ] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[X] Programs


[ ] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[ ] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1196201826.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


<System>=>C:\WINDOWS\system32\svchost.exe (memory dump) Infected: Generic.Malware.G!WX!!g.69467997


<System>=>C:\WINDOWS\system32\svchost.exe (memory dump) Disinfection failed


<System>=>C:\WINDOWS\system32\svchost.exe (memory dump) Move failed


<System>=>C:\WINDOWS\system32\svchost.exe (full dump) Infected: Generic.Sdbot.D645F474


<System>=>C:\WINDOWS\system32\svchost.exe (full dump) Deleted


<System> Archive repacking successfully completed (actions successfully applied)


Logfile of HijackThis v1.99.1


Scan saved at 5:16:11 PM, on 11/27/2007


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\ibmpmsvc.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\Ati2evxx.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe


C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\WINDOWS\system32\svchost.exe


c:\program files\lenovo\system update\suservice.exe


C:\WINDOWS\System32\TPHDEXLG.exe


C:\WINDOWS\system32\TpKmpSVC.exe


C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe


C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe


C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


C:\Program Files\Softwin\BitDefender10\vsserv.exe


C:\WINDOWS\system32\acs.exe


C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\System32\svchost.exe


C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe


C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe


C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\WINDOWS\system32\TpShocks.exe


C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe


C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE


C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe


C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe


C:\Program Files\Softwin\BitDefender10\bdagent.exe


C:\Program Files\Logitech\MouseWare\system\em_exec.exe


C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTAPR.exe


C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe


C:\WINDOWS\system32\RunDll32.exe


C:\WINDOWS\system32\rundll32.exe


C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe


C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe


C:\WINDOWS\system32\rundll32.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\MSN Messenger\msnmsgr.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Veoh Networks\Veoh\VeohClient.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe


C:\Program Files\NATEON\BIN\NATEONMain.exe


C:\Documents and Settings\Medical Student\Desktop\HijackThis.exe


O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll


O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll


O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe


O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [TpShocks] TpShocks.exe


O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper


O4 - HKLM\..\Run: [Autoroute SMTP] C:\Program Files\Autoroute SMTP\AutoSmtp.exe


O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE


O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC


O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName


O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"


O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"


O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"


O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" /r


O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe


O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"


O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"


O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor


O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE


O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor


O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe


O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


O4 - HKCU\..\Run: [NATEON] C:\Program Files\NATEON\BIN\NATEON.exe -as


O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide


O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB


O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} (Sysinfo2 Control) - http://speed.nia.or.kr/login/sysinfo2.cab


O16 - DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} (SpeedTest Control) - http://speed.nia.or.kr/speedtest/SpeedTest.cab


O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - http://pacstest.unch.unc.edu/jre/j2re-1_4_...dows-i586-i.exe


O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL


O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL


O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)


O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll


O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll


O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll


O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll


O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe


O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe


O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe


O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)


O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)


O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe


O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe


O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe


O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)


O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)