Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

This is probably the biggest challenge ever!

Started by daniej1 , Jun 20 2005 11:39 AM

  • Please log in to reply

#1
daniej1
Posted 20 June 2005 - 11:39 AM

daniej1

    New Member

  • Member
  • Pip
  • 1 posts
Where do I start with my problem? Ok, I installed some software which infected me. My internet runs really slow with constant egg timers meaning browsing the internet is a nightmare! A lot of text is highlighted with links to a search engine that is useless! I have 3 items in my add/remove called 'Search Assistant', 'Shopping Wizard' and 'Offer Optimizer'. These can't be deleted at all! When I try to uninstall them I am taken to a www.buckstoolbar.com website with no information on it. My AVG antivirus is picking up endless virus warnings. Ad-aware, Spybot, Spy Ferret can't delete any Spyware, when I run them again after deleting, their still there. My hijackthis log is:

Logfile of HijackThis v1.99.1
Scan saved at 18:21:34, on 20/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ntlw.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jon Daniels\My Documents\Various Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe


I am getting constant popups coming from the internet temps folder.

My virus vault log file:

;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\ieni32.dll";"20/06/2005 17:52:54";"ieni32.dll";"122 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\ntlw.exe";"20/06/2005 17:52:57";"ntlw.exe";"16.24 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\zdqax.dll";"14/06/2005 18:35:43";"zdqax.dll";"65 KB"
;"";"Trojan horse Downloader.Agent.HE";"C:\WINDOWS\apigm.dll";"20/06/2005 17:53:37";"apigm.dll";"75.1 KB"
;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\system32\mscx32.dll";"20/06/2005 17:55:48";"mscx32.dll";"122 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addcg32.dll";"20/06/2005 17:56:12";"addcg32.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HE";"C:\WINDOWS\adddi.dll";"20/06/2005 17:56:37";"adddi.dll";"75.1 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addqn.dll";"20/06/2005 17:56:50";"addqn.dll";"110.27 KB"
;"";"Trojan horse Downloader.Agent.HV";"C:\WINDOWS\addrb32.exe";"20/06/2005 17:57:04";"addrb32.exe";"11 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addrj32.dll";"20/06/2005 17:57:06";"addrj32.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\appej32.dll";"20/06/2005 17:58:03";"appej32.dll";"122 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\xrnyh.dll";"15/06/2005 08:02:45";"xrnyh.dll";"65 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\crce.dll";"20/06/2005 18:00:33";"crce.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\crcy.exe";"20/06/2005 18:00:35";"crcy.exe";"16 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\crhx32.exe";"20/06/2005 18:00:37";"crhx32.exe";"16.89 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\crkz.dll";"20/06/2005 18:00:38";"crkz.dll";"110 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\pcexe.dll";"14/06/2005 18:51:49";"pcexe.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\pcexe.dll";"14/06/2005 18:53:13";"pcexe.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\mhins.dll";"14/06/2005 18:55:50";"mhins.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\ihhfs.dll";"13/06/2005 19:51:48";"ihhfs.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\cqvwn.dll";"14/06/2005 22:13:28";"cqvwn.dll";"65 KB"


Ad-Aware list of critical objects:

Ad-Aware SE Scanning Result, 20-06-2005 18:39:06
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Name Type Category Object Comment
CoolWebSearch Regkey Malware HKEY_CLASSES_ROOT:clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\
Tracking Cookie IECache Entry Data Miner Cookie:jon [email protected]/ Hits:4
CoolWebSearch File Malware C:\WINDOWS\ktkfl.txt
CoolWebSearch File Malware C:\WINDOWS\system32\cyrmj.log
CoolWebSearch File Malware C:\WINDOWS\system32\hdxry.txt
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Only sex website.url Problematic URL discovered: http://www.onlysex.ws/
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Search the web.url Problematic URL discovered: http://www.lookfor.cc/
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Seven days of free [bleep].url Problematic URL discovered: http://www.7days.ws/
CoolWebSearch Regkey Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\urlsearchhooks\
CoolWebSearch RegValue Malware HKEY_LOCAL_MACHINE:software\microsoft "set"
CoolWebSearch RegValue Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\main "Use Search Asst"
CoolWebSearch RegData Malware HKEY_CURRENT_USER:software\microsoft\internet explorer\main"Use Search Asst" (no)
CoolWebSearch RegData Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\main"Use Search Asst" (no)
CoolWebSearch File Malware C:\WINDOWS\system32\wbem\logs\wbemess.log

Someone please help!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP