Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple malware/grayware 400+ infections!

Started by Kia , Sep 07 2006 09:56 PM

  • Please log in to reply

#1
Kia
Posted 07 September 2006 - 09:56 PM

Kia

    New Member

  • Member
  • Pip
  • 1 posts
Hi! I recently scanned my computer using TREND MICRO House call 6.5 to see if I had any viruses/malware/grayware/etc..... It ended up saying that i have:

Infection ................................................................... # of Infections
ADWARE_INET ................................................................. 1

ADWARE_INET ................................................................ 1

TSPY_SMALL ..................................................................5

TSPY_DUMADOR .............................................................. 5

ADAWARE_MEMWATCHER ................................................399

TSPY_MOSUCKER .......................................................... ...2

Every infection is listed as: F:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1

I attempted to remove them with TREND MICRO House Call 6.5 but all it does is deleting grayware and malware and seems to freeze up and never finish deleting the infections.
I ran a virus scan of my computer with 3-4 differant programs: escan, panda titanium something, etc... none of the other programs even picked up these infections. So, i ran HijackThis hoping to find what may be causing all of this. I found out that i had melis.exe (niklas K virus) also (it had not been detected by any other program). Im pretty sure I removed melis.exe from my computer. I re-ran TREND MICRO House Call 6.5 hoping that somehow removing melis.exe would fix the other problems; of course I was wrong :whistling: .

Here is the latest HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:52:38 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\eScan\TRAYSSER.EXE
F:\PROGRA~1\eScan\avpm.exe
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\PROGRA~1\eScan\AVPMWrap.EXE
F:\WINDOWS\System32\wbem\unsecapp.exe
F:\PROGRA~1\eScan\MAILDISP.EXE
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\PROGRA~1\eScan\MAILSCAN.EXE
F:\PROGRA~1\ESCAN\SPOOLER.EXE
F:\PROGRA~1\eScan\kavss.exe
F:\PROGRA~1\eScan\AvpM.exe
F:\WINDOWS\system32\wscntfy.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Documents and Settings\Sput\Desktop\Programs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "F:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] F:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] F:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145686097953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B1B2CE-0E39-43FA-82BF-23768F6201A6}: NameServer = 68.87.76.178,68.87.66.196
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - F:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - F:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE


If you have any idea about how to get rid of these annoying infections id really apreciate it!

Edited by Kia, 07 September 2006 - 09:58 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP