Adam007 Posted April 30, 2005 Share Posted April 30, 2005 Recently I got the Trojan.Vundo.B virus which infected C:/Windows/cursors/infodb.dll. It spread to 5 other files, which Norton was able to quarantine. That one though, Norton can't delete or do anything with (access denied). I tried system restore, which didn't work. It had it's own process for a little bit which slowed the computer. I killed that, but now it's slow again, and Norton is taking like 10-20% of my cpu, and at a huge 220k memory usage. Even worse is that my PF Usage is at a whopping 1.30 GB. The CPU usage seems fine, but I had like really nothing running except firefox and the usual norton yesterday, and windows had to create more virtual memory for me. Seems what I have to do is get rid of the virus, but I have no clue how to, since I couldn't delete it in safe mode, and Norton isn't able to do anything. Help would be VERY MUCH appreciated. :) (Let me know if you need any other info, such as a hijackthis) Link to comment Share on other sites More sharing options...
Hannibal Posted April 30, 2005 Share Posted April 30, 2005 I think you're best off posting a hijackthislog here, AND deleting that file. Google seems to never have heard of it, and the cursors directory shouldn't contain dll files anyway. Link to comment Share on other sites More sharing options...
Adam007 Posted April 30, 2005 Author Share Posted April 30, 2005 I've tried a lot of ways to delete the file, it won't let me (access denied). I'll post a hijackthis log eventually if nobody else knows what I should do. Link to comment Share on other sites More sharing options...
zonda Posted April 30, 2005 Share Posted April 30, 2005 Can you actually manually find the file? Is it hidden? It it protected? ... Link to comment Share on other sites More sharing options...
Adam007 Posted April 30, 2005 Author Share Posted April 30, 2005 It didn't show up in the actual cursors file, but when I searched for the file name inside the cursor file it did. I tried deleting it in safe mode even, but the usual "this is used by another program, so you can't delete it" message came up. And Norton gives me an access denied message. My computer is running extremely slow, so I'd like to get this fixed soon. :? Link to comment Share on other sites More sharing options...
Adam007 Posted April 30, 2005 Author Share Posted April 30, 2005 Here's my log: Logfile of HijackThis v1.99.1 Scan saved at 1:36:15 PM, on 4/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] C:\WINDOWS\system32\drivers\KodakCCS[Caution: ExecutableFile] C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] C:\WINDOWS\System32\ScsiAccess[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] C:\WINDOWS\Explorer[Caution: ExecutableFile] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09[Caution: ExecutableFile] C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile] C:\WINDOWS\System32\hphmon05[Caution: ExecutableFile] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile] C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile] C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile] C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile] C:\Program Files\SpywareGuard\sgbhp[Caution: ExecutableFile] C:\WINDOWS\system32\taskmgr[Caution: ExecutableFile] C:\WINDOWS\system32\notepad[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971[Caution: ExecutableFile] C:\Program Files\Microsoft Office\Office\WINWORD[Caution: ExecutableFile] C:\WINDOWS\msagent\AgentSvr[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\Spybot - Search & Destroy\SpybotSD[Caution: ExecutableFile] C:\DOCUME~1\LIEBER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lieberman\Application Data\Mozilla\Profiles\default\iihmt62h.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Cursors\infodb.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile] O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy[Caution: ExecutableFile]" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09[Caution: ExecutableFile] O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05[Caution: ExecutableFile] O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile]" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05[Caution: ExecutableFile] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2[Caution: ExecutableFile]" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background O4 - Startup: PowerReg SchedulerV2[Caution: ExecutableFile] O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: ExecutableFile] O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile] O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile] O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: ExecutableFile] O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O20 - Winlogon Notify: admp3 - C:\WINDOWS\ O20 - Winlogon Notify: faxacc - C:\WINDOWS\ O20 - Winlogon Notify: infodb - C:\WINDOWS\Cursors\infodb.dll O20 - Winlogon Notify: wavekb - C:\WINDOWS\Fonts\wavekb.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile] O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile] O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS[Caution: ExecutableFile] O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile] O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile] O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: ExecutableFile] O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile] O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess[Caution: ExecutableFile] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile] O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Cursors\infodb.dll is the problem but it won't remove. O20 - Winlogon Notify: admp3 - C:\WINDOWS\ O20 - Winlogon Notify: faxacc - C:\WINDOWS\ O20 - Winlogon Notify: infodb - C:\WINDOWS\Cursors\infodb.dll O20 - Winlogon Notify: wavekb - C:\WINDOWS\Fonts\wavekb.dll (file missing) Those don't look good either. Wavekb.dll was once infected with the virus, but I was able to delete that one after renaming it to a .txt file, opening it, and erasing all the f483lksdf type text. Not sure if that did anything, but I was able to kind of delete it. And again, there's the infodb.dll which is the main problem right now. Those couldn't be removed/fixed either. And also Norton isn't at 200k memory usage anymore, and is now at around 4k with 5-10 cpu. Link to comment Share on other sites More sharing options...
Adam007 Posted May 1, 2005 Author Share Posted May 1, 2005 NAVAPSVC[Caution: ExecutableFile] is now at 300k (back up again) and the Page File usage is still climbing, now at 1.64 GB. I could really use some help, this computer is getting really slow. :? -(edit)- Ended NAVAPSVC[Caution: ExecutableFile]'s process, restarted norton, now it's back to 576k and the computer's going fine right now with PF usage of 638MB. Just hoping things stay ok for now, even though I have this virus. Link to comment Share on other sites More sharing options...
Mercifull Posted May 1, 2005 Share Posted May 1, 2005 http://www.pcreview.co.uk/forums/showth ... post244261 Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now