Stupid msn virus..? Please help me, I'm desperate..

[JordanGM]

My friend got the stupid ratethispage msn virus, and sent it to me, and I clicked the link and now have it, I know, I'm an idiot.. I virus scanned my computer with Mcafee and spybot S&D, but its still here. I tried to log onto msn but it just sends the link to other people so I've been using IloveIM, can someone please help me get back on msn and get rid of this mother[bleep]ing [wagon][bleep]ing [bleep]munching virus?

 

 

 

 

 

 

 

(excuse my language)

 

 

 

Thank you.

[Chris]

Dont swear then say excuse my language. Just don't swear.

 

 

 

As for your problem, best bet would be to run hijackthis and get one of the 'experts' here to help you. A lot of them do know what they're talking about so listen and listen well. I could do it, but I'm afraid I hate reading through the logs. -.-

[the_god_of_soup]

Yes, download Hijackthis! and post your log here. Also, for downloads, here are the best programs, and they are what I use(they DO cooperate together):

 

SUPERAntiSpyware

 

Ad-Aware

 

Snoopfree

 

Avast!

 

AVG(if it's free, it came with my computer)

 

 

 

Download all of those, should be the first non-yellow results on Google, scan, reboot(it tells you to). Then, when the computer is booting up, hold F8 to go into safe mode. Scan with the programs again, and reboot when it tells you to. Then send us your Hijackthis! log.

 

 

 

I know it is a lot of work, I just got rid of a keylogger, and probably scanned for 4 hours =\.

[r2d2]

heh, open msn and run hijackthis. I'll be happy to go through it for you...

[JordanGM]

Alright, I'll download hijackthis and post the log.

[JordanGM]

Alright, here it is.

 

 

 

[hide]Logfile of HijackThis v1.99.1

 

Scan saved at 12:32:43 PM, on 31/08/2007

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\Program Files\Java\jre1.6.0_02\bin\jusched[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\HP\HP Software Update\HPWuSchd[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier[Caution: Executable File]

 

C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]

 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File]

 

C:\Program Files\Netscape Internet Service\Netscape High Speed Internet\app\TangoService[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\PROGRA~1\NETSCA~2\NETSCA~1\app\TangoManager[Caution: Executable File]

 

C:\Program Files\MSN Messenger\usnsvc[Caution: Executable File]

 

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32[Caution: Executable File]

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy[Caution: Executable File]

 

C:\Program Files\Windows Live Toolbar\msn_sl[Caution: Executable File]

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

 

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD[Caution: Executable File]

 

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

 

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd[Caution: Executable File]"

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [systemRestoreStatus] rundll32[Caution: Executable File] "C:\WINDOWS\system32\heapyxwo.dll",sitypnow

 

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier[Caution: Executable File]

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background

 

O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray[Caution: Executable File]

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing)

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag[Caution: Executable File] (file missing)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O11 - Options group: [iNTERNATIONAL] International*

 

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab

 

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5335547015

 

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

 

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab

 

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{D8A12905-E013-475F-A557-4E98080F80EF}: NameServer = 205.188.146.145

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File]

 

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

 

O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Netscape Internet Service\Netscape High Speed Internet\app\TangoService[Caution: Executable File][/hide]

[r2d2]

I didn't see anything out of the ordinary, though there were a lot of msn's, one for the toolbar, one for the messenger, another for the messenger,

 

and there was another messenger. Only thing I found somewhat odd, though it probably is fine.

 

try clearing internet data, like cookies and whatnot (clear personal data from internet options in tools)

 

that might clear it, though I'm not sure...

[JordanGM]

Okay its gone, thanks for the help man.