Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help, I'm getting mad


  • Please log in to reply

#1
Umb

Umb

    New Member

  • Member
  • Pip
  • 1 posts
Since a month I am trying to get rid of this malware. Following some of the instructions i found around here and elsewhere, I thought many time I was out, but after some days the beast reappeared. It shuts down my pc with a services.exe error 128. It probably patched bot AVG and EWIDO.

here my last hijack log

Logfile of HijackThis v1.99.1
Scan saved at 10:51:58, on 10/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
D:\WINNT\system32\hidserv.exe
D:\Program Files\HP Web JetAdmin\hpwebjetd.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINNT\system32\PGPsdkServ.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
D:\WINNT\system32\inetsrv\inetinfo.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Iomega HotBurn\Autolaunch.exe
D:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
D:\WINNT\system32\internat.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\PROGRA~1\MI3AA1~1\wcescomm.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
D:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
D:\Program Files\Fastweb\PrintAndFax\FaxMonitor.exe
D:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://venicexplorer.net/indexfast.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [MNCN USB] D:\WINNT\system32\ShellExt\mncntray.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [IntelliType] "D:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe D:\WINNT\system32\crazytalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Background Monitor.lnk = D:\Program Files\EPSON\StMon\STMS.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = D:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = D:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
O4 - Global Startup: PrintAndFax.lnk = D:\Program Files\Fastweb\PrintAndFax\FaxMonitor.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reall...m/CrazyTalk.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125585823500
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteit...plugins/ncs.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O18 - Filter: text/html - {BFE59280-CFF6-473B-AD9C-1D2211BF8643} - D:\Documents and Settings\Umberto Sartory\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat
O20 - Winlogon Notify: ActiveSync - D:\WINNT\SYSTEM32\WcesWlgn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: HP Web JetAdmin (HPWebJetAdmin) - Hewlett-Packard - D:\Program Files\HP Web JetAdmin\hpwebjetd.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PGPsdkService (PGPsdkServ) - Network Associates Technology, Inc. - D:\WINNT\system32\PGPsdkServ.exe
O23 - Service: PGPService - Networks Associates Technology, Inc. - D:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP