Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ps guard infection (Please) [CLOSED]

Started by nunorf , Aug 07 2005 03:33 AM

  • This topic is locked This topic is locked

#1
nunorf
Posted 07 August 2005 - 03:33 AM

nunorf

    New Member

  • Member
  • Pip
  • 2 posts
hi
sorry my poor english. I have in my pc with windows 2000 pro this malware. How can i solve this. I've tried with some methods but i can't do it.
this is the actual log oh hijackthis. :

Logfile of HijackThis v1.99.1
Scan saved at 10:01:44, on 07-08-2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Paulus.PAULUS_002\Ambiente de trabalho\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\myproxy.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [psjrxdu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [tsedwto] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [pksmiuu] c:\windows\ruumkoj.exe
O4 - HKCU\..\Run: [mkmokiv] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [vhyebtl] c:\windows\mrfeout.exe
O4 - HKCU\..\Run: [ygvxhln] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [pchvxlm] c:\windows\igbsesp.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Startup: netuse.lnk = C:\netuse.bat
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O4 - Global User Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O16 - DPF: {718B9363-42B9-11D0-BFC7-0002677984CF} (WI_NET Object) - http://www.sulvista....ages/wi_net.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5581E6-1793-41EB-AA34-EA2B073DA482}: NameServer = 194.65.100.117
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programas\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Serviço administrativo de gestão de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido\security suite\ewidoguard.exe

thank's to all

regards

Nuno (Portugal)

Edited by nunorf, 07 August 2005 - 03:53 AM.

  • 0

Advertisements

#2
tampabelle
Posted 07 August 2005 - 06:35 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
tampabelle
Posted 16 August 2005 - 09:48 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP