Please help me with my trojan.w32.lookskyvirus

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Please help me with my trojan.w32.lookskyvirus

Options

Sulthol View Member Profile	Aug 12 2007, 09:04 PM Post #1
New Member Posts: 2 OS: windows xp	Hey guys, just wanna start by sayin the site looks great and I think it's awesome how you guys just go around helping all these people with their comp probs out of your own good will. REALLY nice of you lol Anyways I found this site through google and I saw a guy named Wacko321 with the same virus and Snowhite assisted him. Anyways I followed the process it started with which said dl smitfraudfix to the desktop.. double click it select option #1 .. press enter .. a text file will appear.. copy paste that file in my next reply... so here goes This post has been edited by Sulthol: Aug 12 2007, 09:08 PM

Sulthol View Member Profile	Aug 12 2007, 09:09 PM Post #2
New Member Posts: 2 OS: windows xp	SmitFraudFix v2.211 Scan done at 20:03:11.25, Sun 08/12/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\D-Link\RangeBooster G WNA-2330\acs.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\WINDOWS\system32\drivers\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\D-Link\RangeBooster G WNA-2330\AIRPLUS.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\duocore.dll FOUND ! C:\WINDOWS\privacy_danger FOUND ! C:\WINDOWS\wmpconf.dll FOUND ! C:\WINDOWS\wmpenv.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\drivers\svchost.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner C:\Documents and Settings\Owner\svchost.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND ! C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND ! C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Media-Codec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm" "SubscribedURL"="" "FriendlyName"="Privacy Protection" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 85.255.116.131 DNS Server Search Order: 85.255.112.89 Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 85.255.116.131 DNS Server Search Order: 85.255.112.89 Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: D-Link WNA-2330 Notebook Adapter - Packet Scheduler Miniport DNS Server Search Order: 85.255.116.131 DNS Server Search Order: 85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CCS\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B492F976-FF50-4C48-8E53-18D235A5BB7F}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CS1\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B492F976-FF50-4C48-8E53-18D235A5BB7F}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CS2\Services\Tcpip\..\{76545201-2BF5-47C0-A6D6-E2D8D8420F18}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{8DE51ED9-9321-41C2-83FB-D1F9137133FF}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B371AF00-617C-4ECC-81DC-8DD61DB8786C}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B492F976-FF50-4C48-8E53-18D235A5BB7F}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4E9CB09-B122-4BA0-B93A-B2AE9E13D912}: NameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.116.131,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.89 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.13.32.5 64.13.48.12 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.89 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

« Next Oldest · Malware Removal - HijackThis™ Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Malware Removal - HijackThis™ Logs Go Here PLEASE HELP ME WITH DOWNLOADER.Z TROJAN!	4 / 274	12th April 2008 - 10:26 PM mayple started - last by kahdah
System Building and Upgrading Please help me with my new build 12	21 / 884	15th May 2008 - 11:36 AM ziggy16 started - last by reubenb
Malware Removal - HijackThis™ Logs Go Here Please help me with my HijackThis log [CLOSED]	4 / 276	13th June 2008 - 04:43 PM jfox99 started - last by Rorschach112
Malware Removal - HijackThis™ Logs Go Here Please Help me with my computer freezing. :D	1 / 137	28th July 2008 - 10:28 AM GTAmute started - last by didom