Worm.WIN32.SkyNet pls help remove T_T [RESOLVED]

hey guys pls help, I have this "worm.win32.NetSky" and i cant remove it even with my updated norton antivirus. I have this 3 spyware removal shortcuts which even if I delete still pops up after i restart my computer. I also have this red "your privacy is in danger" background which believe is from my C:/windows/privacy_danger which always go back even if I delete it. there is also a red "X" mark on my lower right screen of my computer. I'm only 19yrs old and know only few about computers but if directed I would do my best to understand.

oh, my task manager is also "disabled by administrator" T_T

I read about blondhottie's post and i tried to use smitfraudfix. here's my rapport.. i hope this is right..

SmitFraudFix v2.305

Scan done at 13:45:31.65, Sun 03/16/2008
Run from C:\Documents and Settings\microsoft\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp0.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\microsoft

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\microsoft\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICROS~1\FAVORI~1

C:\DOCUME~1\MICROS~1\FAVORI~1\Online Security Test.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\MICROS~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\tmp???????.exe FOUND !
C:\Program Files\antiviirus.exe FOUND !
C:\Program Files\Helper\ FOUND !
C:\Program Files\NetProject\ FOUND !
C:\Program Files\tmp?.exe FOUND !
C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: drnpfdxwlv.dll
BHO: GNX Rolex - {0D504883-70CA-48BD-A282-639753D3B0CE}
TypeLib: {BD2F88C5-20F9-4999-BC1C-7F1632AD141B}
Interface: {49B61FB5-29FA-421A-8725-E926DD1553DD}
Interface: {8B4B7425-C419-4E82-9927-174656EFD307}

[!] Suspicious: etlrlws.dll
Toolbar: etlrlws - {65F4F8C1-B31F-40B7-9D34-98CA11EAC387}
TypeLib: {0588B0D8-A150-41F8-8990-AC5DFE0905E5}
Interface: {C18F8490-53C0-46E9-9706-77F975E59A02}
Classe: etlrlws.bkfg
Classe: etlrlws.ToolBar.1

[!] Suspicious: bokpkov.dll
SSODL: bokpkov - {E11B4641-90B4-4BEE-9485-1D17D6410EDA}

[!] Suspicious: altvxvm.dll
SSODL: altvxvm - {5751F34F-8F2A-42D0-A251-614C49C3FC39}

[!] Suspicious: ComponentAlrt.dll
SSODL: ComponentAlrt - {9c126442-4f35-43d5-95f1-8d832f6d5ec4}

[!] Suspicious: zip.dll
SSODL: zip - {cbeeb9a0-883f-4e10-8e3c-652446af62ce}

[!] Suspicious: RamVolume.dll
SSODL: RamVolume - {590a0707-86c5-4b44-aacc-09eac802ecd5}

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"="djuka"

[HKEY_CLASSES_ROOT\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\InProcServer32]
@="C:\WINDOWS\system32\wbchha.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\InProcServer32]
@="C:\WINDOWS\system32\wbchha.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 202.78.97.41
DNS Server Search Order: 202.78.97.35

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1C7B5944-C76A-454B-8AD2-D752A41C0351}: NameServer=202.78.97.41,202.78.97.35

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

pls.. I would greatly appreciate your help..

Edited by Choknat, 16 March 2008 - 02:33 AM.

#1
Choknat

Posted 16 March 2008 - 12:00 AM

Advertisements

#2
Choknat

Posted 16 March 2008 - 04:00 AM

#3
Rorschach112

Posted 16 March 2008 - 07:48 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us