Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Serious Help Needed .... Please !


  • Please log in to reply

#1
ecnalav

ecnalav

    Member

  • Member
  • PipPip
  • 78 posts
Hey guys,
im a N00B, but today i got this virus,

clicker.v.6 (katie[1].ru) - Picked up by AVG

I deleted it and carried on as normal, then i had to re-start my computer, as soon as windows loaded, the virus came, again ... so i deleted it again... But this time it had blcoked my inteernet connection... if i unplugged my internet and re-connected i could sign into MSn, for a few second then would be cut again.

So it hought the only option was to format to tottaluy get rid of the problem, so after formatting, re-installing windows, all my drivers, and anti cirus, and firewalls, the virus RETURNS! But this time i can surf the internet, but everytime i re-start, or it comes up, asking me what i want to do with it, Ive tried googling to find a solution, but i cannot find it anywhere on the internet, so ive come to the best! to se if i have any luck at all in getting rid of this virus!

Like i said, im a N00B so talk slowly ....
  • 0

Advertisements


#2
ecnalav

ecnalav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Logfile of HijackThis v1.99.1
Scan saved at 21:55:33, on 05/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\msnger.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ethernet] msnger.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunServices: [ethernet] msnger.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118002794014
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#3
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hi and Welcome,

I will analyzing your log and will have a repsonse shortly. :tazz:

B
  • 0

#4
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hey,

First off, you need to download Windows XP SP1a, please go to this link and download and install the service pack, reboot, and post a new hjt log. :tazz:

http://www.microsoft...p1/default.mspx

B
  • 0

#5
ecnalav

ecnalav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ok i will!

but if this means anything to you please tell me. i found a forum thread on someone with the same problem, and how the fixed it?

here it is ....

Anyone out there know of the Clicker 6 Trojan Horse. I have it on my
computer found by AVG. It is destroyed each time I boot up by AVG but is
there again when I re-boot.

My operating system is XP Pro

I turned off roll back, exposed my hidden files and system files, I have
updated my microsoft spyware program and spybot search and destroy, Adaware
and I also have the latest spyblaster installed and up to date.

I rebooted my computer in safe mode and ran all of these programs, then I
re-ran AVG, it was nowhere to be found by any of them.

I shut down then rebooted as normal to find that Clicker 6 was still on my
computer which was now once again being found by AVG even though I was
congratulated by Spybot on having a clean machine.

I am now at the end of my ideas can anyone who has encountered this Trojan
horse please help.

Thanking you in anticipation

Enigma
David H. Lipman

2005-03-24, 9:15 pm
From: "Enigma" <enigma@fsnet.com.uk>

| Anyone out there know of the Clicker 6 Trojan Horse. I have it on my
| computer found by AVG. It is destroyed each time I boot up by AVG but is
| there again when I re-boot.
|
| My operating system is XP Pro
|
| I turned off roll back, exposed my hidden files and system files, I have
| updated my microsoft spyware program and spybot search and destroy, Adaware
| and I also have the latest spyblaster installed and up to date.
|
| I rebooted my computer in safe mode and ran all of these programs, then I
| re-ran AVG, it was nowhere to be found by any of them.
|
| I shut down then rebooted as normal to find that Clicker 6 was still on my
| computer which was now once again being found by AVG even though I was
| congratulated by Spybot on having a clean machine.
|
| I am now at the end of my ideas can anyone who has encountered this Trojan
| horse please help.
|
| Thanking you in anticipation
|
| Enigma


1) Download the following two items...

Trend Sysclean Package
http://www.trendmicr...ownload/dcs.asp

Latest Trend signature files.
http://www.trendmicr...oad/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt514.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Disable System Restore
http://vil.nai.com/v...eSysRestore.htm
3) Reboot your PC into Safe Mode then shutdown as many applications as possible.
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point

* * Please report back your results * *


--
Dave
http://www.claymania...jan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Enigma

2005-03-26, 6:17 pm
Thank you David, sorry for delay in replying but I have spent many hours
trying to destroy this blighter.

I gave your recomendation a go and repeated it about 6 times in different
ways, I did make sure that the latest database was downloaded along with the
program. I was well impressed and noticed that it runs in dos mode.

Unfortunately Clicker 6.0 Trojan is still with me as Trend Sysclean program,
like all the other well known ones, including the Microsoft Anti Spyware,
does not recognise it. Everything just thinks it is not there. Spybot
actually congratulated me for having a clean machine.

AVG is the only one to pick it up but unfortunateley can kill it but cannot
destroy it as it regenerates on boot up.

HELP I'M STUCK.
David H. Lipman

2005-03-26, 6:17 pm
From: "Enigma" <enigma@fsnet.com.uk>

| Thank you David, sorry for delay in replying but I have spent many hours
| trying to destroy this blighter.
|
| I gave your recomendation a go and repeated it about 6 times in different
| ways, I did make sure that the latest database was downloaded along with the
| program. I was well impressed and noticed that it runs in dos mode.
|
| Unfortunately Clicker 6.0 Trojan is still with me as Trend Sysclean program,
| like all the other well known ones, including the Microsoft Anti Spyware,
| does not recognise it. Everything just thinks it is not there. Spybot
| actually congratulated me for having a clean machine.
|
| AVG is the only one to pick it up but unfortunateley can kill it but cannot
| destroy it as it regenerates on boot up.
|
| HELP I'M STUCK.

The TrendMicro Sysclean runs in a Commnad Prompt , it is NOT DOS.

If you send me email, I will send you information tool. I can't post it publicly due to
licensing.

In addition, AVG must be flagging a specific file as being infected with said Trojan.

Please submit the Isuspect file to Virus Total --
http://www.virustota...h/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

This way we can determine if it is a False Positive or if another tool is more suited to its
erradication.

--
Dave
http://www.claymania...jan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Enigma

2005-03-27, 6:18 pm
Hi David

I sent an email to you in order that you could send me the information tool
but I have received nothig yet.

While I have been waiting I have been extremly busy as follows:

GOOD NEWS

I HAVE SOLVED THE PROBLEM AT LAST.

AVG kept telling me when I booted up that Clicker 6 was detected writing to
c:\windows\system32\inetconnect.dll.

I went to www.ScanSpyware. net who advised me to go into into the registry
and deleted {FD3A6ABA-5527-4B52-90AF-F90CD3270861} which I did. While I was
doing this I deleted all folders that had reference to the file
inetconnect.dll which was the one AVG kept telling me was a Trojan horse 6.
and it was being written to.

I then went into c:\windows\system32 and deleted the file inetconnect.dll. I
then copied an mp3 file into this folder and renamed it inetconnect.dll.

Next I went into the folder using the DOS window (command line) and changed
the file to a protected file unable to be written to by using the command
ATRIB +R INETCONNECT.DLL. This made it impossible for the virus to overwrite
the file and so it could not reproduce.

This may appear a clumsy method but it works. It will do until the virus
gurus learn about it.

Thank you and everyone else for all your help in trying to solve this
problem and may I wish you each and every one all the best. Keep up the good
work, it is a God send.

Erik

2005-03-27, 6:18 pm
Aldus sprak Enigma op 27-3-2005 18:37:
[vbcol=seagreen]
> Hi David
>
> I sent an email to you in order that you could send me the information tool
> but I have received nothig yet.
>
> While I have been waiting I have been extremly busy as follows:
>
> GOOD NEWS
>
> I HAVE SOLVED THE PROBLEM AT LAST.
>
> AVG kept telling me when I booted up that Clicker 6 was detected writing to
> c:\windows\system32\inetconnect.dll.
>
> I went to www.ScanSpyware. net who advised me to go into into the registry
> and deleted {FD3A6ABA-5527-4B52-90AF-F90CD3270861} which I did. While I was
> doing this I deleted all folders that had reference to the file
> inetconnect.dll which was the one AVG kept telling me was a Trojan horse 6.
> and it was being written to.
>
> I then went into c:\windows\system32 and deleted the file inetconnect.dll. I
> then copied an mp3 file into this folder and renamed it inetconnect.dll.
>
> Next I went into the folder using the DOS window (command line) and changed
> the file to a protected file unable to be written to by using the command
> ATRIB +R INETCONNECT.DLL. This made it impossible for the virus to overwrite
> the file and so it could not reproduce.
>
> This may appear a clumsy method but it works. It will do until the virus
> gurus learn about it.
>
> Thank you and everyone else for all your help in trying to solve this
> problem and may I wish you each and every one all the best. Keep up the good
> work, it is a God send.
>[/vbcol]
Good thinking, Enigma!!

Erik.
  • 0

#6
Besttechie

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hi,

Please don't do anything, unless I give instructions to do it. Every log is different, and requires different directions. We will get this cleaned up. :tazz:

B
  • 0

#7
ecnalav

ecnalav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ok heres, the new hjt log, with sp1a....


Logfile of HijackThis v1.99.1
Scan saved at 15:00:53, on 06/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\msnger.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\scvhost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ethernet] msnger.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [ethernet] msnger.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118002794014
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#8
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

hit ctrl-alt-delete then under the processes tab find and stop all instances of the process

scvhost.exe Pay close attention to the spelling so that you don't end svchost
msnger.exe

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


O4 - HKLM\..\Run: [ethernet] msnger.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKLM\..\RunServices: [ethernet] msnger.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] scvhost.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] scvhost.exe


Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\System32\msnger.exe
C:\WINDOWS\System32\scvhost.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#9
ecnalav

ecnalav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OMG - seems to of sorted it, touch wood! Tahnk you so much !

heres my hjt file, now ....


Logfile of HijackThis v1.99.1
Scan saved at 16:43:19, on 06/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118002794014
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#10
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. ;)


We highly recommend installing SP2. Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx
  • 0

#11
ecnalav

ecnalav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
woah im so happy, just installed sp2, just un-installed java,n re-installed sun's java. i allready had mozilla firefox, n about to get all needed updates from microsft update.... thanks guys! only one problem left to sort out now! BSOD!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP