Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

www.free-virusscan.com

Started by prabhakaran , Jun 30 2008 11:20 PM

  • Please log in to reply

#1
prabhakaran
Posted 30 June 2008 - 11:20 PM

prabhakaran

    New Member

  • Member
  • Pip
  • 1 posts
when i try to open the c: drive the dialog bog appear and tell ur system is infected with spyware and download this file. yes / no

when i click yes/no any thing the webpage www.free-virsscan.com is open


and it scan my system and ask me download one file


here i scan with hijackthis tool and attach it to this. plz solve this issue

StartupList report, 7/1/2008, 10:41:01 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows 2000 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
E:\installHere\VNC4\WinVNC4.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
E:\installHere\Acrobat\Acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
HotKeysCmds = C:\WINNT\system32\hkcmd.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Acrobat Assistant 8.0 = "E:\installHere\Acrobat\Acrotray.exe"
(Default) =
LogMeIn GUI = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
Google Desktop Search = "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
SoundMan = SOUNDMAN.EXE
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
McAfeeUpdaterUI = "C:\Program Files\McAfee\Common

Framework\UdaterUI.exe" /StartedFromRunKey
SpyHunter Security Suite = C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter3.exe

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not

found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not

found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not

found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not

found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not

found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows:

AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - E:\installHere\Acrobat\AcroIEFavClient.dll -

{AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\WINNT\system32\xmlview.dll -

{B1892F58-1116-4DEC-92AA-577872EC3D3D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Adobe\Director\SwDir.dll
CODEBASE =

http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE =

http://download.micr...94F-4334-8B55-A

F2E4D98ED0C/wmv9dmo.cab

[PCareImage Control]
InProcServer32 = C:\WINNT\DOWNLO~1\PCAREI~1.OCX
CODEBASE =

http://primecare.hca.../PCareImage.cab

[FileUpload Control]
InProcServer32 = C:\WINNT\DOWNLO~1\FILEUP~1.OCX
CODEBASE =

http://primecare.hca.../FileUpload.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9e.ocx
CODEBASE =

http://download.macr...ash/swflash.cab

[Performance Viewer Activex Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\RACtrl.dll
CODEBASE = https://secure.logme...ivex/RACtrl.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 7,258 bytes
Report generated in 0.188 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP