Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Message alerts

Started by bbadaboum , Aug 29 2005 05:12 PM

  • This topic is locked This topic is locked

#1
bbadaboum
Posted 29 August 2005 - 05:12 PM

bbadaboum

    New Member

  • Member
  • Pip
  • 3 posts
Message alert sending to wupdate.net and others
Help me. I keep getting these messages althoug I formatted my hard drive twice

Attached Files


  • 0

Advertisements

#2
g2i2r4
Posted 30 August 2005 - 04:37 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:59:46, on 30-08-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\wuamk032.exe
C:\Programas\Softwin\BitDefender8\bdoesrv.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programas\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Programas\Softwin\BitDefender8\bdmcon.exe
C:\Programas\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\msnsmgs.exe
C:\Programas\Softwin\BitDefender8\bdlite.exe
C:\Programas\Messenger\msmsgs.exe
C:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] lmk.exe
O4 - HKLM\..\Run: [Win32 Info] windowsnfo.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programas\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programas\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programas\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programas\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] lmk.exe
O4 - HKLM\..\RunServices: [Win32 Info] windowsnfo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 Info] windowsnfo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Win32 Info] windowsnfo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125424007359
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6ECD904-4FD4-4DF1-AF2E-A0A358FA78BD}: NameServer = 194.65.100.117
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe



EDIT:
Posted the HijackThis log for all to see
  • 0

#3
g2i2r4
Posted 30 August 2005 - 04:48 AM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome bbadaboum to Geeks to Go!

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options"
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

***

Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\System32\wuamk032.exe
C:\WINDOWS\System32\msnsmgs.exe
C:\WINDOWS\System32\lmk.exe
C:\WINDOWS\System32\windowsnfo.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.
Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe

O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] lmk.exe

O4 - HKLM\..\Run: [Win32 Info] windowsnfo.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe

O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] lmk.exe

O4 - HKLM\..\RunServices: [Win32 Info] windowsnfo.exe

O4 - HKCU\..\Run: [Win32 Info] windowsnfo.exe

O4 - HKCU\..\RunServices: [Win32 Info] windowsnfo.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Next, run Ewido again.
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
***

Reboot back to normal mode.

***

Post back in this topic using the button 'add reply' with a fresh HijackThis log and the Ewido log.



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 10 September 2005 - 11:19 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP