Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

malware changing drive icons

  • Please log in to reply




  • Member
  • PipPipPip
  • 100 posts
Hi guys,
Im facing a BIG problem on my PC. You see, some virus or spyware has crept into my system even afater using McAfee and updating it regulalry. What this virus is doing is creating two files in the root of every drive in my computer. The files are autorun.inf and setup.exe. This cause the default drive icon in My Comuter to be replaced with that of the setup.exe file. I have done a full system scan but i still cant find the cause of the problem. Everytime i delete the autorun.inf and setup.exe files. Thye get recreated ina matter of minutes. What can i do to resolve this - other than formatting my machine.
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 2:44:23 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
E:\Program Files\AutoMate 6\AMTS.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\Program FIles\BlueDragon Server\jre\bin\java.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
e:\Program Files\FreePOPs\freepopsservice.exe
E:\Program Files\FreePOPs\freepopsd.exe
e:\progra~1\mcafee\mcafee antispyware\massrv.exe
e:\program files\mcafee.com\agent\mcdetect.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
E:\Program Files\Virtual CD v8\System\VC8SecS.exe
E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
E:\Program Files\Common Files\Stardock\SDMCP.exe
E:\Program Files\McAfee.com\VSO\oasclnt.exe
E:\Program Files\McAfee.com\VSO\mcvsshld.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\EscapeClosePro\EscapeClosePro.exe
E:\Program Files\Hmonitor\hmonitor.exe
E:\Program Files\Windows Desktop Search\WindowsSearch.exe
E:\Program Files\yzshadow\YzShadow.exe
E:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
E:\Program Files\Mridang's Software\Net Detect\Net Detect.exe
E:\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.exe
E:\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program Files\Desktop Sidebar\dsidebar.exe
E:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
E:\Program Files\J River\Media Center 11\Media Center.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\DU Meter\DUMeter.exe
E:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\Program Files\VisualTaskTips\VisualTaskTips.exe
E:\Program Files\VisualTaskTips\VisualTaskTips.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
E:\Documents and Settings\Mridang\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=E:\WINDOWS\Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - E:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - E:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - E:\Program Files\Internet Explorer\Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - E:\Program Files\Internet Explorer\Developer Toolbar\IEDevToolbar.dll
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFEXE] "E:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [_AntiSpyware] e:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Actual Window Manager.lnk = E:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe
O4 - Global Startup: AnyDVD.lnk = E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: CursorXP.lnk = E:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: EscapeClose.lnk = E:\Program Files\EscapeClosePro\EscapeClosePro.exe
O4 - Global Startup: Hardware Monitor.lnk = E:\Program Files\Hmonitor\hmonitor.exe
O4 - Global Startup: Net Detect.lnk = E:\Program Files\Mridang's Software\Net Detect\Net Detect.exe
O4 - Global Startup: ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: VisualTaskTips.lnk = E:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - Global Startup: Windows Desktop Search.lnk = E:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Yz Shadow.lnk = E:\Program Files\yzshadow\YzShadow.exe
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137155760130
O17 - HKLM\System\CCS\Services\Tcpip\..\{51A2DF80-9E6F-460F-81A0-E624EDF718E3}: NameServer =
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: HookDLL.DLL
O20 - Winlogon Notify: MCPClient - E:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: PCANotify - E:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WB - E:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - E:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - E:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlueDragon Server JX 6.2 - Unknown owner - E:\Program FIles\BlueDragon Server\bin\BlueDragonService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: FreePOPs - Unknown owner - e:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - E:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - e:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - E:\Program Files\Virtual CD v8\System\VC8SecS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\System32\vmnat.exe
O23 - Service: Windows Log - Unknown owner - E:\WINDOWS\system32\nvsvcd.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - E:\WINDOWS\System32\DRIVERS\WtSrv.exe
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP