Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ps guard infection (Please) [CLOSED]


  • This topic is locked This topic is locked

#1
nunorf

nunorf

    New Member

  • Member
  • Pip
  • 2 posts
hi
sorry my poor english. I have in my pc with windows 2000 pro this malware. How can i solve this. I've tried with some methods but i can't do it.
this is the actual log oh hijackthis. :

Logfile of HijackThis v1.99.1
Scan saved at 10:01:44, on 07-08-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Paulus.PAULUS_002\Ambiente de trabalho\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\myproxy.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [psjrxdu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [tsedwto] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [pksmiuu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [mkmokiv] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [vhyebtl] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [ygvxhln] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [pchvxlm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Startup: netuse.lnk = C:\netuse.bat
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O4 - Global User Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O16 - DPF: {718B9363-42B9-11D0-BFC7-0002677984CF} (WI_NET Object) - http://www.sulvista....ages/wi_net.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5581E6-1793-41EB-AA34-EA2B073DA482}: NameServer = 194.65.100.117
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programas\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Serviço administrativo de gestão de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido\security suite\ewidoguard.exe

thank's to all

regards

Nuno (Portugal)

Edited by nunorf, 07 August 2005 - 03:53 AM.

  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP