Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected with bunch of malware [RESOLVED]


  • This topic is locked This topic is locked

#1
heat123

heat123

    Member

  • Member
  • PipPipPip
  • 298 posts
Hi system restore, security center, microsoft updates, automatic updates, windows firewall, and can't right click in start menu don't work. I think it is because of malware. Here is hjt log below.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:44 AM, on 8/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1932638080-2660494723-589735443-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3913 bytes
  • 0

Advertisements


#2
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi heat123

Log is clean.

But we can do further research.

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
  • 0

#3
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-17 09:39:05
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----
  • 0

#4
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Have you done any malware scans lately?

If so, please post those scan logs next.
  • 0

#5
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
I deleted my malwarebytes antimalware scan. The first time did full scan found 1 rogue software removed then ran second scan found nothing.
  • 0

#6
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
I see.

Then we attempt to restore those things.

First follow these instructions (Solution for Case 1: ).

Then see here

And tell me if system restore and windows firewall work now,
  • 0

#7
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hi I tryed both of the things for windows firewall and system restore. Neither worked.
  • 0

#8
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Have you done any attempts to fix those issues by yourself before you posted?

Edited by Shaba, 18 August 2008 - 12:33 AM.

  • 0

#9
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Yes I did I tryed to fix the internet and then my isp provider Brighthouse had someone come out and try to fix them and they couldn't. Then I did the microsoft update troubleshooting and that didn't work and had someone help me over the phone and they couldn't fix automatic updates or mirosoft updates. What do you recommend I do?
  • 0

#10
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Easiest way would be repair installation of windows.

Do you have windows CD handy?
  • 0

Advertisements


#11
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
I do but I would rather just re-format. To start from scratch and have no clutter files, malware, and be quicker. If you could give me instrucitons or a link that would be great. Thanks for all your help so far.
  • 0

#12
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
This should be helpful here.
  • 0

#13
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Thanks for this link will do this in about 36 hours. So I will tell you how it went and if I got it fixed in a couple of days. Thanks for all your help so far.
  • 0

#14
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
Hi I tryed reformatting said can not copy file whatever the file name is. Tryed to download the file again but didn't work. So skiped the file but it came up 30 times before I tryed to quit the process. Dell was helping me through all of this and said I need a new hard drive. It says it fails to reboot so push F1 to try fails to reboot and it says push F2 for setup utility for your info. Can you advise me what you recommend. Thanks for all your help so far.
  • 0

#15
heat123

heat123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 298 posts
I reformatted and that worked fine by cleaning off cd. My mouse is not working though. What do you recommend I try? Thanks for all your help so far.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP