wolfj Posted April 29, 2009 Posted April 29, 2009 i already removed last thing i installed one of being uniccodec only other codec's i have is divix to run win avi hmmmmmmmm
chewy Posted April 30, 2009 Posted April 30, 2009 i already removed last thing i installed one of being uniccodec that's not a program or a codec It's a malware suite, backdoor trojan dns changer and rootkit
wolfj Posted April 30, 2009 Posted April 30, 2009 sounds like a nasty bugger great. leave it to me thanks for the info chewy and the files lightning waiting on info from bleeping computers but it's looking like a complete flush and fill
chewy Posted April 30, 2009 Posted April 30, 2009 Answered http://www.bleepingcomputer.com/forums/topic223300.html and thanks for solving a puzzle
Alex Saba Posted April 30, 2009 Posted April 30, 2009 Dunno if its already been suggested or if it helps but I've read on other forums that Dr Web AV helps with this... Sorry for posting this info late, think I've got swine flu...came out in rashers... Hi I follow this and it works!! This error message appear today at DVD Decrypter and Power ISO also couldn
spinningwheel Posted April 30, 2009 Posted April 30, 2009 Thank you for letting us know the outcome Alex spinner
Guzeppi Posted May 1, 2009 Posted May 1, 2009 New cases keep springing up every day now about this Soon this thread will start slipping down the thread list and as has been shown most newbies don't/can't search efficiently. Recommend stickying this thread, at least temporarily. Just my 1.6 cents worth (adjusting for economic downturn).
chewy Posted May 1, 2009 Posted May 1, 2009 Maximum number of secrets error, if infected with malware should be easily confirmed by other symptoms, popups, browser redirects and warning from resident security programs. Such an infection is extremely dangerous as it involves rootkit(s) and backdoor trojans A complete repartition and format of your hard drive with proper precaution to prevent reinfection is the best option. Here's the standard response given for such infections One or more of the identified infections is a rootkit/backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall Someone may still be able to clean this machine but we can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. Removing such infections and possible repair of damage, usually requires advanced tools and the help of trained experts. At the bottom of this link is a list of "approved" HJT forums where helpers have received this training. Expect to wait for help as the training is so intensive there is always a shortage of helpers. http://www.bleepingcomputer.com/combofix/h...combofix#forums
Shamus_McFartfinger Posted May 1, 2009 Posted May 1, 2009 Might be an idea to put this in the FAQ or at least make it a sticky.
wolfj Posted May 1, 2009 Posted May 1, 2009 your welcome although not sure how i solved it but your still welcome and thanks for the post on bleeping tried an still no luck
chewy Posted May 1, 2009 Posted May 1, 2009 Until you told us about the infector(uniccodec) all I had to search for was Maximum number of secrets. Searching for uniccodec led me to threads where a nasty rootkit was being removed. The last clue(the infector) solved the puzzle uniccodec http://www.bleepingcomputer.com/forums/ind...mp;hl=uniccodec c:\program files\INSTALL.LOG c:\recycler\S-3-7-83-100021929-100011541-100016078-3385.com c:\windows\emMON.exe c:\windows\setup.exe c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\gxvxcowqowfilruwevyqfhsrblugdstnncnel.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxcwdynvqlpuoxusqaafouuakouafncrsum.dll c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll 2009-04-19 04:11 . 2009-04-19 04:11 -------- d-----w c:\program files\UNICCodec
wolfj Posted May 1, 2009 Posted May 1, 2009 well again your welcome and you will be glad to know that dr web works it detected the .sys file deleted it rebooted my computer no more redirects and both my cd burner and my dvd reader are detected the error is gone
LIGHTNING UK! Posted May 1, 2009 Posted May 1, 2009 For anyone reading this thread, the free 'Dr. Web' program is called 'CureIt!' and it can be downloaded from here - http://www.freedrweb.com/
wolfj Posted May 1, 2009 Posted May 1, 2009 (edited) running mbam now so far so good no objects found thanks all for the help i now have a place to go to for info if i have any more problems mbam found an additional 10 items all cleared now again thanks for all the help Edited May 1, 2009 by wolfj
blutach Posted May 2, 2009 Posted May 2, 2009 Don't forget to do a full run, even though a quick scan should find that shit. Regards
Hrvoje19 Posted May 5, 2009 Posted May 5, 2009 (edited) I had a problem where my burning software just couldn't recognize my 2 dvd burners. So I was going nuts over last couple of weeks until I found you. RootRepeal crashes, no use. I tried GMER in safe mode and I managed to DISABLE service/shitware that was bothering me - hidden sys extension. (deleting didn't work out). Everything is normal now. So, big thanks ----------------------------------------------- here is the log GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-05 18:35:38 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 82E68690 ZwEnumerateKey Code 82FAC730 ZwFlushInstructionCache Code 823CB2FE IofCallDriver Code 82DE9666 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs LF30XP.sys AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\ovfsthxdtpwgrft.sys (*** hidden *** ) [sYSTEM] ovfsthxqfulvbwp <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Edited May 5, 2009 by Hrvoje19
chewy Posted May 5, 2009 Posted May 5, 2009 Disabling or unloading the service may allow another program to kill the sob that loads it at bootup and all the associated files it's been hiding that take over your computer. There are no quick cures or simple fixes with battling a serious infection except format C If rootrepeal crashes I would suspect a witches brew of drive emulation like daemon tools light and/or alcohol and/or a hosed system bus. Of course in your case it may just have been Eset
Hrvoje19 Posted May 6, 2009 Posted May 6, 2009 (edited) Well, I do have daemon tools installed. You think uninstalling them would help? Edited May 6, 2009 by Hrvoje19
LIGHTNING UK! Posted May 6, 2009 Posted May 6, 2009 If you've already removed the problem/virus/malware... no.
blutach Posted May 6, 2009 Posted May 6, 2009 Despite its unpopularity, I have DT Lite 4.30.3 installed and operate without difficulty. Regards
chewy Posted May 11, 2009 Posted May 11, 2009 Having DT lite installed and not having any problems would seem irrelevant to someone trying to remove a dangerous back door trojan rootkit. We often see disabling or uninstalling certain legitimate programs as a requirement for cleaning an infection, a simlar analogy would be disabling all filter drivers in an attempt to cleaning the system bus and enabling Imgburn to function.
s0d182 Posted June 13, 2009 Posted June 13, 2009 For anyone reading this thread, the free 'Dr. Web' program is called 'CureIt!' and it can be downloaded from here - http://www.freedrweb.com/ hey im new to the burning scene and have had this messege come up after burning counltes programes games and movies and aparintly i have something wrong with my pc so imgburn wont detect my drivers so hopefully one i remove the bad stuff it will work again thanks alot for this thread and thanks alot for img burn great program
eSkRo Posted June 13, 2009 Posted June 13, 2009 For anyone reading this thread, the free 'Dr. Web' program is called 'CureIt!' and it can be downloaded from here - http://www.freedrweb.com/ hey im new to the burning scene and have had this messege come up after burning counltes programes games and movies and aparintly i have something wrong with my pc so imgburn wont detect my drivers so hopefully one i remove the bad stuff it will work again thanks alot for this thread and thanks alot for img burn great program Keep us updated!!!
Recommended Posts