sorry my poor english. I have in my pc with windows 2000 pro this malware. How can i solve this. I've tried with some methods but i can't do it.
this is the actual log oh hijackthis. :
Logfile of HijackThis v1.99.1
Scan saved at 10:01:44, on 07-08-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Paulus.PAULUS_002\Ambiente de trabalho\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\myproxy.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [psjrxdu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [tsedwto] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [pksmiuu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [mkmokiv] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [vhyebtl] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [ygvxhln] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [pchvxlm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Startup: netuse.lnk = C:\netuse.bat
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O4 - Global User Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O16 - DPF: {718B9363-42B9-11D0-BFC7-0002677984CF} (WI_NET Object) - http://www.sulvista....ages/wi_net.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5581E6-1793-41EB-AA34-EA2B073DA482}: NameServer = 194.65.100.117
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programas\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Serviço administrativo de gestão de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido\security suite\ewidoguard.exe
thank's to all
regards
Nuno (Portugal)
Edited by nunorf, 07 August 2005 - 03:53 AM.