Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removing AVG 6.0


  • Please log in to reply

#1
Cobain_86

Cobain_86

    New Member

  • Member
  • Pip
  • 6 posts
G,Day Reader,

I need help with Removing AVG 6.0 (virus scan) and it keeps popping up screens with Run AVG 6.0 because there is a trojan in my machine. Now, am I crazy to delete it or shall someone tell me how to remove these "trojans"

Cobain_86
  • 0

Advertisements


#2
Samm

Samm

    Trusted Tech

  • Member
  • PipPipPipPipPipPip
  • 3,476 posts
You want to remove the malware not the AV software!
Can you tell me - have you tried letting AVG scan & disinfect the drive to remove the trojans? If so, what happened?

Also, download hijack this from this link :
http://www.majorgeek...wnload3155.html

Close any programs you have running (in particular, internet explorer ones), run hijack this & select the 'system scan & save log file' option.
Copy & paste the contents of the log in here.
  • 0

#3
Cobain_86

Cobain_86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
G,Day

Thanks for getting bk to me so soon!

Now when I run the program - it scans it but I'm on freeware and it won't get rid of the virus'.

I have downloaded Hijack This program that you mentioned - do I run that to get rid of this problem??

Cheers

Cobain
  • 0

#4
Cobain_86

Cobain_86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the Hijack this log file - Tell me what you think??

Cheers
  • 0

#5
Samm

Samm

    Trusted Tech

  • Member
  • PipPipPipPipPipPip
  • 3,476 posts

Here is the Hijack this log file - Tell me what you think??

Cheers

View Post


Where exactly?
  • 0

#6
Cobain_86

Cobain_86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My attachment won't go on. It says that I can't paste it there from that location. Where can I do it - Ive done it from the desktop, My Documents.

Cobain
  • 0

#7
Samm

Samm

    Trusted Tech

  • Member
  • PipPipPipPipPipPip
  • 3,476 posts
When you run HJT, there should be 2 windows - the main one and a second one that just contains text. You should be able to copy & paste from the text one.
If not, open the folder where hijack this is saved to, and look for a file called hijackthis.log.
Rename it hijackthis.txt & attach it to a post.
  • 0

#8
Cobain_86

Cobain_86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry - I should have thought of this myself!

here it is below - tell me what you think??

Cobain


Logfile of HijackThis v1.99.1
Scan saved at 6:11:41 PM, on 5/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpcheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\udpcheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [tcp checker] tcpcheck.exe
O4 - HKLM\..\RunServices: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tcp checker] tcpcheck.exe
O4 - HKCU\..\RunServices: [tcp checker] tcpcheck.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm88544AU
O8 - Extra context menu item: Add banner url(s) to AdsCleaner - C:\Program Files\AdsCleaner Trial\System\Scripts\off_banner.htm
O8 - Extra context menu item: Add selected links to Link Container - C:\Program Files\AdsCleaner Trial\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Bookmark all links in AdsCleaner - C:\Program Files\AdsCleaner Trial\System\Scripts\off_all.htm
O8 - Extra context menu item: Bookmark selected link(s) in AdsCleaner - C:\Program Files\AdsCleaner Trial\System\Scripts\off_sel.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open all links in new windows - C:\Program Files\AdsCleaner Trial\System\Scripts\off_open_all.htm
O8 - Extra context menu item: Open selected link(s) in new windows - C:\Program Files\AdsCleaner Trial\System\Scripts\off_open_sel.htm
O8 - Extra context menu item: Say to AdsCleaner Team about banner - C:\Program Files\AdsCleaner Trial\System\Scripts\off_report_ad.htm
O8 - Extra context menu item: Show domain links - C:\Program Files\AdsCleaner Trial\System\Scripts\off_domain_links.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au
O16 - DPF: ConferenceRoom Java Client - http://chat.bigpond.com/java/cr.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6AA93DF6-6757-4338-9087-F7601DE18402} - http://akamai.downlo...ICE_1040_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ice_4_EN_XP.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4139BB73-A965-45AD-BC85-B66955975F96}: NameServer = 203.2.75.132 198.142.0.51
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Brought to you by the Bandwidth Bandits - C:\WINDOWS\SYSTEM32\tcpcheck.exe
  • 0

#9
Samm

Samm

    Trusted Tech

  • Member
  • PipPipPipPipPipPip
  • 3,476 posts
Oh dear!
You are riddled with the vbbot-B trojan.
You also have Media Access Adware & the mywebsearch hijacker on your system.
Theres one or two other entries there I'm highly dubious about but would need more info before being able to say for sure.

I also think that the Ads Cleaner software is a complete waste of space.

I could probably sort this lot out for you but there's people on this site more qualified at this than I am. What you should really do is jump to the 'Malware removal - hijack logs go here' section in G2G, start a new thread in there & paste your log into it.

They specialise in removing malware like this, so you will be in good hands.

If you have any problems at all, just let me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP