Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Programs fail to open, think it's a virus


  • Please log in to reply

#1
thegurukid

thegurukid

    New Member

  • Member
  • Pip
  • 4 posts
What's up guys, I reinstalled my XP and brought all my old programs back...and now I'm having the same problems as I was before. I can't open some programs and when i try to go to certain websites my computer hangs. I used AVG, CWS, adaware and everything...still didn't find a virus. So I'm wondering if you guys can find something from my hijack log.

Edit - The viruses that's popping up in AVG now are called Trojan Horse Dropper Agent, Collected.5.L, and downloader small 21.D. Now my task manager and regedit won't even open.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:03 PM, on 5/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Andre\Application Data\olcd.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\veritas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Ttbl] C:\Documents and Settings\Andre\Application Data\olcd.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.../bridge-c18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115444212827
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/...tsInstaller.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe


Thanks

Edited by thegurukid, 13 May 2005 - 03:53 PM.

  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You have worms man! Haha, you have a worm that needs to be removed, lets get it. Open Hijack This back up and check the boxes next to the following entries.

O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe

O4 - HKCU\..\Run: [Ttbl] C:\Documents and Settings\Andre\Application Data\olcd.exe
/\ Do you know what this is? I don't, and if it was me I'd remove it. /\

Now click the button labeled "Fix Checked" to delete these entries. Now reboot into safe mode, find and delete the following files in bold below.

C:\Windows\System32\veritas.exe

C:\Documents and Settings\Andre\Application Data\olcd.exe<<Get this one too if you don't know what it is. It looks bad and there's no info on it.

Now reboot your computer and post a new log. Let me know how things are goin.

-=jonnyrotten=- :tazz:
  • 0

#3
thegurukid

thegurukid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
^Thanks a lot man, here's the rundown


I can't even open Hijack anymore so I went into safe mode (where i'm typing this from) and did it all, I deleted the veritas files but couldn't even find the others, it's like they don't even exist on my hard drive.

I wish I could show you a new hijack file but just imagine it's the same as before minus the two veritas files. I found the veritas folder in safe mode and also deleted the two files in that.

Any tips on opening hijack in my normal windows? 90% of my programs won't even work.


Again, thanks for the help
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Are you posting this from a different computer? Have you tried to run Hijack This after removing veritas.exe? Try rebooting and posting a new log if possible. Other than that and the other file I don't see anything malicious in there. Try going to my site in my signature and run the panda active scan from there and see if it finds anything.

-=jonnyrotten=- :tazz:
  • 0

#5
thegurukid

thegurukid

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I posted the last reply from safe mode, almost all my programs won't work in normal mode. I deleted the veritas files but I can't run Hijack in normal mode anymore so I can't show a log.

everytime I connect to the internet I get about 6 trojan viruses named dropper agent and downloader small. AVG clears them but they come right back after a reboot.
  • 0

#6
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Try once more for me. Please reboot back into normal mode and do not try to connect to the internet. Now run a scan with Hijack This. I really need to see a scan from normal mode. If you cannot get it to work then try using this older version downloadable from here:

Attached File  HijackThis.zip   178.88KB   151 downloads

Next unzip it and scan in normal mode with it. Reboot and post the log.

-=jonnyrotten=- :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP