Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help me in removing these trojan viruses and win 32/alman viruses [CLO


  • This topic is locked This topic is locked

#1
gone_yaar

gone_yaar

    New Member

  • Member
  • Pip
  • 7 posts
In my computer i detected trojan dropper , trojan PSW.onlinegames , trojan downloader , trojan generic and win 32/alman viruses . Even my computer has become too slow at startup and also tell me if there is any method to increase my download speed , it is just 15 kb/sec.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please read this topic and post your HijackThis log here when ready.
  • 0

#3
gone_yaar

gone_yaar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:07 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.mail.yahoo.com
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - (no file)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - (no file)
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - (no file)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: apsgejba.dll - {5FD45A54-9875-698F-E56E-65102358FDF5} - (no file)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: arjrdler.dll - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - (no file)
O2 - BHO: jke34kl32.dll - {9629FF4F-ACDB-5C90-A098-FACB3456A269} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Boost XP Service] C:\Program Files\Boost XP\bxservice.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCAE48D-F5BC-4547-8BEC-86ADFDFC4D7C}: NameServer = 202.144.115.4,202.144.66.6
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.dll,tuker.dll,ujkwet.dll,asfjth
j.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,kergt.dll,gfcf
g.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,x
gnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,sergh
jm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,x
fng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll
,oqrthc.dll,fgthde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn
.dll,dbfb.dll,fjnbv.dll,rthkyuk.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dl
l,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.d
ll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh
.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr
.dll,hfther.dll,,akjsdkaq.dll,arjreler.dll,yzztkmsn.dll,nhmxdjkl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - (no file)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: VideoAcceleratorService - Unknown owner - E:\All Hardware\SpeedBit Video Accelerator\VideoAcceleratorService.exe (file missing)

--
End of file - 8343 bytes
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - (no file)
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - (no file)
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - (no file)
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: apsgejba.dll - {5FD45A54-9875-698F-E56E-65102358FDF5} - (no file)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: arjrdler.dll - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - (no file)
O2 - BHO: jke34kl32.dll - {9629FF4F-ACDB-5C90-A098-FACB3456A269} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.dll,tuker.dll,ujkwet.dll,asfjth
j.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,kergt.dll,gfc
f
g.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,
x
gnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serg
h
jm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,
x
fng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dl
l
,oqrthc.dll,fgthde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydg
n
.dll,dbfb.dll,fjnbv.dll,rthkyuk.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.d
l
l,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.
d
ll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfg
h
.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkd
r
.dll,hfther.dll,,akjsdkaq.dll,arjreler.dll,yzztkmsn.dll,nhmxdjkl.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - (no file)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#5
gone_yaar

gone_yaar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I had already runned combofix but after restarting the computer after that it got error that NTLPR not found , press alt+crl+del to restart.But restarting gave me same error.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run into any problems during the combofix scan?

Read here or post in our Windows forum for assistance on this matter.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP