Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIRUS DISABLES NORTON AUTO PROTECT [resolved]

Started by biddzy , Mar 15 2005 03:49 AM

  • This topic is locked This topic is locked

#1
biddzy
Posted 15 March 2005 - 03:49 AM

biddzy

    New Member

  • Member
  • Pip
  • 6 posts
Well, you should know about this by now...

Somehow a virus or something has infiltrated my computer and turned off auto protect on my Norton Anti-Virus software.

No matter what I do I cannot enable it. I do not think I have any installation software available and so uninstalling and then reinstalling seems unlikely.

I have done almost every virus/trojan check under the sun, and after cleaning as much as I can, I have found there are still a number of things that i just cannot get rid of. No matter what software I use, after deleting, they just come back. Most of the AV software don't even pick them up.

I will post a hijack this log soon, but in the meantime, how can I sort out Norton? I know alot of people have this problem at the moment, and so ever time i go online to try and scan or check something, I run the risk of getting an even worse virus.

As it currently stands every time I go online after 20 mins, my computer usually crashes...

so please, HELP ME.

Any ideas?
  • 0

Advertisements

#2
biddzy
Posted 17 March 2005 - 11:37 AM

biddzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is my Hijack log.

Please help, my computer is totally screwed.


Logfile of HijackThis v1.99.1
Scan saved at 22:53:27, on 15/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\temp\mni0I.exe
C:\WINDOWS\shch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\winmes.exe
C:\WINDOWS\System32\ixplorer.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\system32\EcrJU.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\ZsgfezG.exe
C:\WINDOWS\System32\Scmn32Cc.exe
C:\WINDOWS\System32\run.exe

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [5H9C74A5KD6WFR] C:\WINDOWS\System32\LrxH5g.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [Windows Services] Spool32x.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [Windows Services] Spool32x.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [Windows Services] Spool32x.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#3
biddzy
Posted 18 March 2005 - 03:40 AM

biddzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Guys, here is my Hijackthis logfile. Please help me, as my computer is in a very bad way...


Logfile of HijackThis v1.99.1
Scan saved at 22:53:27, on 15/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\temp\mni0I.exe
C:\WINDOWS\shch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\winmes.exe
C:\WINDOWS\System32\ixplorer.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\system32\EcrJU.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\System32\ZsgfezG.exe
C:\WINDOWS\System32\Scmn32Cc.exe
C:\WINDOWS\System32\run.exe

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [5H9C74A5KD6WFR] C:\WINDOWS\System32\LrxH5g.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [Windows Services] Spool32x.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [Windows Services] Spool32x.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [Windows Services] Spool32x.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Michelle
Posted 23 March 2005 - 02:32 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!
First, did you download the Microsft Anti-Spyware beta program? (I need to know this so I can help you fix Norton).

Next, we need to remove the pepper trojan from your system. Download this file, run, and let terminate (it'll just blink briefly on your screen and won't appeared to have done much--this is normal):
http://www.geekstogo...=download&id=18

Post a new HiJackThis log.

Michelle :tazz:
  • 0

#5
Michelle
Posted 23 March 2005 - 03:15 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Nevermind about the Microsoft Anti-Spyware program. I see it's just a worm in disguise.

After running the Pepper Trojan removal in my previous post. Please run a trojan scan from here:

http://www.moosoft.com/

Then download Stinger from here:
http://vil.nai.com/v...ols.asp#stinger (Version 2.5.3)

Once you have downloaded this:

Enable show hidden files/folders.
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Reboot into Safe Mode and scan with Stinger.
Remove any entries it finds.
Then run your Norton Anti-Virus as well.

Reboot in normal mode.

Post a new HiJackThis log.
  • 0

#6
biddzy
Posted 24 March 2005 - 04:22 AM

biddzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, thanks for getting back to me.

I have used peperfix, I have done the check with stinger (and others) making all hidden files, visible.

It gets rid of more trojans, but the main problem remains. I cannot spend longer than 10 mins on the internet due to it totally crashing, and so all the other online checkers are unavailable to me. This is now proving more of a problem as I am literally fighting to keep my anti-virus systems up to date.

Norton is still diabled.

New log is as follows:




Logfile of HijackThis v1.99.1
Scan saved at 01:38:21, on 24/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuytc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\gcasServ.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\50cent.exe
C:\WINDOWS\System32\run.exe
C:\WINDOWS\System32\keyboard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\winmes.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\ixplorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\System32\wuytc.exe
C:\windows\system32\EcrJU.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\EcrJU.exe
C:\WINDOWS\System32\svchost323.exe
C:\PROGRA~1\Wipe.com\Wipe9\update.exe
C:\PROGRA~1\Wipe.com\Wipe9\trayagent.exe
C:\Program Files\Password Shield\pwshield.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\lxbkjswx.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [mni0I] C:\windows\temp\mni0I.exe
O4 - HKLM\..\Run: [Microsofts MediaScope] winmep.exe
O4 - HKLM\..\Run: [9Pw81ek8] C:\windows\system32\9Pw81ek8.exe
O4 - HKLM\..\Run: [NTFSS MICROSOFT SYSTEM] filees.exe
O4 - HKLM\..\Run: [ccApp] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Media Player] 50cent.exe
O4 - HKLM\..\Run: [runs] run.exe
O4 - HKLM\..\Run: [wFEk3qT] ahuories.exe
O4 - HKLM\..\Run: [vehsvwt] C:\WINDOWS\vehsvwt.exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\Run: [pjYsiZoTj] C:\windows\system32\pjYsiZoTj.exe
O4 - HKLM\..\Run: [EcrJU.exe] c:\windows\system32\EcrJU.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [AvG] svchost323.exe
O4 - HKLM\..\RunServices: [Windows Media Player] 50cent.exe
O4 - HKLM\..\RunServices: [runs] run.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wuytc.exe
O4 - HKLM\..\RunServices: [AvG] svchost323.exe
O4 - HKCU\..\Run: [Windows Media Player] 50cent.exe
O4 - HKCU\..\Run: [runs] run.exe
O4 - HKCU\..\Run: [*Microsoft Update] wuytc.exe
O4 - HKCU\..\Run: [Wipe.com Update] C:\PROGRA~1\Wipe.com\Wipe9\update.exe startup_check
O4 - HKCU\..\Run: [Wipe.com Tray Agent] C:\PROGRA~1\Wipe.com\Wipe9\trayagent.exe startup
O4 - HKCU\..\Run: [pwshield.exe] C:\Program Files\Password Shield\pwshield.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AvG] svchost323.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wuytc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\Prevx Home\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
CDHM
Posted 01 April 2005 - 05:09 AM

CDHM

    New Member

  • Member
  • Pip
  • 1 posts
I had been searching the internet for ways to fix my Norton Antivirus, which would not autostart. On March 17, somehow this elite toolbar began showing up and my Norton did not detect it. I tried numerous online scans and discovered numerous other trojan infestations in my system. How did these all get past Norton????
Well, back to the problem, in my case, I

1.)Went to my Control Panel (I am running Windows XP Professional)
2.)Open up administrative tools
3.)Open up services
4.)Scroll down until you see Norton Antivirus Autoprotect
5.)Click on automatic

Mine had somehow been changed to manual. This solved my problem. Let me know if it works for you.

CDHM

I used AVG, AntiVir, The Cleaner, Anti Elite Toolbar Program, etc...
  • 0

#8
biddzy
Posted 01 April 2005 - 08:46 AM

biddzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
no that doesnt work for me.

Whatever this is, it completely removes the option to have auto-protect on. I try to activate it and it just does not come on, just continues to be disabled.

I have tried everyway I can think of to turn it on and activate it, but I am sure it is a trojan that got through the backdoor.

Anyways i have had enough of it so I have simply wiped my hard drive. Desperate times call for desperate measures I am afraid.
  • 0

#9
Michelle
Posted 04 April 2005 - 08:50 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'm sorry to hear that you reformatted, but I'm sure it's running smoothly now (I would hope so!). I know how to fix auto-protect on Norton. Something removes a file from Startup that it needs for auto-protect. Just a simple registry edit is all it takes to put the file back into Startup. Having any problems?

Michelle
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP