Previous Topic Next Topic

Ituneshelper.vbe

Closed
sonialiu Posts 3 Registration date Tuesday December 10, 2013 Status Member Last seen December 10, 2013 - Dec 10, 2013 at 10:59 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Dec 10, 2013 at 01:52 PM
Hello,
I have also the problem of Ituneshelper.vbe virus, I just done the scan using the program.

My report is:

############################## | UsbFix V 7.153 | [Deletion]

User: user (Administrator) # USER-4AEEF16D51
Updated 09/12/2013 by El Desaparecido - Team SosVirus
Started at 12:57:05 | 10/12/2013

Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Apple Inc. (Mac-F22587C8)
CPU: Processore Intel Pentium III Xeon
RAM -> [Total : 2791 | Free : 1640]
Bios: Apple Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Google Chrome : 24.0.1312.57

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 122 Gb (10 Mb free - 8%) [BOOTCAMP] # NTFS
D:\ -> Removable drive # 7 Gb (3 Mb free - 44%) [YANJUN] # FAT32
E:\ -> CD-ROM
G:\ -> Fixed drive # 176 Gb (4 Mb free - 2%) [Macintosh HD] # HFS

################## | Stopped processes |

Stopped! C:\WINDOWS\system32\nvsvc32.exe (ID: 1212 |ParentID: 1024)
Stopped! C:\Programmi\360\360sd\360rps.exe (ID: 1428 |ParentID: 1024)
Stopped! C:\Programmi\360\360safe\deepscan\zhudongfangyu.exe (ID: 1676 |ParentID: 1024)
Stopped! C:\WINDOWS\system32\spoolsv.exe (ID: 1944 |ParentID: 1024)
Stopped! C:\WINDOWS\system32\WgaTray.exe (ID: 160 |ParentID: 976)
Stopped! C:\WINDOWS\Explorer.EXE (ID: 180 |ParentID: 2032)
Stopped! C:\WINDOWS\system32\ctfmon.exe (ID: 168 |ParentID: 180)
Stopped! C:\WINDOWS\system32\RUNDLL32.EXE (ID: 628 |ParentID: 180)
Stopped! C:\WINDOWS\system32\rundll32.exe (ID: 648 |ParentID: 180)
Stopped! C:\Programmi\Boot Camp\Bootcamp.exe (ID: 652 |ParentID: 180)
Stopped! C:\Programmi\360\360safe\safemon\360Tray.exe (ID: 668 |ParentID: 180)
Stopped! C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (ID: 676 |ParentID: 180)
Stopped! C:\Program Files\SogouMobileTool\SogouMobileToolHelper.exe (ID: 700 |ParentID: 180)
Stopped! C:\WINDOWS\system32\wscript.exe (ID: 688 |ParentID: 180)
Stopped! C:\Programmi\360\360sd\360sd.exe (ID: 272 |ParentID: 180)
Stopped! C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe (ID: 588 |ParentID: 180)
Stopped! C:\Programmi\Autodesk\Autodesk Sync\AdSync.exe (ID: 1460 |ParentID: 180)
Stopped! C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe (ID: 420 |ParentID: 588)
Stopped! C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (ID: 352 |ParentID: 180)
Stopped! C:\Programmi\360\360safe\SoftMgr\SML\SoftMgrLite.exe (ID: 2016 |ParentID: 668)
Stopped! C:\WINDOWS\system32\AppleOSSMgr.exe (ID: 2164 |ParentID: 1024)
Stopped! C:\WINDOWS\system32\AppleTimeSrv.exe (ID: 2196 |ParentID: 1024)
Stopped! C:\Programmi\Autodesk\Content Service\Connect.Service.ContentService.exe (ID: 2240 |ParentID: 1024)
Stopped! C:\Programmi\Bonjour\mDNSResponder.exe (ID: 2396 |ParentID: 1024)
Stopped! C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (ID: 2476 |ParentID: 1024)
Stopped! C:\SIMULIA\Documentation\monitor.exe (ID: 2716 |ParentID: 1024)
Stopped! C:\Programmi\360\360sd\360rp.exe (ID: 2824 |ParentID: 1428)
Stopped! C:\SIMULIA\Documentation\monitor.exe (ID: 3020 |ParentID: 2716)
Stopped! C:\WINDOWS\system32\wuauclt.exe (ID: 3456 |ParentID: 1356)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /installquiet
04 - HKLM\SOFTWARE | Run : [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
04 - HKLM\SOFTWARE | Run : [Apple_KbdMgr] - C:\Programmi\Boot Camp\Bootcamp.exe
04 - HKLM\SOFTWARE | Run : [360Safetray] - "C:\Programmi\360\360safe\safemon\360Tray.exe" /start
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [SogouMobileTool] - C:\Program Files\SogouMobileTool\SogouMobileToolHelper.exe
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\DOCUME~1\user\IMPOST~1\Temp\iTunesHelper.vbe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\SOFTWARE | Run : [360sd] - "C:\Programmi\360\360sd\360sd.exe" /autorun
04 - HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\SOFTWARE | Run : [Akamai NetSession Interface] - "C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
04 - HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\SOFTWARE | Run : [Autodesk Sync] - C:\Programmi\Autodesk\Autodesk Sync\AdSync.exe
04 - HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\DOCUME~1\user\IMPOST~1\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-18\SOFTWARE | Run : [Autodesk Sync] - C:\Programmi\Autodesk\Autodesk Sync\AdSync.exe

################## | Generic Research |

Deleted ! C:\DOCUME~1\user\IMPOST~1\Temp\iTunesHelper.vbe
Deleted ! C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\iTunesHelper.vbe
Deleted ! D:\iTunesHelper.vbe
Deleted ! D:\.fseventsd.lnk
Deleted ! D:\Nuova cartella.lnk
Deleted ! D:\Plan B.lnk
Deleted ! D:\Attachments_20131119.lnk
Deleted ! D:\Plan A.lnk
Deleted ! D:\rev projet avance.lnk
Deleted ! D:\SYLLABUS TECHNOLOGIE DES CONSTRUCTIONS EN BOIS - CHAP10.lnk
Deleted ! D:\2013-11-04-masterplan-PLAN00.lnk
Deleted ! D:\2013-11-07-PLAN01-03-1.lnk
Deleted ! D:\cadastre-LayoutA4.lnk
Deleted ! D:\TESI.lnk
Deleted ! D:\.lnk
Deleted ! D:\.Trashes.lnk
Deleted ! D:\.Spotlight-V100.lnk
Deleted ! D:\pdf.lnk
Deleted ! D:\Urba 2.lnk
Deleted ! D:\RyanairBoardingPass.lnk
Deleted ! D:\1995-1-1_novembre 2004_italiano.lnk
Deleted ! D:\2013-11-20-masterplan.lnk
Deleted ! D:\Labo3.lnk
Deleted ! D:\cadastre-LayoutA0.lnk
Deleted ! D:\cadastre-LayoutA3.lnk
Deleted ! D:\MATLAB SCRIPT.lnk
Deleted ! D:\MATLAB INSTALL FILE.lnk
Deleted ! D:\couese slides of FEM.lnk
Deleted ! D:\System Volume Information.lnk
Deleted ! D:\pathologie tp.lnk
Deleted ! D:\TP.lnk
Deleted ! D:\REV 6.lnk
Deleted ! C:\RECYCLER\S-1-5-21-1202660629-1284227242-1801674531-1003
Deleted ! C:\RECYCLER\S-1-5-21-1202660629-1284227242-1801674531-500

(!) Temporary files deleted.

################## | Reference of comparison MD5 |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\DOCUME~1\user\IMPOST~1\Temp\iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> D:\iTunesHelper.vbe

################## | Comparison MD5 |

Deleted ! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Documents and Settings\Administrator\Impostazioni locali\Temp\iTunesHelper.vbe
Deleted ! Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\iTunesHelper.vbe

################## | Registry |

Deleted ! HKLM\Software\iTunesHelper
Not deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|360Safetray
Deleted ! HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted ! HKU\S-1-5-21-1202660629-1284227242-1801674531-1003\Software\.\.\.\.\Mountpoints2\D

################## | Listing |

[25/05/2013 - 15:31:48 | N | 0 Ko] - C:\ADR_ColdStart.txt
[10/12/2013 - 12:46:03 | N | 7 Ko] - C:\UsbFix [Clean 1] USER-4AEEF16D51.txt
[10/12/2013 - 13:17:27 | A | 8 Ko] - C:\UsbFix [Clean 2] USER-4AEEF16D51.txt
[11/12/2012 - 13:48:43 | N | 0 Ko] - C:\IO.SYS
[11/12/2012 - 13:48:43 | N | 0 Ko] - C:\MSDOS.SYS
[11/12/2012 - 13:48:43 | N | 0 Ko] - C:\CONFIG.SYS
[10/12/2013 - 12:55:46 | ASH | 2095104 Ko] - C:\pagefile.sys
[11/12/2012 - 14:06:02 | N | 2 Ko] - C:\RHDSetup.log
[11/12/2012 - 13:27:50 | SH | 0 Ko] - C:\boot.ini
[14/04/2008 - 13:00:00 | N | 46 Ko | B2DE3452DE03674C6CEC68B8C8CE7C78] - C:\NTDETECT.COM
[14/04/2008 - 13:00:00 | N | 5 Ko] - C:\Bootfont.bin
[11/12/2012 - 13:48:43 | A | 0 Ko] - C:\AUTOEXEC.BAT
[14/04/2008 - 13:00:00 | RASH | 246 Ko] - C:\ntldr
[16/01/2010 - 08:48:12 | D] - C:\Dev-Cpp
[07/12/2010 - 19:16:34 | D] - C:\KNAUF
[11/12/2012 - 14:00:05 | SHD] - C:\System Volume Information
[11/12/2012 - 14:05:21 | D] - C:\Intel
[14/01/2013 - 15:48:54 | D] - C:\360SANDBOX
[14/01/2013 - 21:01:09 | D] - C:\KuGouCache
[25/01/2013 - 10:12:03 | D] - C:\42171afe161d784d7040cb
[04/02/2013 - 18:48:06 | D] - C:\¿áÆÁ×ÊÔ'
[07/02/2013 - 18:42:06 | D] - C:\8eb94cfc020e4f09e6b0f224c21ecc
[02/04/2013 - 15:57:37 | RHD] - C:\MSOCache
[08/04/2013 - 15:03:15 | D] - C:\_AcroTemp
[11/05/2013 - 10:00:26 | D] - C:\ppsfile
[13/10/2013 - 15:54:27 | D] - C:\Documents and Settings
[13/10/2013 - 16:50:25 | D] - C:\Autodesk
[13/10/2013 - 17:03:29 | D] - C:\360Downloads
[06/11/2013 - 21:33:00 | D] - C:\360Rec
[16/11/2013 - 00:28:21 | D] - C:\Programmi
[16/11/2013 - 00:28:31 | D] - C:\SIMULIA
[16/11/2013 - 18:39:05 | D] - C:\WINDOWS
[05/12/2013 - 20:46:36 | D] - C:\Program Files
[05/12/2013 - 22:05:59 | D] - C:\Temp
[10/12/2013 - 08:17:38 | D] - C:\$360Section
[10/12/2013 - 13:16:53 | D] - C:\UsbFix
[10/12/2013 - 13:16:57 | SHD] - C:\RECYCLER
[17/10/2013 - 18:43:42 | SHD] - D:\.Trashes
[17/10/2013 - 18:43:42 | N | 4 Ko] - D:\._.Trashes
[17/10/2013 - 18:43:42 | D] - D:\.Spotlight-V100
[11/09/2013 - 08:15:58 | N | 37285 Ko] - D:\Urba 2.pdf
[26/10/2013 - 13:32:18 | N | 174 Ko] - D:\RyanairBoardingPass.pdf
[26/10/2013 - 13:35:10 | N | 4 Ko] - D:\._RyanairBoardingPass.pdf
[04/11/2013 - 16:31:02 | N | 2191 Ko] - D:\cadastre-LayoutA0.pdf
[04/11/2013 - 16:38:04 | N | 1491 Ko] - D:\cadastre-LayoutA4.pdf
[04/11/2013 - 16:39:02 | N | 1767 Ko] - D:\cadastre-LayoutA3.pdf
[07/11/2013 - 05:18:50 | N | 309 Ko] - D:\2013-11-07-PLAN01-03-1.100-COLORE.pdf
[07/11/2013 - 07:34:26 | N | 222 Ko] - D:\2013-11-04-masterplan-PLAN00.pdf
[19/11/2013 - 23:01:34 | N | 2720 Ko] - D:\1995-1-1_novembre 2004_italiano.pdf
[19/11/2013 - 23:23:14 | N | 4 Ko] - D:\._Urba 2.pdf
[20/11/2013 - 10:20:38 | N | 8991 Ko] - D:\SYLLABUS TECHNOLOGIE DES CONSTRUCTIONS EN BOIS - CHAP10.pdf
[21/11/2013 - 13:10:42 | N | 3919 Ko] - D:\2013-11-20-masterplan.dwg
[21/11/2013 - 17:40:02 | N | 227 Ko] - D:\Labo3.docx
[21/11/2013 - 22:27:28 | N | 4 Ko] - D:\._Labo3.docx
[20/11/2013 - 09:50:04 | N | 4 Ko] - D:\._Attachments_20131119
[06/03/2013 - 15:02:30 | D] - D:\MATLAB SCRIPT
[06/03/2013 - 15:02:30 | D] - D:\couese slides of FEM
[01/11/2013 - 12:54:56 | D] - D:\Plan A
[01/11/2013 - 12:55:00 | D] - D:\Plan B
[04/11/2013 - 11:37:38 | D] - D:\rev projet avance
[04/11/2013 - 16:36:40 | SHD] - D:\System Volume Information
[08/11/2013 - 18:03:44 | D] - D:\TP
[10/11/2013 - 16:47:48 | D] - D:\MATLAB INSTALL FILE
[14/11/2013 - 04:56:30 | D] - D:\REV 6
[18/11/2013 - 23:28:32 | D] - D:\TESI
[20/11/2013 - 09:50:04 | D] - D:\Attachments_20131119
[26/11/2013 - 00:02:18 | D] - D:\doc ??
[26/11/2013 - 00:03:08 | D] - D:\pathologie tp
[28/11/2013 - 12:16:46 | D] - D:\pdf
[26/05/2011 - 14:37:56 | ND] - G:\.vol
[11/12/2012 - 09:18:40 | ND] - G:\.Trashes
[31/08/2009 - 11:25:26 | N | 0 Ko] - G:\.com.apple.timemachine.supported
[10/12/2012 - 17:48:11 | ND] - G:\.Spotlight-V100
[11/07/2013 - 14:52:02 | N | 0 Ko] - G:\libpeerconnection.log
[26/05/2011 - 15:02:50 | N | 4 Ko] - G:\.journal_info_block
[26/05/2011 - 15:02:50 | N | 24576 Ko] - G:\.journal
[09/12/2013 - 22:33:27 | ND] - G:\.fseventsd
[23/06/2009 - 07:19:52 | N | 0 Ko] - G:\.file
[05/12/2012 - 10:59:59 | N | 16 Ko] - G:\.DS_Store (dal vecchio Mac)
[01/04/2013 - 16:06:17 | N | 16 Ko] - G:\.DS_Store
[10/12/2012 - 17:51:14 | N | 0 Ko] - G:\.com.apple.timemachine.donotpresent (dal vecchio Mac)
[31/08/2009 - 13:37:59 | N | 0 Ko] - G:\.com.apple.timemachine.donotpresent
[09/12/2013 - 13:07:47 | N | 0 Ko] - G:\.dbfseventsd
[10/08/2013 - 22:28:31 | N | 256 Ko] - G:\.hotfiles.btree
[23/06/2009 - 07:19:46 | ND] - G:\Network
[23/06/2009 - 07:19:46 | ND] - G:\dev
[03/09/2009 - 11:54:20 | ND] - G:\private
[03/09/2009 - 12:00:17 | ND] - G:\net
[03/09/2009 - 12:00:17 | ND] - G:\home
[24/09/2009 - 19:55:14 | ND] - G:\home (dal vecchio Mac)
[26/05/2011 - 14:45:45 | N | 4 Ko] - G:\etc
[26/05/2011 - 15:01:00 | N | 4 Ko] - G:\tmp
[26/05/2011 - 15:02:49 | N | 4 Ko] - G:\var
[08/06/2011 - 00:35:53 | N | 20344 Ko] - G:\mach_kernel
[10/12/2012 - 18:46:08 | ND] - G:\usr
[10/12/2012 - 19:01:54 | ND] - G:\Library
[11/12/2012 - 09:48:49 | ND] - G:\System
[01/04/2013 - 16:47:03 | ND] - G:\Users
[12/10/2013 - 19:25:44 | ND] - G:\bin
[12/10/2013 - 19:25:46 | ND] - G:\sbin
[19/11/2013 - 19:13:23 | ND] - G:\Applications
[09/12/2013 - 22:33:09 | ND] - G:\Volumes

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - https://www.sosvirus.net/ |




1 response

Answer 1 / 1
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 10, 2013 at 12:58 PM
Hello,

The problem persist after use UsbFix or not ?

Gabriel.
0
sonialiu Posts 3 Registration date Tuesday December 10, 2013 Status Member Last seen December 10, 2013
Dec 10, 2013 at 01:08 PM
The problem is solved! I love so very much this program!!! Thanks so much!!
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 10, 2013 at 01:14 PM
Ok good. :)
Would you check your PC, to see if it's really clean ?
0
sonialiu Posts 3 Registration date Tuesday December 10, 2013 Status Member Last seen December 10, 2013
Dec 10, 2013 at 01:51 PM
My USB is already to use again. I'll double check later again.
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 10, 2013 at 01:52 PM
Yes i know, but if you want we can do a diagnostic of your computer to see if any other infection is present.
0