Jump to content
Sign in to follow this  
Mr Shankly

Maximum number of secrets?

Recommended Posts

i already removed last thing i installed one of being uniccodec only other codec's i have is divix to run win avi hmmmmmmmm

Share this post


Link to post
Share on other sites
i already removed last thing i installed one of being uniccodec

 

that's not a program or a codec

 

It's a malware suite, backdoor trojan dns changer and rootkit

Share this post


Link to post
Share on other sites

sounds like a nasty bugger great. leave it to me thanks for the info chewy and the files lightning waiting on info from bleeping computers but it's looking like a complete flush and fill

Share this post


Link to post
Share on other sites
Dunno if its already been suggested or if it helps but I've read on other forums that Dr Web AV helps with this...

 

Sorry for posting this info late, think I've got swine flu...came out in rashers...

 

Hi I follow this and it works!! :D

This error message appear today at DVD Decrypter and Power ISO also couldn

Share this post


Link to post
Share on other sites

Thank you for letting us know the outcome Alex :thumbup:

 

spinner

Share this post


Link to post
Share on other sites

New cases keep springing up every day now about this :(

 

Soon this thread will start slipping down the thread list and as has been shown most newbies don't/can't search efficiently.

 

Recommend stickying this thread, at least temporarily.

 

Just my 1.6 cents worth (adjusting for economic downturn).

Share this post


Link to post
Share on other sites

Maximum number of secrets error, if infected with malware should be easily confirmed by other symptoms, popups, browser redirects and warning from resident security programs.

 

Such an infection is extremely dangerous as it involves rootkit(s) and backdoor trojans

 

A complete repartition and format of your hard drive with proper precaution to prevent reinfection is the best option.

 

Here's the standard response given for such infections

 

One or more of the identified infections is a rootkit/backdoor trojan.

 

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

 

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

 

Someone may still be able to clean this machine but we can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

 

Removing such infections and possible repair of damage, usually requires advanced tools and the help of trained experts.

 

At the bottom of this link is a list of "approved" HJT forums where helpers have received this training.

 

Expect to wait for help as the training is so intensive there is always a shortage of helpers.

 

http://www.bleepingcomputer.com/combofix/h...combofix#forums

Share this post


Link to post
Share on other sites

your welcome although not sure how i solved it but your still welcome and thanks for the post on bleeping tried an still no luck

Share this post


Link to post
Share on other sites

Until you told us about the infector(uniccodec) all I had to search for was Maximum number of secrets. Searching for uniccodec

led me to threads where a nasty rootkit was being removed.

 

The last clue(the infector) solved the puzzle

 

uniccodec

 

http://www.bleepingcomputer.com/forums/ind...mp;hl=uniccodec

 

c:\program files\INSTALL.LOG

c:\recycler\S-3-7-83-100021929-100011541-100016078-3385.com

c:\windows\emMON.exe

c:\windows\setup.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\drivers\gxvxcowqowfilruwevyqfhsrblugdstnncnel.sys

c:\windows\system32\gxvxccounter

c:\windows\system32\gxvxcwdynvqlpuoxusqaafouuakouafncrsum.dll

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

 

2009-04-19 04:11 . 2009-04-19 04:11 -------- d-----w c:\program files\UNICCodec

Share this post


Link to post
Share on other sites

well again your welcome and you will be glad to know that dr web works it detected the .sys file deleted it rebooted my computer no more redirects and both my cd burner and my dvd reader are detected the error is gone

Share this post


Link to post
Share on other sites

running mbam now so far so good no objects found thanks all for the help i now have a place to go to for info if i have any more problems mbam found an additional 10 items all cleared now again thanks for all the help

Edited by wolfj

Share this post


Link to post
Share on other sites

Don't forget to do a full run, even though a quick scan should find that shit.

 

Regards

Share this post


Link to post
Share on other sites

I had a problem where my burning software just couldn't recognize my 2 dvd burners. So I was going nuts over last couple of weeks until I found you.

 

RootRepeal crashes, no use. I tried GMER in safe mode and I managed to DISABLE service/shitware that was bothering me - hidden sys extension. (deleting didn't work out).

 

Everything is normal now.

 

So, big thanks :thumbup:

 

 

-----------------------------------------------

 

here is the log

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-05 18:35:38

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

Code 82E68690 ZwEnumerateKey

Code 82FAC730 ZwFlushInstructionCache

Code 823CB2FE IofCallDriver

Code 82DE9666 IofCompleteRequest

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs LF30XP.sys

 

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\drivers\ovfsthxdtpwgrft.sys (*** hidden *** ) [sYSTEM] ovfsthxqfulvbwp <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.15 ----

Edited by Hrvoje19

Share this post


Link to post
Share on other sites

Disabling or unloading the service may allow another program to kill the sob that loads it at bootup and all the associated files it's been hiding that take over your computer.

 

There are no quick cures or simple fixes with battling a serious infection except format C

 

If rootrepeal crashes I would suspect a witches brew of drive emulation like daemon tools light and/or alcohol and/or a hosed system bus.

 

Of course in your case it may just have been Eset

Share this post


Link to post
Share on other sites

Well, I do have daemon tools installed. You think uninstalling them would help?

Edited by Hrvoje19

Share this post


Link to post
Share on other sites

Despite its unpopularity, I have DT Lite 4.30.3 installed and operate without difficulty.

 

Regards

Share this post


Link to post
Share on other sites

Having DT lite installed and not having any problems would seem irrelevant to someone trying to remove a dangerous back door trojan rootkit.

 

We often see disabling or uninstalling certain legitimate programs as a requirement for cleaning an infection, a simlar analogy would be disabling all filter drivers in an attempt to cleaning the system bus and enabling Imgburn to function.

Share this post


Link to post
Share on other sites
For anyone reading this thread, the free 'Dr. Web' program is called 'CureIt!' and it can be downloaded from here - http://www.freedrweb.com/

 

hey im new to the burning scene and have had this messege come up after burning counltes programes games and movies and aparintly i have something wrong with my pc so imgburn wont detect my drivers so hopefully one i remove the bad stuff it will work again thanks alot for this thread and thanks alot for img burn great program

Share this post


Link to post
Share on other sites
For anyone reading this thread, the free 'Dr. Web' program is called 'CureIt!' and it can be downloaded from here - http://www.freedrweb.com/

 

hey im new to the burning scene and have had this messege come up after burning counltes programes games and movies and aparintly i have something wrong with my pc so imgburn wont detect my drivers so hopefully one i remove the bad stuff it will work again thanks alot for this thread and thanks alot for img burn great program

 

Keep us updated!!!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.