Futurama Posted October 1, 2006 Share Posted October 1, 2006 msn virus... friend clicked the link. arrgh. cheers in advance :) Logfile of HijackThis v1.99.1 Scan saved at 07:57:39, on 01/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: E:\WINDOWS\System32\smss[Caution: Executable File] E:\WINDOWS\system32\winlogon[Caution: Executable File] E:\WINDOWS\system32\services[Caution: Executable File] E:\WINDOWS\system32\lsass[Caution: Executable File] E:\WINDOWS\system32\svchost[Caution: Executable File] E:\WINDOWS\System32\svchost[Caution: Executable File] E:\WINDOWS\system32\spoolsv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File] E:\WINDOWS\IE9DVUs\command[Caution: Executable File] E:\WINDOWS\System32\CTsvcCDA[Caution: Executable File] E:\WINDOWS\System32\gearsec[Caution: Executable File] E:\WINDOWS\System32\svchost[Caution: Executable File] E:\WINDOWS\System32\MsPMSPSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File] E:\WINDOWS\Explorer[Caution: Executable File] E:\WINDOWS\system32\CTHELPER[Caution: Executable File] E:\WINDOWS\system32\rundll32[Caution: Executable File] E:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File] E:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File] E:\Program Files\QuickTime\qttask[Caution: Executable File] E:\PROGRA~1\PRINTV~1\pvmodule[Caution: Executable File] E:\Program Files\Winamp\winampa[Caution: Executable File] E:\Documents and Settings\OCUK\Yinstall[Caution: Executable File] E:\WINDOWS\system32\ctfmon[Caution: Executable File] E:\WINDOWS\system32\crunner\cproc[Caution: Executable File] E:\Program Files\Winamp\winamp[Caution: Executable File] E:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File] E:\Program Files\Messenger\msmsgs[Caution: Executable File] E:\WINDOWS\system32\svchost[Caution: Executable File] E:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File] E:\Program Files\MSN Messenger\msgs[Caution: Executable File] E:\Documents and Settings\OCUK\Desktop\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgmlzlavcxrhjiiqjnkovah.com/ ... LgfFyo.asp R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - E:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [updReg] E:\WINDOWS\UpdReg[Caution: Executable File] O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: Executable File]" O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: Executable File] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking[Caution: Executable File] O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File] O4 - HKLM\..\Run: [siSUSBRG] E:\WINDOWS\SiSUSBrg[Caution: Executable File] O4 - HKLM\..\Run: [siS KHooker] E:\WINDOWS\system32\khooker[Caution: Executable File] O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [PVModule] E:\PROGRA~1\PRINTV~1\pvmodule[Caution: Executable File] O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa[Caution: Executable File] O4 - HKLM\..\Run: [explorer] E:\Documents and Settings\OCUK\Yinstall[Caution: Executable File] O4 - HKLM\..\Run: [newname] c:\\nwnmff_e19[Caution: Executable File] O4 - HKLM\..\Run: [defender] c:\\dfndrff_e19[Caution: Executable File] O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e19[Caution: Executable File] O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking[Caution: Executable File] O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] E:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [mapiball] E:\DOCUME~1\OCUK\APPLIC~1\IDOLHE~1\Eq Bolt Soft[Caution: Executable File] O4 - HKCU\..\Run: [cprocsvc] E:\WINDOWS\system32\crunner\cproc[Caution: Executable File] O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File] O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File] O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]" /service (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\IE9DVUs\command[Caution: Executable File] (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA[Caution: Executable File] O23 - Service: gearsec - GEAR Software - E:\WINDOWS\System32\gearsec[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: Executable File] Link to comment Share on other sites More sharing options...
Mercifull Posted October 1, 2006 Share Posted October 1, 2006 Ctrl+Alt+Del the following, shut them down E:\WINDOWS\IE9DVUs\command[Caution: Executable File] E:\Documents and Settings\OCUK\Yinstall[Caution: Executable File] E:\WINDOWS\system32\crunner\cproc[Caution: Executable File] E:\Program Files\MSN Messenger\msgs[Caution: Executable File] Fix the following R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgmlzlavcxrhjiiqjnk.....LgfFyo.asp R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) O4 - HKLM\..\Run: [explorer] E:\Documents and Settings\OCUK\Yinstall[Caution: Executable File] O4 - HKLM\..\Run: [newname] c:\\nwnmff_e19[Caution: Executable File] O4 - HKLM\..\Run: [defender] c:\\dfndrff_e19[Caution: Executable File] O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e19[Caution: Executable File] O4 - HKCU\..\Run: [mapiball] E:\DOCUME~1\OCUK\APPLIC~1\IDOLHE~1\Eq Bolt Soft[Caution: Executable File] O4 - HKCU\..\Run: [cprocsvc] E:\WINDOWS\system32\crunner\cproc[Caution: Executable File] O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\IE9DVUs\command[Caution: Executable File] (file missing) Try that, then restart. Post a fresh log. ty :D Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Futurama Posted October 1, 2006 Author Share Posted October 1, 2006 Cheers mate havn't had anything come up yet and startup seems to be faster! Here's an updated log. Logfile of HijackThis v1.99.1 Scan saved at 08:18:54, on 01/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: E:\WINDOWS\System32\smss[Caution: Executable File] E:\WINDOWS\system32\winlogon[Caution: Executable File] E:\WINDOWS\system32\services[Caution: Executable File] E:\WINDOWS\system32\lsass[Caution: Executable File] E:\WINDOWS\system32\svchost[Caution: Executable File] E:\WINDOWS\System32\svchost[Caution: Executable File] E:\WINDOWS\system32\spoolsv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File] E:\WINDOWS\System32\CTsvcCDA[Caution: Executable File] E:\WINDOWS\System32\gearsec[Caution: Executable File] E:\WINDOWS\System32\svchost[Caution: Executable File] E:\WINDOWS\System32\MsPMSPSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File] E:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File] E:\WINDOWS\system32\wuauclt[Caution: Executable File] E:\WINDOWS\Explorer[Caution: Executable File] E:\WINDOWS\system32\CTHELPER[Caution: Executable File] E:\WINDOWS\system32\rundll32[Caution: Executable File] E:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File] E:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File] E:\Program Files\QuickTime\qttask[Caution: Executable File] E:\PROGRA~1\PRINTV~1\pvmodule[Caution: Executable File] E:\Program Files\Winamp\winampa[Caution: Executable File] E:\WINDOWS\system32\ctfmon[Caution: Executable File] E:\Program Files\Opera\Opera[Caution: Executable File] E:\Program Files\Winamp\winamp[Caution: Executable File] E:\Documents and Settings\OCUK\Desktop\HijackThis[Caution: Executable File] R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - E:\PROGRA~1\PRINTV~1\PRINTH~1.DLL O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [updReg] E:\WINDOWS\UpdReg[Caution: Executable File] O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: Executable File]" O4 - HKLM\..\Run: [CTHelper] CTHELPER[Caution: Executable File] O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking[Caution: Executable File] O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File] O4 - HKLM\..\Run: [siSUSBRG] E:\WINDOWS\SiSUSBrg[Caution: Executable File] O4 - HKLM\..\Run: [siS KHooker] E:\WINDOWS\system32\khooker[Caution: Executable File] O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck[Caution: Executable File] O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [PVModule] E:\PROGRA~1\PRINTV~1\pvmodule[Caution: Executable File] O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa[Caution: Executable File] O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking[Caution: Executable File] O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] E:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File] O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File] O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA[Caution: Executable File] O23 - Service: gearsec - GEAR Software - E:\WINDOWS\System32\gearsec[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: Executable File] Link to comment Share on other sites More sharing options...
Mercifull Posted October 1, 2006 Share Posted October 1, 2006 Seems alright to me, now delete those nasty exe files but keep em in recycle bin for a few days just incase. ^_^ Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Futurama Posted October 1, 2006 Author Share Posted October 1, 2006 Looks like i'm gonna have to format my computer mate i can't wait around because i need this computer for just about everything... gonna stick everything on disks and get going! Link to comment Share on other sites More sharing options...
Mercifull Posted October 2, 2006 Share Posted October 2, 2006 :( Stupid MSN viruses. Watch what you click on, and add the url to your HOSTS list incase you accidently click again. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
T-Roach Posted October 2, 2006 Share Posted October 2, 2006 gsus i have the same thing :(( first i was gonna kill my friend for this but when i found out it wasnt by him on purpose (i think) woot! \ but still, trying to fix this with spybot and ad-aware :/ Doctor of Dental Surgery-2014Medical Doctor-2018?Oral and Maxillofacial Surgeon-2024? Link to comment Share on other sites More sharing options...
coltm4carbine Posted October 2, 2006 Share Posted October 2, 2006 Ad-aware and spybot might not work. Try Ewido. ALthough it's a free trial it removes most of the virus. First download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program [*:ea1ly24x]Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. [*:ea1ly24x]Once the setup is complete you will need run ewido and update the definition files. [*:ea1ly24x]On the main screen select the icon "Update" then select the "Update now" link. [*:ea1ly24x]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*:ea1ly24x]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*:ea1ly24x]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*:ea1ly24x] Do a full system scan with it Link to comment Share on other sites More sharing options...
Mercifull Posted October 3, 2006 Share Posted October 3, 2006 afaik, Rob already scanned with anti-virus, spybot S&D and ad-aware. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Futurama Posted October 3, 2006 Author Share Posted October 3, 2006 yeah my anti virus catches everything that comes through and wont bugger off til it's gone...lol and yea i used S&D and AdAware anyway to no avail. i'm just gonna reformat anyway now :) thanks tho Link to comment Share on other sites More sharing options...
Stephen9o3 Posted October 3, 2006 Share Posted October 3, 2006 http://looce.dyndns.org/trojan-advisory.php Combat FTL Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now