Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

persistant virus alert pop up - pls help

Started by akyra , Mar 26 2006 05:59 PM

  • Please log in to reply

#1
akyra
Posted 26 March 2006 - 05:59 PM

akyra

    New Member

  • Member
  • Pip
  • 9 posts
Hi

I am seriously hoping that you can help us, my husbands pc got this pop up window 2 days ago saying that he had infections and trying to steer us to purchase their software

we ran AVG, A2 both found nothing

we then ran spybot search and destroy, which said that it found a few things and dealt with them but still it did not rid us of it

we have since ran Ewido and adaware se, still to no avail

we have followed instructions re: performing the scans in safe mode, they all say that they have found stuff and that they have removed it but none of it is this spyware quake that we are plagued with

one of the programs we were recommended to try was smitrem, we did and are now not sure this was good as other programs see it as potential risk??

on every boot up we get a windows installer box, if we click cancel then the spywarequake 2.0 program does not install itself but we still get the pop up window saying we are infected.

windows defender has detected this program trying to change autostart/runkeys and has said it has blocked it but still we are plagued.

have ran an activescan and its report is as follows


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a8llly4.default\Cache\3EFBEAA3d01[Process.exe]


and the hijack this report is as follows


Logfile of HijackThis v1.99.1
Scan saved at 00:44:30, on 27/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\ewido anti-malware\ewidoguard.exe
F:\WINDOWS\System32\snmp.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\WINDOWS\System32\ctfmon.exe
F:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\DOCUME~1\KYMCKE~1\LOCALS~1\Temp\Rar$EX01.438\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] F:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe



am really hoping one of you in the know guys can help, otherwise the only solution we can see is to wipe the hard drive and reinstall which would mean he will lose a lot of stuff that although not the end of the world to lose as nothing really is, we would rather not lose it.

Many thanks in advance

Cheyenne and Akyra
  • 0

Advertisements

#2
wannabe1
Posted 26 March 2006 - 06:24 PM

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hello akyra...

No need to "Wipe the Drive". You are infected with malware and the cure you are being directed to is as bad or worse than the infection...leave it alone. The experts in our malware forum can help you get the infection off the machine.

Please go to the Malware Forum and follow the instructions at the top....Especially the Start Here.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- post a hijackthis log in THAT forum. Do Not reply to or "bump" your own topic...if it shows a reply, it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

wannabe1
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP