Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

famous winantiviruspro...


  • Please log in to reply

#1
joejanos86

joejanos86

    New Member

  • Member
  • Pip
  • 2 posts
This is my first visit here, hope I can get help...
I have got a few days ago this famous winantivirpro and cannot get rid of it. I have already read a few topics here so I could more or less clean the system but I can not get rid of the last bit.
I have already used Vondofix.exe and could remove most of the bad dlls but there are 2 files I cannot delete.
I have already tried vondofix (disconnected from the network) and also tried killbox.exe (disconnected from the network delete at reboot)

This is my vondofix log:

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\gebbx.dll
C:\windows\system32\gebbx.dll Could not be deleted.

Attempting to delete C:\windows\system32\xbbeg.ini
C:\windows\system32\xbbeg.ini Has been deleted!

Attempting to delete C:\windows\system32\xbbeg.bak1
C:\windows\system32\xbbeg.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.1

Checking Java version...

Java version is 1.5.0.6

Scan started at 19:16:20 11.07.2006

Listing files found while scanning....

C:\windows\system32\gebbx.dll
C:\windows\system32\xbbeg.ini

VundoFix V5.1.1

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:30:02 PM 7/11/2006

Listing files found while scanning....

C:\windows\system32\gebbx.dll
C:\windows\system32\xbbeg.ini

VundoFix V5.1.1

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:36:03 PM 7/11/2006

Listing files found while scanning....

C:\windows\system32\gebbx.dll
C:\windows\system32\xbbeg.ini

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\gebbx.dll
C:\windows\system32\gebbx.dll Could not be deleted.

Attempting to delete C:\windows\system32\xbbeg.ini
C:\windows\system32\xbbeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V5.1.1

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 7:54:19 PM 7/11/2006

Listing files found while scanning....

C:\windows\system32\gebbx.dll
C:\windows\system32\xbbeg.ini
C:\windows\system32\xbbeg.bak1


and This is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 20:07:09, on 11.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Steganos AntiSpyware 2006\saspy2006.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Steganos AntiSpyware 2006\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\janos\Desktop\HjT.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2779A23A-3C8D-4BFC-BF37-1808724BB2E7} - C:\WINDOWS\system32\gebbx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Antispyware 2006] "C:\Program Files\Steganos AntiSpyware 2006\saspy2006.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O20 - Winlogon Notify: gebbx - C:\WINDOWS\system32\gebbx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Steganos AntiSpyware 2006\WRSSSDK.exe
  • 0

Advertisements


#2
joejanos86

joejanos86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I could resolve the problem myself! :woot: :help:

I tried to remove the files in Safe Mode with VundoFix.exe, but it did not work... :)
I digged into to the forums and saw somewhere that the Java engine should be updated. I removed the old one and installed the newst one. I ran VundoFix.exe in safe mode again, and suprise, my problem was resolved!!! :whistling:


I love this website, it helped me a lot! the ones who created this winantivirpro stuff shuld go to jail and must not get internet access any more!!! :blink:

Thanks again!

Edited by joejanos86, 13 July 2006 - 11:03 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP