Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problems affecting windows installer + IE 6


  • Please log in to reply

#1
miraculous

miraculous

    Member

  • Member
  • PipPip
  • 20 posts
Moved to Malware forum from another thread named...

Windows Installer Problem, Message 1722 while trying to download Java latest

Noticed something. I have lost the ability to uninstall IE 6 from start>control>add remove programs. It is not there. CCleaner shows files being deleted from IE 5. But what is there is something called Microsoft Data Access Components KB870669 which is my Windows installer!?! Rushin 1nd, was helping me by finding a patch to correct the problem-that's how I know what this is. Not sure what to do here first.

And there's the problem of not being able to get into prefetch anywhere in mycomputer. I have done all the steps that I could-ex prefetch, and have created a Hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 9:59:16 AM, on 10/9/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Bell\Access Manager\app\TangoService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clutsy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clutsy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clutsy.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E044995D-EE0B-4C85-BC98-CD1342399471}: NameServer = 206.47.244.51 206.47.244.107
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe (file missing)

From Edwido/Avg, this file was created (if it is any help) and these problems have been quarantined

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:42:44 PM 10/8/2006

+ Scan result:



C:\WINNT\system\winlogon.exe -> Backdoor.VanBot.w : Cleaned with backup (quarantined).
C:\WINNT\system32\srvc.dll -> Downloader.Agent.awg : Cleaned with backup (quarantined).
[164] C:\WINNT\system32\srvc.dll -> Downloader.Agent.awg : Cleaned with backup (quarantined).
C:\WINNT\system32\bayfsfit.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINNT\system32\dllrtblt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINNT\system32\qxquevyj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINNT\system32\rxlnotkk.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINNT\system32\xsyuqnkn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).


::Report end

While typing this AVG just reported a virus and has just moved it to the vault. geez.

TIA. I shall wait for a reply.

Edited by miraculous, 09 October 2006 - 08:30 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP