Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ANOTHER TROJAN.KILLAV!

Started by Leo12181 , Oct 04 2007 02:31 AM

  • Please log in to reply

#1
Leo12181
Posted 04 October 2007 - 02:31 AM

Leo12181

    Member

  • Member
  • PipPip
  • 23 posts
After I started to receive popups to buy spyware I ran norton scan. It picked up Trojan.KillAV. It has repeatedly claimed "threat removed" but the problem remains. My control panel is gone under the start menu, and when I try to open 'set program access and defaults' or the explorer properties it gives me the messege "RESTRICTIONS. This operation has been cancelled due to restrictions in effect on this computer. Please contact system admin." It will not allow me to restore to an earlier date. Is my identity and online profiles to banks and such at risk with this? Something obviously has primary control now. I was reading a post that was about the same thing, but does not appear to be making good progress yet. Should I hire professional help or is this something I can get rid of with the proper steps?
  • 0

Advertisements

#2
Leo12181
Posted 04 October 2007 - 09:39 AM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Using SUPER anti spyware I was able to remove at least the detectible parts of any virus or spyware. However, I am still locked out of the control panel, system specs. and explorerer properties. How can I regain access as the sole admin and operator of my system?
  • 0

#3
Leo12181
Posted 05 October 2007 - 11:50 PM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
How is it go'n MoNsTeReNeRgY22 . I have been keeping up with the other KillAV advice and am at the same point. I merged that file you posted with my system. Is my online banking and other things at risk with this problem or is it just more of a nuisance? I am still trying to regain my control panel and other adim options. I will continue to monitor the other post.
  • 0

#4
Leo12181
Posted 08 October 2007 - 04:07 PM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok.....I restored my reg file to before I added that merge realizing it was problobly custom for that other fella. I will go ahead and post my hijackthis log
  • 0

#5
Leo12181
Posted 08 October 2007 - 04:36 PM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 07-10-07.2 - Compaq_Owner 2007-10-08 16:20:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.279 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\TAPR2BWA\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-04 02:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 02:44 <DIR> d-------- C:\VundoFix Backups
2007-10-04 02:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-04 02:39 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2007-10-04 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-04 02:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 01:24 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-04 01:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-04 01:24 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-04 01:24 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-04 01:24 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-04 01:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-04 01:24 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-04 01:24 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2007-09-25 20:06 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\HorizonWimba
2007-09-23 17:17 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
2007-09-21 17:08 <DIR> d-------- C:\Program Files\iTunes
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 16:27 --------- d-------- C:\Program Files\Dl_cats
2007-10-04 01:50 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-04 01:33 --------- d-------- C:\Program Files\PCPitstop
2007-10-03 20:44 --------- d-------- C:\Program Files\Picasa2
2007-10-03 14:07 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-03 13:22 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 13:22 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 13:22 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 13:22 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 13:22 --------- d-------- C:\Program Files\Symantec
2007-09-27 21:20 --------- d-------- C:\Program Files\Google
2007-09-27 21:15 --------- d-------- C:\Program Files\Norton 360
2007-09-23 17:31 --------- d-------- C:\Program Files\Kuma Games
2007-09-23 17:17 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-22 20:40 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2007-09-21 17:09 --------- d-------- C:\Program Files\iPod
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-16 12:08 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Template
2007-09-12 10:48 --------- d-------- C:\Program Files\Apple Software Update
2007-09-11 14:08 --------- d-------- C:\Program Files\Morpheus
2007-09-10 14:48 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2007-09-06 17:00 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Jasc Software Inc
2007-08-20 01:22 --------- d-------- C:\Program Files\AGEIA Technologies
2007-08-09 22:31 --------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DellFaxCtr
2007-08-09 15:40 --------- d-------- C:\Program Files\Jasc Software Inc
2007-08-09 15:38 --------- d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-08-09 15:37 --------- d-------- C:\Program Files\Dell Fax Solutions
2007-08-09 15:37 --------- d-------- C:\Program Files\Dell AIO Printer 946
2007-08-09 15:37 --------- d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-08-09 15:35 --------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-08-09 15:35 --------- d-------- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 00:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-12 17:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2005-06-23 13:02 774144 --a--c--- C:\Program Files\RngInterstitial.dll
2003-08-27 13:19 36963 -ra--c--- C:\Program Files\Common Files\SM1updtr.dll
2006-07-26 21:06:00 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 09:59]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 11:06 C:\WINDOWS\AGRSMMSG.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-04 02:11]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 14:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 13:13]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 20:13]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 16:01]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-12-07 23:16]
"FaxCenterServer"="C:\Program Files\Dell Fax Solutions\fm3032.exe" [2006-12-07 23:19]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-03 16:55]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2005-02-04 02:24]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-02-04 02:22:04]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-02-04 02:20:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hadjajr.ini

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 dlci_device;dlci_device;C:\WINDOWS\system32\dlcicoms.exe -service
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
AutoRun\command- D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 23:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 16:26:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 16:33:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 16:32
.
--- E O F ---
  • 0

#6
Leo12181
Posted 08 October 2007 - 04:39 PM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
[bleep], I think I have already ran it once but running that last one again gave my controll panel back and other previous missing items. I was reading off a simular topic. Thanks alot for the help!! Even though indirct, it was a HUGE help.
  • 0

#7
Leo12181
Posted 08 October 2007 - 04:45 PM

Leo12181

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am still going to post my highjackthis incase there is any reminants of anything the pros think I should get rid of or fix
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP