This afternoon while I was browsing some websites, I was infected with the Huer Virus (I know this because when I scanned with AVG free virus scan, that was the majority of the entries) as well as ZLob or something?
Anyway, what this virus did was change my homepage, and redirected all typed internet adresses to either ads or an internet page saying that my computer may be infected with a virus, please download these antivirus programs were are trying to sell you (obviously fake, they had three 'antivirus' programs for download which you had to pay for suggested, as well as bad grammar and spelling). It also installed a bunch of toolbars into internet explorer.
I scanned with AVG, removed as much of the crap as I could, rebooted in safemode, scanned and deleted as much as I could again. I suspect this virus is not fully removed though.
My reason for suspecting this is that about half of the internet pages that I open will not connect to anything - they give a "page cannot be displayed" error. It could have been just those sites but I have been trying to search the internet for about half an hour now (in fact, this forum was the first one that actually worked) and get repeated "page cannot be displayed" errors.
I downloaded firefox in an attempt to fix this, but apparently the problem goes deeper than that for the I am having the same issue. If it helps, before I scanned with AVG, any internet site I attempted to visit from google.com via link would redirect me to an advertisement on something completely unrelated (though strangely enough yahoo.com worked fine...)
Thankyou in advance for your time, Hijackthis log is included below. I hope I can get this issue resolved quickly as I am not fond of reformatting my computer!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:34 PM, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdakd.exe] C:\WINDOWS\system32\kdakd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212311658967
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EA57BAF-BA2F-4899-92EE-1E59978F9BF4}: NameServer = 212.18.160.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F7A17F4-E621-478D-9435-D0B962565DF7}: NameServer = 212.18.160.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{844A0FE0-9647-416E-9DB3-191509532918}: NameServer = 212.18.160.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{97C79B58-72B5-4FB5-A47B-08C15ACF5E2D}: NameServer = 212.18.160.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EA57BAF-BA2F-4899-92EE-1E59978F9BF4}: NameServer = 212.18.160.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EA57BAF-BA2F-4899-92EE-1E59978F9BF4}: NameServer = 212.18.160.133
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3897 bytes