Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS PROBLEM


  • Please log in to reply

#1
judy74

judy74

    New Member

  • Member
  • Pip
  • 9 posts
Help im running on windows xp and my virus software avg picked up these viruses
downloader.small.16.ab and deleted then it found dialer.11.bu and put intop quartine
but now i cant get into my msn keeps trying to sign in but cant also when i try to sign in via messenger it says password incorrect
also tried to access help via hotmail but it keep directing me to and error page server not there?

can anyone please help thanks
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Could you post a HijackThis log?
http://home.planet.n...xplanation.html

Regards,

Pieter
  • 0

#3
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
logfile of hijackthis v1.99.0
platform:windows xp sp2(winNT 5.01.2600)
MSIE:INTERNET EXPLORER v6.00 sp2 (6.00.2900.2180)
running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGIN.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGUPSVC.EXE
C:\WINDOWS\SYSTEM32\SLSERV.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM32\LVCOMS.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\RASBIN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W1UV8XQB\HIJACKTHIS[1].EXE

R1 - HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN,SEARCH BAR=HTTP://G.MSN.COM/0SEENUS/SAOS01
02-BHO:ACROIEH1PROBJ CLASS-{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}-
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHE1PER.DLL
O2-BHO: (NO NAME)-{53707962-6F74-2D53-2644-206D7942484F}-
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4-HKLM\..\RUN:[AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE\STARTUP
O4-HKLM\..\RUN:[AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4-HKLM\..\RUN:[REALTRAY} C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXESYSTEMBOOTHIDEPLAYER
O4-HKLM\..\RUN: [LOGITECHVIDEOREPAIR] C:\PROGRAMFILES\LOGITECH\VIDEO\ISSRART.EXE
O4-HKLM\..\RUN:[LOGITECHVIDEOTRAY] C:\PROGRAMFILES\LOGITECH\VIDEO\LOGITECH.EXE
O4-HKCU\..\RUN:[MSNMSGR]"C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE"/BACKGROUND
O4-GLOBAL STARTUP: DSLMON.1NK=C:PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DS1MON.EXE
O9-EXTRA BUTTON:REAL.COM-{CD67F990-D8E9-11D2-98FE-00C04F795683}-
C:WINDOWS\SYSTEM32\SHDOCVW.D11
O9-EXTRA BUTTON:MESSENGER-{FB5F1910-F110-11D2-BB9E-00C04F795683}-C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O9-EXTRA`TOOLS` MENUITEM: WINDOWS MESSENGER-{FB5F1910-F110-11D2-BB9E-00C04F795683}-C\PROGRAM FILES\MESSENGER\MSMSGS.EXE
O16-DPF:{4F1E5B1A-2A80-42CA-8532-2DO5CB959537}(MSN PHOTO UPLOAD TOOL)-
HTTP://GROUPS.MSN.COM/CONTROLS/PHOTOUC/MSNPUPLD.CAB
O16-DPF:{88D758A3-D33B-45FD-91E3-67749B4057FA}(SINSTALLER CLASS)-
HTTP://DM.SCREENSAVERS.COM/DM/INSTALLERS/SI/1/SINSTALLER.CAB
O16-DPF:{9522B3FB-7A2B-4646-8AF6=36E7F593073C}(CPBRKPIE CONTROL)
HTTP://A19.G.AKAMAI.NET/7/19/7125/4047/FTP...23/CPBRKPIE.CAB
O16-DPF:{A7EA8AD2-287F-11D3-B120-006008C39542}(CBSTIEPRINT CLASS)
HTTP://.E-CENTIVES.COM/CIFDOWNLOAD/BIN/ACTXCAB.CAB
O16-DPF:{C3DFA998-A486-11D4-AA25-00C04F72DAEB}(MSN PHOTO UPLOAD TOOL)-
HTTP://SC.GROUPS.MSN.COM/CONTROLS/PHOTOUC/MSNPUP1D.CAB
O16-DPF:{F58E1CEF-AO68-4C15-BA5E-587CAF3EE8C6}(MSN CHAT CONTROL 4.5)-
HTTP://CHAT.MSN.COM.BIN/MSNCHAT45.CAB
O17-HKLM\SYSTEM\CCS\SERVICES\TCPIP\..\{60DDE180-27FA-46A3-85E5-8F7ABAB06DAE}:
NAMESERVER=80.225.252.186. 80.225.252.178
O23-SERVICE:AVG7 ALERT MANAGER SERVER-GRISOFT,S.R.O-C:/PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O23-SERVICE:AVG7 UPDATE SERVICE-GRISOFT,S.R.O.-C:\PROGRA~1\GRISOFT\AGFRE~1\AVGUPSVC.EXE
O23-SERVICE:SMARTLINKSSERVICE-UNKNOWN-S1SERV.EXE(FILE MISSING)

THATS ALL THE DATA THAT I GOT THANKS FOR HELPINGX
  • 0

#4
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
also unable to system restore it says system restore wont work and to try again on diferent dates but always get same result
  • 0

#5
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.0
Scan saved at 16:50:57, on 09/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rasbin\Local Settings\Temporary Internet Files\Content.IE5\W1UV8XQB\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DDE180-27FA-46A3-85E5-8F7ABAB06DAE}: NameServer = 80.225.252.186 80.225.252.178
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

can someone help now system restore refuses to work says incomplete restoration :tazz:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you get the files AVG quaraintined out of there?

Or at least let me know what they were called.

Regards,

Pieter
  • 0

#7
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i quarintined then deleted them they were called saristar.dll dialler.11.bu
downloader.small.16.ab

after i deleted them i ran several virus scans adaware ,spybot,avg etc and no sign of any more keep getting pop ups from avenue 11 i think spybot says its a known threat?

i even tried system restore but it says restoration incomplete
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I need the filenames, not the descriptions.

I am thinking something was removed that shouldn't have been. So I would like to know what exactly was done.

Regards,

Pieter
  • 0

#9
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
msn was not working before i deleted the files
how can i find out the file names????????
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I'm not familiar with AVG but I would imagine there is some sort of log where you can find that information?

Regards,

Pieter
  • 0

#11
judy74

judy74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
right ive found them
the 1st 3 start with
c:\documents and settings\rasbin\local settings\temporary internet files\content.
then IE5\d4wv5955\221131\[1].exe

IE5\d4wv59s5\240251[1].exe

IE5\lw78qodo\240503[1].exe

c:\windows\system32\saristar.dll
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good job. :tazz:

Click Start > Run > Type or copy&paste sfc /scannow > OK

Windows will start checking if all the system files are present and if they are the correct version.
Should it find anything out of the order it will prompt you fior the Windows CD.
If you have it insert it. If you don';t, let us know which files need to be refreshed.

Regards,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP