Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Worm.WIN32.SkyNet pls help remove T_T [RESOLVED]


  • This topic is locked This topic is locked

#1
Choknat

Choknat

    Member

  • Member
  • PipPip
  • 37 posts
hey guys pls help, I have this "worm.win32.NetSky" and i cant remove it even with my updated norton antivirus. I have this 3 spyware removal shortcuts which even if I delete still pops up after i restart my computer. I also have this red "your privacy is in danger" background which believe is from my C:/windows/privacy_danger which always go back even if I delete it. there is also a red "X" mark on my lower right screen of my computer. I'm only 19yrs old and know only few about computers but if directed I would do my best to understand.

oh, my task manager is also "disabled by administrator" T_T

I read about blondhottie's post and i tried to use smitfraudfix. here's my rapport.. i hope this is right..

SmitFraudFix v2.305

Scan done at 13:45:31.65, Sun 03/16/2008
Run from C:\Documents and Settings\microsoft\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\microsoft


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\microsoft\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICROS~1\FAVORI~1

C:\DOCUME~1\MICROS~1\FAVORI~1\Online Security Test.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\tmp???????.exe FOUND !
C:\Program Files\antiviirus.exe FOUND !
C:\Program Files\Helper\ FOUND !
C:\Program Files\NetProject\ FOUND !
C:\Program Files\tmp?.exe FOUND !
C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: drnpfdxwlv.dll
BHO: GNX Rolex - {0D504883-70CA-48BD-A282-639753D3B0CE}
TypeLib: {BD2F88C5-20F9-4999-BC1C-7F1632AD141B}
Interface: {49B61FB5-29FA-421A-8725-E926DD1553DD}
Interface: {8B4B7425-C419-4E82-9927-174656EFD307}

[!] Suspicious: etlrlws.dll
Toolbar: etlrlws - {65F4F8C1-B31F-40B7-9D34-98CA11EAC387}
TypeLib: {0588B0D8-A150-41F8-8990-AC5DFE0905E5}
Interface: {C18F8490-53C0-46E9-9706-77F975E59A02}
Classe: etlrlws.bkfg
Classe: etlrlws.ToolBar.1

[!] Suspicious: bokpkov.dll
SSODL: bokpkov - {E11B4641-90B4-4BEE-9485-1D17D6410EDA}

[!] Suspicious: altvxvm.dll
SSODL: altvxvm - {5751F34F-8F2A-42D0-A251-614C49C3FC39}

[!] Suspicious: ComponentAlrt.dll
SSODL: ComponentAlrt - {9c126442-4f35-43d5-95f1-8d832f6d5ec4}

[!] Suspicious: zip.dll
SSODL: zip - {cbeeb9a0-883f-4e10-8e3c-652446af62ce}

[!] Suspicious: RamVolume.dll
SSODL: RamVolume - {590a0707-86c5-4b44-aacc-09eac802ecd5}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"="djuka"

[HKEY_CLASSES_ROOT\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\InProcServer32]
@="C:\WINDOWS\system32\wbchha.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\InProcServer32]
@="C:\WINDOWS\system32\wbchha.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 202.78.97.41
DNS Server Search Order: 202.78.97.35

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

pls.. I would greatly appreciate your help..

Edited by Choknat, 16 March 2008 - 02:33 AM.

  • 0

Advertisements


#2
Choknat

Choknat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
[RESOLVED] Thanks to RATHAT i just followed his posts on other topics concerning win32.NetSky
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP