Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another WinAntiSpyware Infection


  • Please log in to reply

#1
kopema

kopema

    New Member

  • Member
  • Pip
  • 3 posts
I have the dreaded WinAntiSpyware trojan on my computer, and it keeps re-installing when I try to delete it. Sorry I couldn't figure out what to do by looking at other threads.

I suspect the problem lies in the BHO C:\WINDOWS\repair\vgaanti.dll and the Winlogon Notify: vgaanti - C:\WINDOWS\repair\vgaanti.dll I have tried to delete the BHO using Hijackthis and Cleanup, but it keeps re-installing itself. Please advise.

I will post my HijakThis log as a reply to this message.


P.S. I would appreciate it if someone could give me the home or office address of the fine people who work for the WinAntiSpyware company. They have really helped me understand the virus problems facing computer users today. Sure, anyone can SAY there's a problem, but to demonstrate it like this and offer me an opportunity to pay them to help the problem go away at the same time is a great convenience to me. Anyway, I'd love to return the favor by offering to sell them a bodily injury prevention program I'm sure they will come to be very interested in.
  • 0

Advertisements


#2
kopema

kopema

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 AM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weather.yahoo...t/USMO0787.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\vgaanti.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O20 - Winlogon Notify: vgaanti - C:\WINDOWS\repair\vgaanti.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#3
kopema

kopema

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Never mind. I resolved it using the procedure you guys recommended to several other people, then plugging in the randomized file name in my virus and reversing the letters in the second instance. It took a few tries because some of the examples you used had different numbers of characters than the one in my case, so I didn't see the pattern you were using.

Wouldn't it be a lot easier to just post a generic explanation of the solution to problems like this, or better yet just provide a link to where you get them, rather than putting out individualized responses to every question?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP