Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32 again

Started by blexbone , Mar 06 2006 01:32 AM

  • Please log in to reply

#1
blexbone
Posted 06 March 2006 - 01:32 AM

blexbone

    New Member

  • Member
  • Pip
  • 6 posts
helllfffffff. i've got infecte again

Logfile of HijackThis v1.99.1
Scan saved at 2:24:12 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\SiSAudUt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
D:\PROGRAMS\firefox.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
D:\installer\anit virus software\HijackThis.exe

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiS7012Utility] C:\WINDOWS\system32\SiSAudUt.exe -wdm
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HomeLog] C:\Program Files\HomeLog\HomeLog.exe /T
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe After Effects PRO v6.5 Crack] D:\downloads\Adobe After Effects PRO v6.5 Crack.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [WPSched3] "D:\Program Files\WebPosition 3\Wpsched3.exe" MINIMIZE
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChikkaIM] C:\PROGRA~1\Chikka\Chikka.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:47:58 PM, 3/6/2006
+ Report-Checksum: 1C6B3DE6

+ Scan result:

:mozilla.19:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Ignored
:mozilla.23:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Ignored
:mozilla.24:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.25:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.26:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Hitbox : Ignored
:mozilla.34:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.45:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.46:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Onestat : Ignored
:mozilla.59:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.60:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.61:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.62:C:\Documents and Settings\Office Users\Application Data\Mozilla\Firefox\Profiles\j8cdqx0z.Default User\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.87:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.88:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.348:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Clickbank : Ignored
:mozilla.349:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Clickbank : Ignored
:mozilla.571:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.572:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.573:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.574:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.584:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.587:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
:mozilla.588:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1amkscbh.default\cookies.txt -> TrackingCookie.Web-stat : Ignored
D:\System Volume Information\_restore{302B57BC-9955-4640-8849-A4E21F2FD2F8}\RP260\A0140361.exe -> Worm.VB.an : Ignored


::Report End
  • 0

Advertisements

#2
stonangel
Posted 06 March 2006 - 01:52 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Welcome to GeeksToGo, blexbone.

I'm currently working on your log and post back a fix shortly.
  • 0

#3
stonangel
Posted 06 March 2006 - 03:13 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi blexbone,

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

1. Please download ATF Cleaner by Atribune.

2. Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

3. Delete the cookies (Mozilla Firefox):
  • Click on Tools, then Options
  • Select the Privacy icon in the left-hand panel
  • Click on Cookies
  • Click on View Cookies
  • To remove a single cookie click on the entry in the list and click on the Remove Cookie button
  • To remove all cookies click on the Remove All Cookies button
4. Launch Notepad and copy paste the following text in bold:

---------------------------------------
REGEDIT4

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Shellapi32" =-

---------------------------------------

Save it to your desktop as fix.reg and as Type "All files". You'll see an ice cube icon.

Double click on fix.reg and allow when prompted to merge with the registry.

5. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [Adobe After Effects PRO v6.5 Crack] D:\downloads\Adobe After Effects PRO v6.5 Crack.exe

O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Now close all windows other than HiJackThis, then click Fix Checked.

* Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

* Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

winupdates
Spyware Cleaner< its a rogue, dubious repute program

Please note any other programs that you dont recognize in that list in your next response

* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\winupdates

C:\Program Files\Spyware Cleaner

* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

D:\downloads\Adobe After Effects PRO v6.5 Crack.exe

* Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Re-open ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

6. After that, Reboot in normal mode.

* Please go here to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
7. Post the contents of the ActiveScan report, the ewido one with a new HijackThis log, please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP