I am running Windows XP SP2 on a PowerEdge 400SC. I recently installed a firewall AVG and Zone Alarm.
Problems encountered;
1) Warning: Your computer may be infected with malicious spyware, adware of trojan object.
2) WinAntivirus pop up
3) Adware.Generic
Ewido scan in SafeMode found these but the update would not work before I ran it, and after I ran it in SafeMode the file would not save, but this is exactly what it read.
Adware.Generic
cookie.pointroll
cookie.cpvfeed
cookie.mediaplex
cookie.questionmarket
cookie.reliablestats
apply all action, fixed them all, select reports "no reports availlable"
ActiveScan;
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\winuqw32.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/pornmagpass Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TxTrapper\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\Uninst.exe
Possible Virus. Not disinfected C:\VundoFix Backups\gebyx.dll_bad.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\gebyyyw.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\jkkhfca.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\opnlkkh.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\pmkjh.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrqpnk.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrspom.dll
hijackthis;
Logfile of HijackThis v1.99.1
Scan saved at 18:18, on 06-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TxTrapper\Desktop\Toolbox\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvman.dll,startup
O4 - HKLM\..\Run: [ewghcgk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ewghcgk.dll,dmiuiv
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thanks for the generious help,
TxTrapper
San Antonio, TX