Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

worm.32winvirus [RESOLVED]


  • This topic is locked This topic is locked

#1
murimuri

murimuri

    Member

  • Member
  • PipPip
  • 39 posts
dear mods/admins/help,

I really did not know where to post my question so I thought here would be best. Although I know I have to run HJT and post the log here, unfortunately I am unable to do so. This is where my request (and problem) comes in.

See, the malware/spyware/virus infecting the laptop is so terrible to the extent that I am even unable to access any other internet websites other than the "install free spyware removal program" etc that keep popping up on their own. (I am accessing this forum from another computer in the house that are all connected to the same access point [is this info even necessary ><]) The problem the infected laptop faces is very very similar to some of the reported problems mention, eg:

- no control panel in start menu
- task manager disabled
- background wallpaper changed to a blue screen with "SPYWARE DETECTED. PLEASE INSTALL SPYWARE REMOVAL.... &etc"

However, as I am unable to even install HJT on the laptop, I am unable to provide a log. Is there anywhere I might be able to carry out any of the instructions given via a secondary computer, probably? Also, I am unable to even install a simple antivirus freeware (AVG) as I believe the virus has even prevented such installations.

Is there ANY way this problem can be resolved? Short of removing everything and reinstalling a whole new system? (Which I doubt would work because I think the virus has infected the harddrive... WinAntivirus 2008 keeps saying they detected over 2000 infections!!)

THANK YOU

Edited by murimuri, 26 July 2008 - 02:20 AM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

WinAntiVirus will say lots of things to get you to buy it, don't believe it.

Do you have a USB Drive or CD which you can transfer tools to the infected PC?

Just an FYI, all these tools need to be running from the infected PC - not your USB drive.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply.
  • 0

#3
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hello Mike,

Thank you for replying!! Uhm, really sorry, but the program seems to hang!
I ran it from the desktop as you said, but it made five bars of progress and has not moved since. (or is it supposed to take very long?) On the other hand, pop-ups for "Your computer is infected, install so-and-so to remove them now!" keep coming up! I noticed that AntiVirus2008 (some default program in the com I think) mentioned these as infections:

W32.spybot.aven
trojan.zlob.w
adware (several)
backdoor (several)
tracking cookie (several)

will it help?
thanks

- muri
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts

WinAntiVirus will say lots of things to get you to buy it, don't believe it.


It is part of the infection! It won't help, it only attempts to get you to buy the program.

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.
  • 0

#5
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
By the way! It turns out, my dad was too impatient. So he had gone ahead and reformatted the whole computer. yeah, he reinstalled windows xp home =_=; so, no antivirus software at all.. >< the good thing is that the viruses SEEM to have disappeared, but I doubt it.

=====
ComboFix 08-07-25.7 - muhammad 2008-07-26 22:50:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.229 [GMT -7:00]
Running from: C:\Documents and Settings\muhammad\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-26 22:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-26 21:43 . 2008-07-26 21:43 <DIR> d-------- C:\Intel
2008-07-26 21:43 . 2004-06-17 13:43 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-07-26 21:30 . 2008-07-26 21:31 <DIR> d-------- C:\Program Files\InterVideo
2008-07-26 21:30 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-07-26 21:30 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-07-26 21:30 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-07-26 21:30 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-07-26 21:30 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-07-26 21:30 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-07-26 21:29 . 2008-07-26 21:29 <DIR> d-------- C:\Program Files\Java
2008-07-26 21:29 . 2008-07-26 21:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 21:29 . 2004-06-03 22:05 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-07-26 21:28 . 2008-07-26 21:28 <DIR> d-------- C:\swsetup
2008-07-26 21:28 . 2002-10-15 10:13 32,356 --------- C:\WINDOWS\system32\pusbfd1.sys
2008-07-26 21:28 . 2002-10-15 10:13 26,629 --------- C:\WINDOWS\system32\pusbfd2.vxd
2008-07-26 21:28 . 2008-07-26 21:28 1,677 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (PS925PA#UUF)_YN_0Pavi_QCNF5020K95_EU_46_I09B8_SQuanta_V34.20_BF.13_T041217_WXH2
_L409_M479_J60_7Intel_8Pentium M_91.6_#080726_N10EC8139_(PS925PA#UUF)_XMOBILE_CN10_Z808624C6_2Rev 1.MRK
2008-07-26 21:27 . 2008-07-26 21:27 <DIR> d-------- C:\Program Files\Common Files\Sonic
2008-07-26 21:27 . 2008-07-26 21:27 <DIR> d-------- C:\Documents and Settings\muhammad\Application Data\Sonic
2008-07-26 21:26 . 2008-07-26 21:26 <DIR> d-------- C:\Program Files\Sonic
2008-07-26 21:26 . 2008-07-26 21:26 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-07-26 21:26 . 2008-07-26 21:26 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-26 21:26 . 2008-07-26 21:26 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-26 21:25 . 2004-09-15 13:56 3,133,440 --a------ C:\WINDOWS\system32\hpqPres.dll
2008-07-26 21:25 . 2004-09-14 14:40 225,280 --a------ C:\WINDOWS\system32\cpqinfo.dll
2008-07-26 21:25 . 2004-09-14 14:40 65,536 --a------ C:\WINDOWS\system32\hpqactn.dll
2008-07-26 21:25 . 2004-04-13 10:30 32,768 --a------ C:\WINDOWS\system32\eabhbrn8.dll
2008-07-26 21:24 . 2004-04-14 08:36 7,432 --a------ C:\WINDOWS\system32\drivers\eabfiltr.sys
2008-07-26 21:24 . 2003-06-06 12:46 5,220 --a------ C:\WINDOWS\system32\drivers\EabUsb.sys
2008-07-26 21:23 . 2008-07-26 21:23 <DIR> d-------- C:\Program Files\muvee Technologies
2008-07-26 21:23 . 2008-07-26 21:23 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-07-26 21:23 . 2008-07-26 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-07-26 21:22 . 2004-08-12 09:26 15,669 --a------ C:\WINDOWS\system32\oeminfo.ini
2008-07-26 21:19 . 2008-07-26 21:19 <DIR> d-------- C:\Documents and Settings\muhammad\Application Data\Apple Computer
2008-07-26 21:19 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-07-26 21:18 . 2008-07-26 21:19 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-26 21:18 . 2008-07-26 21:19 <DIR> d-------- C:\Program Files\QuickTime
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\Program Files\iTunes
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\Program Files\iPod
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-26 21:18 . 2008-07-26 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-26 21:17 . 2008-07-26 21:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-26 21:15 . 2003-05-24 04:32 6,912,056 -ra------ C:\WINDOWS\Crystal Rush.bmp
2008-07-26 21:15 . 2004-05-11 02:47 6,912,056 -ra------ C:\WINDOWS\Blue Sonic.bmp
2008-07-26 21:15 . 2004-05-11 02:50 6,912,056 -ra------ C:\WINDOWS\Blue Lounge.bmp
2008-07-26 21:15 . 2003-01-24 05:27 22,198 -ra------ C:\WINDOWS\system32\OEMLogo.bmp
2008-07-26 21:14 . 2008-07-26 21:28 <DIR> d-------- C:\Program Files\HPQ
2008-07-26 21:14 . 2003-05-24 04:48 6,912,056 -ra------ C:\WINDOWS\Fractal Blue.bmp
2008-07-26 21:12 . 2004-09-20 01:41 3,210,496 -ra------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-07-26 21:12 . 2004-09-20 01:41 458,752 -ra------ C:\WINDOWS\system32\w29NCPA.dll
2008-07-26 21:11 . 2008-07-26 21:11 <DIR> d-------- C:\Program Files\Intel
2008-07-26 21:11 . 2004-09-20 01:41 1,654,784 -ra------ C:\WINDOWS\system32\W29MLRES.DLL
2008-07-26 21:11 . 2004-09-20 01:41 23 -ra------ C:\WINDOWS\system32\drivers\verfile.tic
2008-07-26 21:10 . 2004-08-04 18:05 341,760 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-07-26 21:10 . 2004-08-04 18:05 139,264 --------- C:\WINDOWS\system32\BCMWLU00.EXE
2008-07-26 21:10 . 2004-08-04 18:05 57,344 --------- C:\WINDOWS\system32\BCMWLD2K.EXE
2008-07-26 21:08 . 2008-07-26 21:08 <DIR> d-------- C:\WINDOWS\tiinst
2008-07-26 21:08 . 2008-07-26 21:08 <DIR> d-------- C:\Program Files\Synaptics
2008-07-26 21:08 . 2004-10-05 09:17 185,824 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-07-26 21:08 . 2004-10-05 09:19 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-07-26 21:08 . 2004-10-05 09:20 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-07-26 21:08 . 2004-10-01 03:46 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-07-26 21:08 . 2004-10-05 09:19 77,917 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-07-26 21:08 . 2004-10-01 03:44 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-07-26 21:07 . 2008-07-26 21:07 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-26 21:07 . 2008-07-26 21:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 21:07 . 2008-07-26 21:16 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-26 21:07 . 2004-06-28 03:35 69,760 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-07-26 21:06 . 2008-07-26 21:06 <DIR> d-------- C:\Program Files\CONEXANT
2008-07-26 21:06 . 2004-03-10 04:35 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-07-26 21:06 . 2004-03-10 04:37 682,624 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-07-26 21:06 . 2004-03-10 04:40 199,552 --a------ C:\WINDOWS\system32\drivers\HSFHWICH.sys
2008-07-26 21:06 . 2004-03-10 04:23 129,012 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-07-26 21:06 . 2003-04-09 07:01 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-07-26 21:06 . 2003-12-17 05:51 32,218 --a------ C:\WINDOWS\system32\HSFCI009.dll
2008-07-26 21:06 . 2003-04-09 06:48 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-26 21:03 . 2008-07-26 21:14 <DIR> d-------- C:\SYSTEM.SAV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 04:26 20,576 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-27 03:35 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 09:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 09:24 688218]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 13:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 13:43 118784]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 17:34 229438]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 12:38 286720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-26 21:19 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 16:19 290816]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=


*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=pavilion&pf=laptop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=pavilion&pf=laptop


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 22:51:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\[email protected]???? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-26 22:51:53
ComboFix-quarantined-files.txt 2008-07-27 05:51:48

Pre-Run: 56,313,823,232 bytes free
Post-Run: 56,330,727,424 bytes free

141

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3823 bytes
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
If you reformatted there is no chance of the virus being there.

Few things.

I notice you have no Anti-Virus program installed on your computer. These programs are necessary in keeping your computer free of malware, without it you are very likely to get re-infected within a very short period of time.
I would like you to download one of these free programs I have listed here for you.
Note: Make sure to only install ONE program, as having more can cause confliction between these programs, which in turn lowers your protection and slows down your computer.

I notice you have no Firewall program installed on your computer. These programs are necessary in keeping your computer safe from hackers and remote attacks against your computer. Without one you are opening a door for hackers. I would like you to download one of these free programs I have listed here for you.
Note: Make sure to only install ONE program, as having more can cause confliction between these programs, which in turn lowers your protection and slows down your computer.

And,

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to avoid downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#7
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
thank you mike! problem has been resolved! ^^
  • 0

#8
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Glad to hear it,

Take care and have a great day still!

Mike
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP