Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help with virus/trojan [CLOSED]

Started by Goddel2 , Dec 13 2005 05:46 PM

  • This topic is locked This topic is locked

#1
Goddel2
Posted 13 December 2005 - 05:46 PM

Goddel2

    New Member

  • Member
  • Pip
  • 5 posts
Well I was sent a file from a not so smart friend, and now my limewire keeps reloading after i close it. I cant open task manager, i get no response from Ctrl Alt Delete, and i switched to classic style and still no difference in clicking task manager. I am on windows xp and was told that this was some type of win32.p2p worm but im not sure which since there about 1000 with their own first and last name...

Any help would be appreciated,
Here's HiJackThis Log File thought it might help. Tthe only things running at the time were AIM, Azureus, and LimeWire Ofcourse....

Logfile of HijackThis v1.99.1
Scan saved at 7:01:26 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



EDIT- Just got a java error today which definately has to do with the trojan/virus reacting to me uninstalling LimeWire

LimeWire version 4.8.1
Java version 1.5.0_06 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 3401376/4128768

com.limegroup.gnutella.gui.GUILoader$StartupFailedException: invalid update.ver
at com.limegroup.gnutella.gui.GUILoader.sanityCheck(GUILoader.java:277)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:43)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:31)

STARTUP ERROR!

-- listing properties --
FILTER_HASH_QUERIES=true
APP_HEIGHT=824
DIRECTORIES_TO_SEARCH_FOR_FILES=C:\Documents and Settings\Elido Ruiz\...
FRACTIONAL_UPTIME=0.010705635
LAST_EXPIRE_TIME=1133876900953
SESSIONS=48
DIRECTORY_FOR_SAVING_FILES=C:\Documents and Settings\Elido Ruiz\...
RUN_ONCE=true
COUNTRY=
SHOW_TOTD=false
CLIENT_ID=CD23491B4AB4C5861FA3D8A034075F00
LAST_SHUTDOWN_TIME=1134521160187
EVER_ACCEPTED_INCOMING=true
IGNORE_ALL_BUGS=true
EVER_SUPERNODE_CAPABLE=true
MAX_UPLOAD_BYTES_PER_SEC=47
TOTAL_UPTIME=280425
AVERAGE_UPTIME=5966
UNSET_FIREWALLED_FROM_CONNECTBACK=true
FLUSH_DELAY_TIME=256
APP_WIDTH=1152
INSTALLED=true
MAX_SIM_DOWNLOAD=8
FORCED_IP_ADDRESS_STRING=69.203.195.175
LAST_GWEBCACHE_FETCH_TIME=1134513482921
UPDATE_DELAY=252000020
WINDOW_Y=-4
CONNECTION_SPEED=350
MAX_DOWNLOAD_BYTES_PER_SEC=109
WINDOW_X=-4



FILES IN CURRENT DIRECTORY:
C:\Program Files\LimeWire\clink.jar
LAST MODIFIED: 1119491067046
SIZE: 627752

C:\Program Files\LimeWire\commons-httpclient.jar
LAST MODIFIED: 1119491067108
SIZE: 463786

C:\Program Files\LimeWire\commons-logging.jar
LAST MODIFIED: 1119491067139
SIZE: 59154

C:\Program Files\LimeWire\daap.jar
LAST MODIFIED: 1119491067171
SIZE: 310773

C:\Program Files\LimeWire\GenericWindowsUtils.dll
LAST MODIFIED: 1110397777750
SIZE: 12279

C:\Program Files\LimeWire\i18n.jar
LAST MODIFIED: 1119491067202
SIZE: 25678

C:\Program Files\LimeWire\icu4j.jar
LAST MODIFIED: 1119491067249
SIZE: 741440

C:\Program Files\LimeWire\id3v2.jar
LAST MODIFIED: 1119491067296
SIZE: 94430

C:\Program Files\LimeWire\jcraft.jar
LAST MODIFIED: 1119491067311
SIZE: 135834

C:\Program Files\LimeWire\jl011.jar
LAST MODIFIED: 1119491067358
SIZE: 255016

C:\Program Files\LimeWire\jmdns.jar
LAST MODIFIED: 1119491067374
SIZE: 69306

C:\Program Files\LimeWire\LimeWire.exe
LAST MODIFIED: 1110397778015
SIZE: 81920

C:\Program Files\LimeWire\LimeWire.jar
LAST MODIFIED: 1119491066780
SIZE: 5262588

C:\Program Files\LimeWire\LimeWire20.dll
LAST MODIFIED: 1110397777828
SIZE: 32768

C:\Program Files\LimeWire\logicrypto.jar
LAST MODIFIED: 1119491067405
SIZE: 227510

C:\Program Files\LimeWire\looks.jar
LAST MODIFIED: 1119491067467
SIZE: 630634

C:\Program Files\LimeWire\MessagesBundles.jar
LAST MODIFIED: 1119491066842
SIZE: 2057292

C:\Program Files\LimeWire\mp3sp14.jar
LAST MODIFIED: 1119491067514
SIZE: 40064

C:\Program Files\LimeWire\ProgressTabs.jar
LAST MODIFIED: 1119491066983
SIZE: 5964

C:\Program Files\LimeWire\themes.jar
LAST MODIFIED: 1119491067530
SIZE: 193884

C:\Program Files\LimeWire\tritonus.jar
LAST MODIFIED: 1119491067546
SIZE: 152711

C:\Program Files\LimeWire\vorbis.jar
LAST MODIFIED: 1119491067561
SIZE: 27215

C:\Program Files\LimeWire\WindowsV5PlusUtils.dll
LAST MODIFIED: 1110397777890
SIZE: 12808

C:\Program Files\LimeWire\xerces.jar
LAST MODIFIED: 1119491067967
SIZE: 2147687

C:\Program Files\LimeWire\xml-apis.jar
LAST MODIFIED: 1119491068233
SIZE: 207655

Edited by Goddel2, 17 December 2005 - 02:27 AM.

  • 0

Advertisements

#2
Armodeluxe
Posted 17 December 2005 - 09:43 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Goddel2,

First of all you should put HijackThis in a folder so that it can save its backups if needed. Please create a new folder under your C:\ drive and move HijackThis into that folder.

Download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

[Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon. When you click that icon, a little window will open that says: 'Please enter the full URL to the script you want to execute'
In the field, copy and paste next URL:

http://metallica.gee.../p2pnetwork.bfu

Press execute and let it do it’s job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program. Reboot when done.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post back to this topic using the add reply button with a fresh HijackThis log and Kaspersky results.
  • 0

#3
Goddel2
Posted 17 December 2005 - 12:34 PM

Goddel2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
KasperSky Results
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 17, 2005 13:30:06
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/12/2005
Kaspersky Anti-Virus database records: 165661
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
M:\

Scan Statistics:
Total number of scanned objects: 66154
Number of viruses found: 14
Number of infected objects: 191
Number of suspicious objects: 0
Duration of the scan process: 3816 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26316054-52fa1bb1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26316054-52fa1bb1.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26316054-52fa1bb1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26316054-52fa1bb1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-26316054-52fa1bb1.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4eac7c5d.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-4eac7c5d.zip Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-7737fe5a.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-7737fe5a.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-7737fe5a.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-7737fe5a.zip Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Elido Ruiz\Complete\32bit Service Monitor 9.84.01.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\32bit Service Monitor 9.84.01.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ace Utilities 3.0.0.4038.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ace Utilities 3.0.0.4038.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Acoustica MP3 CD Burner 4.01.115.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Acoustica MP3 CD Burner 4.01.115.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Adobe Photoshop 7.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Adobe Photoshop 7.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Aeon Flux (2005).zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Aeon Flux (2005).zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Age of Empires III.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Age of Empires III.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ahead DVD Ripper Standard Edition 1.3.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ahead DVD Ripper Standard Edition 1.3.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ahead Nero 7 Premium Huge PlugIns Pack.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ahead Nero 7 Premium Huge PlugIns Pack.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Arial Audio Converter 2.3.16.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Arial Audio Converter 2.3.16.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Audio Edit Magic 7.5.9.675.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Aurora Media Workshop 2.5.5.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Aurora Media Workshop 2.5.5.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Avast! Professional 4.6.731.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Avast! Professional 4.6.731.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Blink 182 - All The Small Things Video.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Blink 182 - All The Small Things Video.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Borland Developer Studio 2006.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Borland Developer Studio 2006.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Britannica 2006 Encyclopaedia Ultimate.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Britannica 2006 Encyclopaedia Ultimate.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Chicken Little.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Chicken Little.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Civilization 4.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Civilization 4.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Civilization IV.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Civilization IV.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Corel Painter 9.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Corel Painter 9.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\CorelDRAW Graphics Suite 12.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\CorelDRAW Graphics Suite 12.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Darwinia.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Darwinia.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Droppix Recorder iSO PowerPack 1.6.3.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Droppix Recorder iSO PowerPack 1.6.3.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\DVD2one 2.0.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\DVD2one 2.0.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\DVDFab Platinum 2.9.6.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\DVDFab Platinum 2.9.6.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Fastlane Pinball.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Fastlane Pinball.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Final Fantasy 7.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Final Fantasy 7.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\FlashGet (JetCar) 1.71.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\FlashGet (JetCar) 1.71.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Foods That Burn Fat.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Foods That Burn Fat.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Foxit PDF Editor 1.2.0419.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Foxit PDF Editor 1.2.0419.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\FullShot Enterprise 9.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\FullShot Enterprise 9.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Grand Theft Auto.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Grand Theft Auto.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ground Control - II Exodus.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ground Control - II Exodus.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Internet Explorer 7.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Internet Explorer 7.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Linkgrabber 3.0.4.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Linkgrabber 3.0.4.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\McAfee AntiSpyware 2.1.111.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\McAfee AntiSpyware 2.1.111.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\MP3 WAV Converter 2.1.42.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\MP3 WAV Converter 2.1.42.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Multi Clipboard 9.84.01.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Multi Clipboard 9.84.01.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Need for Speed Most Wanted Black.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Need for Speed Most Wanted Black.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\NetObjects nPower 1.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\NetObjects nPower 1.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton AntiVirus 2006 Protection Pack.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton AntiVirus 2006 Protection Pack.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton Ghost 10.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton Ghost 10.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton WinDoctor 2006.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Norton WinDoctor 2006.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Notron Internet Security 2006 Suite.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Notron Internet Security 2006 Suite.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Online TV Player 2.9.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Online TV Player 2.9.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\OverSeer 1.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\OverSeer 1.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PaceStar EDGE Diagrammer 5.02.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PaceStar EDGE Diagrammer 5.02.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PC Surgeon 4.31.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PC Surgeon 4.31.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PDFfactory Server Edition Pro 2.46.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PDFfactory Server Edition Pro 2.46.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Photoshop Plug-in 2006 600MB CD.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Photoshop Plug-in 2006 600MB CD.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Plato Photo Slideshow 2.16.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Plato Photo Slideshow 2.16.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PlayDV 4.8.0.51117.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PlayDV 4.8.0.51117.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PowerKaraoke Plus 1.2.28.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\PowerKaraoke Plus 1.2.28.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Prince of Persia Sands of Time.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Prince of Persia Sands of Time.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Prince of Persia Two Thrones NKA.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Prince of Persia Two Thrones NKA.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Real Spy Monitor 2.42.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Real Spy Monitor 2.42.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Registry Crawler 4.5.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Registry Crawler 4.5.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Registry Operator 3.0.0.1.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Registry Operator 3.0.0.1.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Rise Of Nations.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Rise Of Nations.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Security Explorer 5.10.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Security Explorer 5.10.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ski racing 06.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ski racing 06.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\SmartCode VNC Manager Enterprise 3.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\SmartCode VNC Manager Enterprise 3.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Speed It Up Extreme 3.5.1.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Speed It Up Extreme 3.5.1.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Splinter Cell Chaos Theory.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Splinter Cell Chaos Theory.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Steinberg Cubase SX 3.1.1.944.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Steinberg Cubase SX 3.1.1.944.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\System Mechanic 6.0i Pro.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\System Mechanic 6.0i Pro.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Best of Frantic Euphoria.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Best of Frantic Euphoria.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Chronicles of Narnia.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Chronicles of Narnia.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Transporter 2.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\The Transporter 2.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Thief - Deadly Shadows.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Thief - Deadly Shadows.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\TweakNow PowerPack 2006 Pro 1.10 Retial.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\TweakNow PowerPack 2006 Pro 1.10 Retial.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ultra DVD Creator 1.4.0.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Ultra DVD Creator 1.4.0.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\UltraSentry 2.00b.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\UltraSentry 2.00b.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Win TinyXP Pro SP2 Unattended.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Win TinyXP Pro SP2 Unattended.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\WinAmp Skins Creator 1.1.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\WinAmp Skins Creator 1.1.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\WinDVD Platinum 7.0 B27.115.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\WinDVD Platinum 7.0 B27.115.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Working Safedisc Bypasser.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Working Safedisc Bypasser.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\X-Cleaner Deluxe.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\X-Cleaner Deluxe.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\XFormation 2.0.3.2.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\XFormation 2.0.3.2.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\XP Tools Pro 4.70.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\XP Tools Pro 4.70.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Zone Alarm Internet Security Suite 61.zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Complete\Zone Alarm Internet Security Suite 61.zip Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Elido Ruiz\Desktop\Bot\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\MSN-Winks.exe/stream/data0007/stream/data0004 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\MSN-Winks.exe/stream/data0007/stream/data0005/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
C:\MSN-Winks.exe/stream/data0007/stream/data0005/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream/data0007/stream/data0005/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer


Hijackthis Report
Logfile of HijackThis v1.99.1
Scan saved at 1:33:34 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
Armodeluxe
Posted 18 December 2005 - 06:41 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I don't think you posted the whole of the Kaspersky log. Please post it again, somehow it got cut off.

You are running without any viral or trojan protection. Let's get you some free programs and do some scans.

Please download, install and update AVG but don't run a scan yet, we will run it in safe mode.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then delete the entire contents of these folders in bold: (not the folders themselves but everything in them)

C:\Documents and Settings\Elido Ruiz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar
C:\Documents and Settings\Elido Ruiz\Complete

Also delete this file:

C:\MSN-Winks.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Now open AVG and do a full system scan. Remove all it finds.

Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back to normal mode and please post the Ewido log and the rest of the Kaspersky log.
  • 0

#5
Goddel2
Posted 18 December 2005 - 12:27 PM

Goddel2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the rest of the Report sorry about that must of got cut off

C:\MSN-Winks.exe/stream/data0007/stream/data0005/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream/data0007/stream/data0005/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer
C:\MSN-Winks.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616

Scan process completed.
  • 0

#6
Armodeluxe
Posted 19 December 2005 - 06:33 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, nothing else to worry about in there..please follow the instructions in my previous post..
  • 0

#7
Goddel2
Posted 19 December 2005 - 06:12 PM

Goddel2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:17:50 PM, 12/18/2005
+ Report-Checksum: 5E95627C

+ Scan result:

C:\RECYCLER\S-1-5-21-1659004503-73586283-725345543-1003\Dc102.rar/trillian-v3.1.exe/iexplorer.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\S-1-5-21-1659004503-73586283-725345543-1003\Dc102.rar/trillian-v3.1.exe/iexplorer.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End
  • 0

#8
Armodeluxe
Posted 20 December 2005 - 03:51 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Good. Let me see a new HijackThis log. Do you have any problems left now?
  • 0

#9
Armodeluxe
Posted 01 January 2006 - 06:10 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP