Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help needed to remove G.O.D Saikoboy's virus

Started by akhemanth , May 20 2008 10:26 AM

  • Please log in to reply

#1
akhemanth
Posted 20 May 2008 - 10:26 AM

akhemanth

    New Member

  • Member
  • Pip
  • 1 posts
My IE browser title is displaying as G.O.D Saikoboy's, Registry editor has disabled as well as task manager too. Then i read a topic in this forum and used combofix.exe application. Then everything went ok.

Please suggest me how to make the bad entries to get permanently removed from my machine. Here is the log created by combofix tool:



ComboFix 08-05-15.3 - Radhika Padmini 2008-05-19 22:46:43.1 - NTFSx86
Running from: C:\Documents and Settings\Radhika Padmini\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 22:46 . 2008-05-19 22:46 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-18 14:10 . 2008-05-18 14:10 <DIR> d--hs---- C:\CONFIG
2008-05-17 18:09 . 2008-05-17 18:09 <DIR> d-------- C:\Documents and Settings\Radhika Padmini\Application Data\Media Player Classic
2008-04-19 17:25 . 2008-04-19 17:25 <DIR> d--hs---- C:\found.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 16:08 --------- d-----w C:\Documents and Settings\Radhika Padmini\Application Data\Broadband
2008-05-11 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-04-29 10:48 --------- d-----w C:\Program Files\Sify Broadband
2008-04-22 10:17 --------- d-----w C:\Documents and Settings\Radhika Padmini\Application Data\Vso
2008-04-07 13:57 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
2008-04-07 13:41 --------- d-----w C:\Program Files\Real Alternative
2008-04-07 13:41 --------- d-----w C:\Program Files\Media Player Classic
2008-04-07 13:40 --------- d-----w C:\Program Files\Common Files\Real
2008-04-07 06:24 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 15:53 --------- d-----w C:\Documents and Settings\Radhika Padmini\Application Data\Skype
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-24 10:12 372736 C:\WINDOWS\system32\nwiz.exe]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-06-18 11:55 45056 C:\WINDOWS\system32\NVATray.exe]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 155648]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 05:56 249896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 02:48 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Radhika Padmini\Start Menu\Programs\Startup\
˙.lnk - C:\CONFIG\svchost.exe [2008-05-18 14:10:36 215523]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"= present2
"winlogon"= C:\CONFIG\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
--a------ 2003-09-29 15:53 607232 C:\PROGRA~1\SPEEDO~1\SPO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\j2sdk_nb\\j2sdk1.4.2\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\j2sdk_nb\\j2sdk1.4.2\\bin\\javaw.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-07-08 00:24]
S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 11:10]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 11:10]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 11:10]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 11:10]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 11:10]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2006-02-19 17:47]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2006-02-19 17:47]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2006-02-19 17:47]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2006-02-19 17:48]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2006-02-19 17:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065e380e-24b6-11dd-9177-00e04c03529a}]
\Shell\Auto\command - H:\TunerSetup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af7546aa-6353-11dc-8f02-00e04c03529a}]
\Shell\Auto\command - recycled\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 22:50:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-05-19 22:54:19
ComboFix-quarantined-files.txt 2008-05-19 17:24:14

Pre-Run: 4,544,667,648 bytes free
Post-Run: 5,130,518,528 bytes free

125 --- E O F --- 2008-05-17 17:02:01
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP