Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Please [CLOSED]

Started by Khakiblue13 , Nov 06 2005 12:09 AM

  • This topic is locked This topic is locked

#16
Khakiblue13
Posted 06 November 2005 - 01:11 PM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It opened and there is update and removal button update doesnt work for no programs at all I have try many of times on all kinds of stuff but i have dsl and every time i try to get a update i says not connect to internet but i do be connect of course
  • 0

Advertisements

#17
OwNt
Posted 06 November 2005 - 01:13 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Don't bother updating, there seems to be a problem with that recently, with the update server.
  • 0

#18
Khakiblue13
Posted 07 November 2005 - 12:33 AM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello OwNt

Could not save error was read MAN!!!!!!!!!1 Look like he got me with a good one :tazz:
  • 0

#19
OwNt
Posted 07 November 2005 - 12:42 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Khakiblue13.

Could not save error was read MAN!!!!!!!!!1 Look like he got me with a good one :tazz:

Can you give me the error word for word? Is this still with About:Buster?
  • 0

#20
Khakiblue13
Posted 07 November 2005 - 02:15 PM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
No its not with aboutbuster that opens but I cant update just can use removal. The error ran on C:\WINNT\system32\MSCOMCTL.OCX The error reads, Cannot copy MSCOMCTL 1 There has being a sharing violation The source or detination file may be in use
  • 0

#21
OwNt
Posted 07 November 2005 - 02:50 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Khakiblue13.

Don't update About:Buster.

Continue with my fix without updating it.
  • 0

#22
Khakiblue13
Posted 07 November 2005 - 04:51 PM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have ran aboutbuster and the scan is complete what would you like for me to do now?

Edited by Khakiblue13, 07 November 2005 - 04:53 PM.

  • 0

#23
OwNt
Posted 07 November 2005 - 07:00 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Khakiblue13.

Please post a fresh Hijackthis log so I can see where we are at.

Also, Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#24
Khakiblue13
Posted 07 November 2005 - 08:55 PM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here you go!!!!


KASPERSKY ON-LINE SCANNER REPORT
Monday, November 07, 2005 19:00:17
Operating System: Microsoft Windows 2000 Professional, (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/11/2005
Kaspersky Anti-Virus database records: 158749
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 20077
Number of viruses found: 12
Number of infected objects: 157
Number of suspicious objects: 0
Duration of the scan process: 3864 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Wess Orso\Desktop\hijackthis\backups\backup-20051106-184749-182.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\Documents and Settings\Wess Orso\Desktop\hijackthis\backups\backup-20051106-184749-684.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\Documents and Settings\Wess Orso\Desktop\hijackthis\backups\backup-20051106-193302-480.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\Documents and Settings\Wess Orso\Desktop\hijackthis\backups\backup-20051106-193302-953.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\Documents and Settings\Wess Orso\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/NBA/27 Mar 2005 21:34 from Andrea Woods:Hey Lady.rtf Infected: Virus.VBS.Redlof.l
C:\Documents and Settings\Wess Orso\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Infected: Virus.VBS.Redlof.l
C:\Documents and Settings\Wess Orso\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\1AC39221-994A-4D1B-B683-D407DC\84014C5F-6177-4050-80CF-9D6897 Infected: not-a-virus:AdWare.Win32.AdSquash.a
C:\Documents and Settings\Wess Orso\Local Settings\Temp\1.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\2.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\3.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\4.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\5.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\6.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\7.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\784.tmp Infected: not-virus:Hoax.Win32.SpyWare.a
C:\Documents and Settings\Wess Orso\Local Settings\Temp\785.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\786.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\8.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\9.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\A.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\B.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\C.tmp Infected: Trojan.Win32.Small.ga
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.b
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.b
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.b
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.b
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe Infected: not-a-virus:AdWare.Win32.SurfSide.b
C:\pebuilder\plugin\keyfinderpe\keyfinder.exe/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\pebuilder\plugin\keyfinderpe\keyfinder.exe/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\pebuilder\plugin\keyfinderpe\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a
C:\pebuilder\plugin\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\pebuilder\plugin\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\pebuilder\plugin\VNCServer\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4
C:\Program Files\ESET\infected\ONIG0EBA.NQF/data0001.html Infected: not-a-virus:AdWare.Win32.SearchPage
C:\Program Files\ESET\infected\ONIG0EBA.NQF/data0002.html Infected: not-a-virus:AdWare.Win32.SearchPage
C:\Program Files\ESET\infected\ONIG0EBA.NQF/data0003.html Infected: not-a-virus:AdWare.Win32.SearchPage
C:\Program Files\ESET\infected\ONIG0EBA.NQF/data0004.html Infected: not-a-virus:AdWare.Win32.SearchPage
C:\Program Files\ESET\infected\ONIG0EBA.NQF/data0005.html Infected: not-a-virus:AdWare.Win32.SearchPage
C:\Program Files\ESET\infected\ONIG0EBA.NQF Infected: not-a-virus:AdWare.Win32.SearchPage
C:\WINNT\Active Setup Log.txt:dcxokt:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\adduj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\apiqc.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\appcn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\appib32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\appok32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\appqy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\appss32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\atljb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\atlos32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\atlts32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\atlxu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\atlzd32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\clock.avi:wqpmh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\clock.avi:wqpmhj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\crjv.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\crtn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\crto32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\d3ny32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\FSAVINST.LOG:armub:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\fsavunin.log:zslky:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\fsavunin.log:zslkyg:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\FSISU.log:dspnx:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\FSPCINST.LOG:hthgkm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\FSSCINST.log:zurlno:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\FSSETUP.log:kedxyv:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\FSSGSUP.LOG:cfvcsf:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\fstnbins.LOG:gsunau:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\fwesinst.log:vgohvi:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\GetServer.ini:ytfsdw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\hpoins05.dat:rmxyxg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\iezy.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\javaet32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\javapz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\mfcbi32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\mfcgj.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\mfcpt32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\mks.bat:xymjc:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\msnn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\netet32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\netvi.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\netzd.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\ntey.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\ockodak.log:emuqa:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\popcinfo.dat:btziss:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\Q-Klez.log:hofjw:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\QTFont.for:tujouu:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\REGLOCS.OLD:egnqav:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\RunSetup.log:ohyvcf:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\Santa Fe Stucco.bmp:jqaulk:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\sb_affiliate.ini:iagdyi:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\SchedLgU.Txt:mhnmyn:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\sdkkv32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\sdkoy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\sdkxl.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\setupact.log:trtzou:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\setupapi.log:btziss:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\setupapi.log:figzbx:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\sysal32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\sysep.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\systa.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\system32\addkt32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\addpa32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\addsc.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\apijt.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\apike32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\appit.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\appri32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\appya32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\appyk.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\atlah.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\system32\atlec.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\atlks.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\atlnj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\crby32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\crkn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\cros.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\d3ks.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\d3rz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ieaz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\iedq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\iepb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ierj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ipci.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\iphb.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ipyx.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\javada32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\javaee32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\javapo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\mfccq.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\mfcmo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\mfctt.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\msax32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\msdn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\msql.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\msun.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\netob32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\netuk32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNT\system32\netwl.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ntjo32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\system32\ntki.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ntxz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\ntzi.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sdksr32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sdkuj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sdkyg32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sysfj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sysmm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\sysws.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\winnd.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\system32\winny32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\Temp\nsm2.tmp Infected: not-a-virus:AdWare.Win32.SiteBar.a
C:\WINNT\winvb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINNT\_default.pif:aabquv:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\_default.pif:ifkny:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\_default.pif:lbejqi:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINNT\_default.pif:sbmwoy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINNT\_default.pif:xehuc:$DATA Infected: Trojan-Downloader.Win32.Agent.bc

Scan process completed.
  • 0

#25
OwNt
Posted 07 November 2005 - 11:42 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Khakiblue13.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Wess Orso\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst
C:\Documents and Settings\Wess Orso\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst
C:\Documents and Settings\Wess Orso\Local Settings\Temp\1.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\2.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\3.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\4.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\5.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\6.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\7.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\784.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\785.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\786.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\8.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\9.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\A.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\B.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\C.tmp
C:\Documents and Settings\Wess Orso\Local Settings\Temp\SskUpdater.exe
C:\Program Files\ESET\infected\ONIG0EBA.NQF
C:\WINNT\adduj32.exe
C:\WINNT\apiqc.exe
C:\WINNT\appcn32.exe
C:\WINNT\appib32.exe
C:\WINNT\appok32.exe
C:\WINNT\appqy32.exe
C:\WINNT\appss32.exe
C:\WINNT\atljb32.exe
C:\WINNT\atlos32.exe
C:\WINNT\atlts32.exe
C:\WINNT\atlxu32.exe
C:\WINNT\atlzd32.exe
C:\WINNT\crjv.exe
C:\WINNT\crtn32.exe
C:\WINNT\crto32.exe
C:\WINNT\d3ny32.exe
C:\WINNT\iezy.exe
C:\WINNT\javaet32.dll
C:\WINNT\javapz32.exe
C:\WINNT\mfcbi32.exe
C:\WINNT\mfcgj.exe
C:\WINNT\mfcpt32.exe
C:\WINNT\msnn32.exe
C:\WINNT\netet32.exe
C:\WINNT\netvi.exe
C:\WINNT\netzd.exe
C:\WINNT\ntey.exe
C:\WINNT\sdkkv32.exe
C:\WINNT\sdkoy32.exe
C:\WINNT\sdkxl.exe
C:\WINNT\sysal32.exe
C:\WINNT\sysep.exe
C:\WINNT\systa.dll
C:\WINNT\system32\addkt32.exe
C:\WINNT\system32\addpa32.exe
C:\WINNT\system32\addsc.exe
C:\WINNT\system32\apijt.exe
C:\WINNT\system32\apike32.exe
C:\WINNT\system32\appit.exe
C:\WINNT\system32\appri32.exe
C:\WINNT\system32\appya32.exe
C:\WINNT\system32\appyk.exe
C:\WINNT\system32\atlah.dll
C:\WINNT\system32\atlec.exe
C:\WINNT\system32\atlks.exe
C:\WINNT\system32\atlnj32.exe
C:\WINNT\system32\crby32.exe
C:\WINNT\system32\crkn32.exe
C:\WINNT\system32\cros.exe
C:\WINNT\system32\d3ks.exe
C:\WINNT\system32\d3rz32.exe
C:\WINNT\system32\ieaz32.exe
C:\WINNT\system32\iedq32.exe
C:\WINNT\system32\iepb32.exe
C:\WINNT\system32\ierj32.exe
C:\WINNT\system32\ipci.exe
C:\WINNT\system32\iphb.exe
C:\WINNT\system32\ipyx.exe
C:\WINNT\system32\javada32.exe
C:\WINNT\system32\javaee32.exe
C:\WINNT\system32\javapo32.exe
C:\WINNT\system32\mfccq.exe
C:\WINNT\system32\mfcmo32.exe
C:\WINNT\system32\mfctt.exe
C:\WINNT\system32\msax32.exe
C:\WINNT\system32\msdn32.exe
C:\WINNT\system32\msql.exe
C:\WINNT\system32\msun.exe
C:\WINNT\system32\netob32.exe
C:\WINNT\system32\netuk32.dll
C:\WINNT\system32\netwl.exe
C:\WINNT\system32\ntjo32.exe
C:\WINNT\system32\ntki.exe
C:\WINNT\system32\ntxz32.exe
C:\WINNT\system32\ntzi.exe
C:\WINNT\system32\sdksr32.exe
C:\WINNT\system32\sdkuj32.exe
C:\WINNT\system32\sdkyg32.exe
C:\WINNT\system32\sysfj32.exe
C:\WINNT\system32\sysmm32.exe
C:\WINNT\system32\sysws.exe
C:\WINNT\system32\winnd.exe
C:\WINNT\system32\winny32.exe
C:\WINNT\Temp\nsm2.tmp
C:\WINNT\winvb32.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Also, I still need to see a fresh Hijackthis log.
  • 0

Advertisements

#26
Khakiblue13
Posted 08 November 2005 - 09:58 AM

Khakiblue13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello OwNt

I have done what you ask here is the the log from hijackthis. Also did killboot

Logfile of HijackThis v1.99.1
Scan saved at 8:00:46 AM, on 11/8/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ieaz32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINNT\loadqm.exe
C:\WINNT\system32\ntjo32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINNT\System32\MsiExec.exe
C:\Documents and Settings\Wess Orso\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\ikflf.dll/sp.html#17702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\ikflf.dll/sp.html#17702
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {76EC40FA-EADF-89C0-3B87-C2F732D5F074} - C:\WINNT\systa.dll
O2 - BHO: Class - {827A66FC-DD52-7904-94A6-D6A2E2EDE44E} - C:\WINNT\javaet32.dll
O2 - BHO: Class - {99102F04-E466-D4B0-F57F-883F0DAA5061} - C:\WINNT\system32\netuk32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ntjo32.exe] C:\WINNT\system32\ntjo32.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=west&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BFEED4A-C72C-4C38-820B-29384891E882} - http://www.snap.emcp...tubpack1.10.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\ieaz32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - (no file)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - HP - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

Edited by Khakiblue13, 08 November 2005 - 04:39 PM.

  • 0

#27
OwNt
Posted 08 November 2005 - 07:22 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, Khakiblue13.

This may resemble the previous instructions a little bit, but the infection is still there and well. I have also included the download links if you need to re-download any tool for some reason.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download Cwsserviceremove Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Also unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.

Run the CleanUp! installer. You dont need to do anything with it right now.

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run Cwserviceremove.reg

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#28
OwNt
Posted 21 November 2005 - 11:07 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP