Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora and/or other nasty stuff[CLOSED]


  • This topic is locked This topic is locked

#31
athena0419

athena0419

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello.
I have another question before I proceed with your instructions. I looked at my Firewall Internet applications and I noticed that the file SVCHOST.EXE has full access to the internet. Is this related to O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rkmmar.exe? And is that why the problem couldn't be fixed?

I also noticed that the file RUNDLL32.EXE has full access to the internet. I was just wondering if it had anything to do with my problem. I've blocked both of these files access to the internet. But I can give them access again if it doesn't make a difference.
  • 0

Advertisements


#32
athena0419

athena0419

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
File C:\WINDOWS\system32\prhhepb.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nuppo.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\rkmmar.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\cmrrxcq.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\rkmmar.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dipp.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\20007.exe.tcf infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EDow_AS2.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGDACCESS.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\EGDACCESS_1058.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\GSMedia3.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nuppo.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\prhhepb.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\qkbbg.dat infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tool5-fran-two.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\!Submit\dipp.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\EGDACCESS.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\!Submit\EGDACCESS_1058.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\!Submit\exp.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\!Submit\nsl95.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\!Submit\nuppo.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\pacis.exe infected by "not-a-virus:AdWare.Pacer.a" Virus. Action Taken: No Action Taken.
File C:\!Submit\Pop2.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\!Submit\qkbbg.dat infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\rkmmar.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\thin-94-1-x-x.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\!Submit\wintask.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comp02.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dipp.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Athena Reyes\Desktop\HijackThis\backups\backup-20050509-211007-244.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Athena Reyes\Desktop\HijackThis\backups\backup-20050510-161439-910.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Dell\Media Experience\Extension\WTGames\InstallWT.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\Program Files\FwBarTemp\searchbar.exe.tcf infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006796.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006797.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006804.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006832.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006833.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006834.exe infected by "Trojan-Dropper.Win32.Small.wc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006835.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006836.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006839.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0006840.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0006924.exe infected by "not-a-virus:AdWare.NaviPromo.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\20007.exe.tcf infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\EDow_AS2.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\EGDACCESS.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\EGDACCESS_1058.dll infected by "not-a-virus:[bleep]-Dialer.Win32.InstantAccess" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\GSMedia3.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\installer_MARKETING18.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\nuppo.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\prhhepb.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\qkbbg.dat infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\tool5-fran-two.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\wrapperouter.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
  • 0

#33
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Athena,

Awesome. The junk you have on your computer. It is scary.

We will have to start from the beginning and this will be very time consuming for you but it has to be done. Be patient and follow directions closely and ask all the questions you want. We will get this thing clean.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Hi Elle S,

After looking over your log, it is apparent that your system is in quite a bit of trouble. There are numerous virus, malware carrying programs and a lot of overall bad things that would ruin your surfing experience.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1) Please download CWShredder. Download the stand alone version which is free

.Check for Update
.Click Fix.
.Exit CWShredder.
.REBOOT your system


2) I want you to run both of the following FREE online antivirus scanners, making sure that you choose to do a "complete scan" and letting the program fix everything it finds. It is also necessary to REBOOT your system after running each program.

TrendMicro Free Virus Scanner and Panda Software Online Virus Scanner.

3) I need you to download and run a free trial version of an anti-trojan program called Trojan Hunter: Trojan Hunter . Let it scan your whole system and remove anything it finds.

REBOOT
your system.

4) I want you to download the most current versionof Ad-Aware and Spybot Search and Destroy, install, configure, update and run them according to the instructions provided in the link at the bottom of my post (in my signature panel)

Remember, it is important that you REBOOT your system after having run each one

5) Finally, with all windows closed except for HJT, run HijackThis, click on SCAN, then on Save Log and POST log back into this thread.

I know how time consuming all of this is but we have no choice if we hope to clean up your system.

Regards,

Trevuren

  • 0

#34
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP