Infection ................................................................... # of Infections
ADWARE_INET ................................................................. 1
ADWARE_INET ................................................................ 1
TSPY_SMALL ..................................................................5
TSPY_DUMADOR .............................................................. 5
ADAWARE_MEMWATCHER ................................................399
TSPY_MOSUCKER .......................................................... ...2
Every infection is listed as: F:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1
I attempted to remove them with TREND MICRO House Call 6.5 but all it does is deleting grayware and malware and seems to freeze up and never finish deleting the infections.
I ran a virus scan of my computer with 3-4 differant programs: escan, panda titanium something, etc... none of the other programs even picked up these infections. So, i ran HijackThis hoping to find what may be causing all of this. I found out that i had melis.exe (niklas K virus) also (it had not been detected by any other program). Im pretty sure I removed melis.exe from my computer. I re-ran TREND MICRO House Call 6.5 hoping that somehow removing melis.exe would fix the other problems; of course I was wrong .
Here is the latest HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 8:52:38 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\eScan\TRAYSSER.EXE
F:\PROGRA~1\eScan\avpm.exe
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\PROGRA~1\eScan\AVPMWrap.EXE
F:\WINDOWS\System32\wbem\unsecapp.exe
F:\PROGRA~1\eScan\MAILDISP.EXE
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\PROGRA~1\eScan\MAILSCAN.EXE
F:\PROGRA~1\ESCAN\SPOOLER.EXE
F:\PROGRA~1\eScan\kavss.exe
F:\PROGRA~1\eScan\AvpM.exe
F:\WINDOWS\system32\wscntfy.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Documents and Settings\Sput\Desktop\Programs\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "F:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] F:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] F:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145686097953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B1B2CE-0E39-43FA-82BF-23768F6201A6}: NameServer = 68.87.76.178,68.87.66.196
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - F:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - F:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
If you have any idea about how to get rid of these annoying infections id really apreciate it!
Edited by Kia, 07 September 2006 - 09:58 PM.