Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

beach_pictures_packed.pif


  • Please log in to reply

#16
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Run this antivirus scanner and post the results here.

http://www.pandasoft...n_principal.htm
  • 0

Advertisements


#17
Rubinho

Rubinho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here's the result. Still some infected files....

Incident Status Location

Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050602-153715.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050602-164815.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.bak
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\1.hosts
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\O
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\O.BAT
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\ruben\.jpi_cache\jar\1.0\ar3.jar-5157872c-675b6b2d.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\ruben\.jpi_cache\jar\1.0\ar3.jar-5157872c-675b6b2d.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\ruben\.jpi_cache\jar\1.0\arc.zip-3bf7ea67-66cce157.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\ruben\.jpi_cache\jar\1.0\archive.jar-77052ac7-1d968663.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\ruben\.jpi_cache\jar\1.0\archive.jar-15cf4db0-200975a5.zip[Dummy.class]
Adware:Adware/CWS.Aboutblank No disinfected C:\Recycled\Q330995.exe
  • 0

#18
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\WINDOWS\system32\O.BAT
C:\WINDOWS\system32\cd_clint.dll
C:\Recycled\Q330995.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405


Run the scan again and see if it turns up anything. :tazz:
  • 0

#19
Rubinho

Rubinho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Unfortunately I can't turn off System Restore. Every time I click on the System Restore tab in Control Panel -> System, the system produces an error:


"an exception has occured during the execution of shell32.dll, Control_RunnDLL "C:\windows\system32\sysdm.cpl", System"
  • 0

#20
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Proceed without turning off system restore. :tazz:
  • 0

#21
Rubinho

Rubinho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I apologise for the fact that it's been so long since I last replied, but I've just had two crucial weeks in which I couldn't afford to lose my computer.
I did what you told me, Killbox and another scan.
Here's the result:


Incident Status Location

Adware:Adware/StatBlaster No disinfected C:\WINDOWS\system32\O

Edited by Rubinho, 24 June 2005 - 08:04 AM.

  • 0

#22
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Since it's been so long, I need to see another log, along with what problems you're having. :tazz:
  • 0

#23
Rubinho

Rubinho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Well, at the moment I don't really experience any problems.
Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 16:05:20, on 27-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\IP Insight\ARMon32a.exe
D:\Program Files\Alias\Maya6.5\docs\wrapper.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alias\mentalraysatellite3.4\bin\raysatserver.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.bk.tudelf...141570/internet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.planet.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Planet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = proxy.planet.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program

Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Gelijkwaardige pagina's -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.planet.nl
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing)

-

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP!

Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pdownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{690DDB54-8FF3-4702-8247-6139AF7D7C87

}: NameServer = 192.168.1.1
O17 -

HKLM\System\CS1\Services\Tcpip\..\{690DDB54-8FF3-4702-8247-6139AF7D7C87

}: NameServer = 192.168.1.1
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown

owner - D:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s

"D:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file

missing)
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Inverse IP InSight Client (InverseLaunchIPI) - Inverse

Network Technology - C:\Program Files\IP Insight\LaunchIPI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) -

Unknown owner - D:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s

"D:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RaySat Server (RaySatServer) - Unknown owner -

C:\Program Files\Alias\mentalraysatellite3.4\bin\raysatserver.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
  • 0

#24
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
have you downloaded several new programs? There are new ones on your log and a few I don't recognize.

C:\Program Files\Alias\mentalraysatellite3.4\bin\raysatserver.exe


What is the above?

Please turn off wordwrap and repost. It's difficult for me to read. Thanks. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP