Malware VBS.Script.429 lose Internet Options

Dear Advisors,

Kindly please help me this time :

My Windows 98 SE has been attacked by a lots of Folder.htt/SCRIPT.0 -> VBS.Script.429.
It was detected by Dr.Web CureIt and Action: Moved

The PC status is (what I realize) is:
- WINDOWS EXPLORER : No Tools/Folder Options
No View/Folder Options
No View/As web page

- INTERNET EXPLORER : Connecting to : 66.218.77.68 (Geocities Unavailable site)
Display Address : about:error
No : Tools / Internet Options
Search.live.com

The HJT 99 log is like this now :

Logfile of HijackThis v1.99.1
Scan saved at 10:08:00 AM, on 30-10-2007
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KINGSTON TECHNOLOGY CO INC\DATATRAVELER 2.0\SAFEEJECT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ADAWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:error
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cbn.net.id:8080
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [UFDSE98] C:\Program files\KINGSTON TECHNOLOGY CO INC\DataTraveler 2.0\SafeEject.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O4 - Startup: route add.bat.pif = C:\ROUTEA~1.BAT
O12 - Plugin for .aaa: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.1.1.12

Scanning with AdAware
in Normal Mode found nothing.

The Dr.Web report in CSV is :
Folder.htt\Script.0;c:\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\;Archive contains infected objects;Moved.;
folder.htt\Script.0;c:\WINDOWS\folder.htt;VBS.Generic.429;;
folder.htt;c:\WINDOWS;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\WINDOWS\SYSTEM\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\WINDOWS\SYSTEM;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\WINDOWS\Web\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\WINDOWS\Web;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\My Documents\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\My Documents;Archive contains infected objects;Moved.;
DAPBHO.dll;c:\Program Files\DAP;Adware.IEBar;Incurable.Deleted.;
Process.exe;c:\Program Files\HaxFix;Tool.Prockill;Incurable.Deleted.;
CPQSM.EXE;c:\Compaq\SP21135;Probably BACKDOOR.Trojan;Incurable.Deleted.;
Folder.htt\Script.0;c:\Adaware\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\Adaware;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\Adaware\HjFix\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\Adaware\HjFix;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\Adaware\SpywareGuard\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\Adaware\SpywareGuard;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\Adaware\AVZ\avz4en\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\Adaware\AVZ\avz4en;Archive contains infected objects;Moved.;
Comet_VIRUS.ddd;c:\Adaware\TampungVirus;Adware.Comet;Incurable.Deleted.;
webdlg32_dll.VIR;c:\Adaware\TampungVirus;Adware.Hotbar;Incurable.Deleted.;
070413_ONLINE_BITDEFENDER.htm\Script.0;c:\Download\070413_ONLINE_BITDEFENDER.htm;VBS.Generic.429;;
070413_ONLINE_BITDEFENDER.htm;c:\Download;Archive contains infected objects;Moved.;
Folder.htt\Script.0;c:\Download\Folder.htt;VBS.Generic.429;;
Folder.htt;c:\Download;Archive contains infected objects;Moved.;
mirc32.exe;c:\Download\mIRC;Program.mIRC.591;Incurable.Deleted.;
mirc.exe;c:\Download\mirc6;Program.mIRC.603;Incurable.Deleted.;
Silent Runners.vbs;c:\Download\OBAT;Probably BATCH.Virus;Incurable.Deleted.;

Kindly please help me. Your help is appreciated.

thanks,

Lee

#1
Menteng

Posted 30 October 2007 - 05:43 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us