Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winantivirus problem

Started by The Garlows , Nov 01 2006 10:30 AM

  • This topic is locked This topic is locked

#1
The Garlows
Posted 01 November 2006 - 10:30 AM

The Garlows

    Member

  • Member
  • PipPip
  • 21 posts
Constant winantivirus and amaena popups. Have run all the required tools. Still have the problem. This is my Panda scan report:

Incident Status Location

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\rgarlow\Cookies\rgarlow@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\rgarlow\Cookies\[email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\rgarlow\Cookies\rgarlow@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\rgarlow\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSToolbar\VSToolBar.dll
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@adviva[2].txt
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@hitbox[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@serving-sys[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@tribalfusion[2].txt
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-1606980848-884357618-682003330-1173\Dc1\rgarlow\Local Settings\Temp\Cookies\rgarlow@zedo[2].txt
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\abhuukdh.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\aucfswgh.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\btnilfek.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\cevvtnor.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\dcybpayu.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\felnubrv.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\fqmfhfbe.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\jpaxnirn.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\lhgbpwxu.exe
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\mqnphljt.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\netkcalh.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ogxnswtc.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\pmkjk.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\qcuaaxld.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\trpqsspg.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ufhqyhml.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\ulukxddk.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uxupgngc.dll
Here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:00:03 AM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\rgarlow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wvgazette.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {39D36F7F-81ED-45DC-87A3-A51824966B06} - C:\WINDOWS\system32\pmkjk.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\inugohbk.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.35.20.63/...html/AtxEnc.cab
O16 - DPF: {69B502DF-D12F-4FD7-9892-D8DFA2D96474} (OfficeScan Management Console) - https://10.35.20.63/.../AtxConsole.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kanpao.com
O17 - HKLM\Software\..\Telephony: DomainName = kanpao.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kanpao.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Kaseya Agent (KaseyaAgent) - Unknown owner - C:\Program Files\Kaseya\Agent\AgentMon.exe" -s (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Thanks
  • 0

Advertisements

#2
Shaba
Posted 01 November 2006 - 12:26 PM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi The Garlows

Uninstall via add/remove programs (control panel):

VSToolbar for Internet Explorer

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.[/list]
  • 0

#3
Shaba
Posted 10 November 2006 - 11:46 AM

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP