Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/virut, win32/heur, win32/Tanatos.M


  • Please log in to reply

#1
enigma007

enigma007

    New Member

  • Member
  • Pip
  • 1 posts
hey,

few hours/days ago i got a combination of win32/virut, win32/heur, win32/Tanatos.M and a few more which were i hope insignificant, and were deleted right away.so to start of i was on a winxp sp2, using avg 7.5 fully updated, sygate firewall, and a spyware doctor which was disabled at that time.
I copy pasted some driver files, and some .exe files from another machine,it served as a backup, dough that same usb stick i used for that was also in my computer from time to time, while reinstalling the windows, before and after i copy pasted that data onto it.
So basically i think i got all that [bleep] form that other computer, which had it's windows crashed.Ud ask me why did i even put sometin from that machine to my own, well i had to backup some data, as in HAD to, and given the situation, that was the only was to do it.
So what happened is that in the meantime i played quake3, eve online and some other games on it , while it was on(im talking about my own machine), turned on ventrilo, copy pasted some .exe files, random stuff mostly, and after that one restart, none of what i played(used) untill then worked.Basically every exe file taht i had contact with was infected.so i started to scan my computer, found some of the above mentioned viruses, but that wasnt enough.
Even dough i found em, well to say some of em, i think they still did the job,so my taskbar wasnt functional( i even got an info from AVG at one point that taskmenager file somewhere in windows folder was also infected and movec to vault, so at the end i had no taskbar, no games were functional.
that would all be nice, if after switching to my vista on another partition, and installing AVG 8.5 fully updated i didnt find that half of my computer was alrdy infected, not everything, but the big part of it.there was one folder that contained all the programs i usually install to a machine when i istall a fresh windows,and dough i didnt access it at all, it was 70% infected.those exe files i mentioned that i copyed from my documents folder to another partition, for just in case, those were infected also,aswell as ALL the drivers (as in every file) form that other machine was infected.
Now the problematic part was when i tryed to scan the computer, it did finish, but even those files it said it repaired, 50% of em that were small on size, ended up being corrupted, and unusable.
Now ill even cross my fingers on taht and say, oke let all that stuff go to nowhere, but what i want to be shure is that my computer is now clean,and becouse of that ill ask you guys to help me find, what ever is left unhealed, or fixed.
we'll start by a hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:51, on 5/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A747AB4-13F7-4396-A9FE-43D6687DE8F4}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 3712 bytes


anything strange here, also id like to mention, that same winvista im using, after all that scanning, and deleting those files, it seemz to be working a bit slower,while not in games,games work fine but, win operation isnt so fast as usual,i repaired the registry, i mean i checked it and cleaned it with registry mechanic, but im not shure if that's enough.My guess is, that there is sometin still left on it, maybe from before taht is making all the problems
so id like if possible to ask assistance of you to help me find it.

Edited by enigma007, 07 May 2009 - 05:55 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP