Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple malware/grayware 400+ infections!


  • Please log in to reply

#1
Kia

Kia

    New Member

  • Member
  • Pip
  • 1 posts
Hi! I recently scanned my computer using TREND MICRO House call 6.5 to see if I had any viruses/malware/grayware/etc..... It ended up saying that i have:

Infection ................................................................... # of Infections
ADWARE_INET ................................................................. 1

ADWARE_INET ................................................................ 1

TSPY_SMALL ..................................................................5

TSPY_DUMADOR .............................................................. 5

ADAWARE_MEMWATCHER ................................................399

TSPY_MOSUCKER .......................................................... ...2

Every infection is listed as: F:\WINDOWS\system32\drivers\etc\hosts\127.0.0.1

I attempted to remove them with TREND MICRO House Call 6.5 but all it does is deleting grayware and malware and seems to freeze up and never finish deleting the infections.
I ran a virus scan of my computer with 3-4 differant programs: escan, panda titanium something, etc... none of the other programs even picked up these infections. So, i ran HijackThis hoping to find what may be causing all of this. I found out that i had melis.exe (niklas K virus) also (it had not been detected by any other program). Im pretty sure I removed melis.exe from my computer. I re-ran TREND MICRO House Call 6.5 hoping that somehow removing melis.exe would fix the other problems; of course I was wrong :whistling: .

Here is the latest HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:52:38 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\eScan\TRAYSSER.EXE
F:\PROGRA~1\eScan\avpm.exe
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\PROGRA~1\eScan\AVPMWrap.EXE
F:\WINDOWS\System32\wbem\unsecapp.exe
F:\PROGRA~1\eScan\MAILDISP.EXE
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\PROGRA~1\eScan\MAILSCAN.EXE
F:\PROGRA~1\ESCAN\SPOOLER.EXE
F:\PROGRA~1\eScan\kavss.exe
F:\PROGRA~1\eScan\AvpM.exe
F:\WINDOWS\system32\wscntfy.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Documents and Settings\Sput\Desktop\Programs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] F:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] F:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "F:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] F:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] F:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\mwtsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145686097953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B1B2CE-0E39-43FA-82BF-23768F6201A6}: NameServer = 68.87.76.178,68.87.66.196
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - F:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - F:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - F:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE


If you have any idea about how to get rid of these annoying infections id really apreciate it!

Edited by Kia, 07 September 2006 - 09:58 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP