Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant remove a trojan

Started by CRazzym3x , Dec 20 2005 02:36 PM

  • Please log in to reply

#1
CRazzym3x
Posted 20 December 2005 - 02:36 PM

CRazzym3x

    Member

  • Member
  • PipPip
  • 37 posts
First of all I want to thank all of you for helping me and taking your time in reading this.

I dont think this will be a very hard thing to do but you never know.

See it all started when a random dude sent me a link to a .exe file. I downloaded and used Jottis mlti viru scanner (http://virusscan.jotti.org/). It found multiple viruses ofcourse, I forgot to delete it from my desktop and it had a Picture icon. 2 hours later I was just sciming to my desktop and saw it, I was like what the [bleep] is that? Clicked it.. then I saw the extension and just fel very stupid.

Anyway people started messaging me telling me to stop I was like what? Till someone told me.. I made a Spyboy search, a Norton 2006 search, Antivir search and a Trojan Hunter search. They found some stuff but the problem presists.

Here goes my Hijack Ths Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:36:06 PM, on 12/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\service\services.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Tibia\Tibia.exe
C:\Documents and Settings\CRazym3x\Desktop\BotBase\Cavebot.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CRazym3x\Desktop\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [winsys.exe] C:\WINDOWS\System32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {37A53174-024B-42D0-8B7C-E42122FDC7DB} (MGameRunDll3 Class) - http://wizweb.neffic...g/mgrunmng3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D636968D-9B7E-4F37-BD7F-9A4D978FE63B} (MGameRunDll4 Class) - http://wizweb.neffic...g/mgrunmng4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe


  • 0

Advertisements

#2
Steamhead
Posted 23 December 2005 - 08:07 PM

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello CRazzym3x and welcome to Geeks to Go! My name is Steamhead and I am currently reviewing your log. Thanks for the patience! :tazz:
  • 0

#3
Steamhead
Posted 23 December 2005 - 09:31 PM

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello CRazzym3x and welcome to Geeks to Go!, my name is Steamhead and I will be helping you out today.
You have a pretty hefty infection here, and it has attracted the attention of some of the "malware gods" here. I was wondering if you wouldn't mind submitting a few files to help us in the fight agaist crapware. :tazz:

STEP 1:

Please go HERE
  • Type CRazzym3x as the username
  • Copy and paste the link to this topic into "Link to topic where this file was requested:"
  • Now copy and paste C:\WINDOWS\system32\service into the remaining field next to "Browse".
  • Click on Send File.
Now if you don't mind repeating the process, except submit the file C:\WINDOWS\System32\winsys.exe.

Thanks a lot! :)

STEP 2:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new HijackThis! log
Also please tell me if you were succesful in submitting those files. Afterwards we will continue in the removal of those files.
  • 0

#4
CRazzym3x
Posted 24 December 2005 - 12:03 AM

CRazzym3x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for helping me!

I submited those 2 files succesfuly, now here is the activescan report!

I also atached the 2 files because I notices that it was kinda messy in the quote, thanks again.

Incident Status Location

Adware:adware/ist.istbar Not desinfected C:\WINDOWS\SYSTEM32\mscache.sys
Spyware:application/bestoffer Not desinfected C:\PROGRAM FILES\TBONBin
Spyware:spyware/cydoor Not desinfected C:\WINDOWS\cdmxtras
Adware:adware/p2pnetworking Not desinfected Windows Registry
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\Administrator\My Documents\My eBooks\UltimateMC.exe
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\Administrator\My Documents\My eBooks.zip[UltimateMC.exe]
Virus:Trj/SendPac.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\Cavebot.rar[packet.dll]
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\OTServ\Tibia 7.1\UltimateMC.exe
Virus:Trj/SendPac.A Disinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\packet.dll
Virus:Trj/SendPac.A Disinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\pick up.zip[packet.dll]
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\Tibia7.41\UltimateMC.exe
Virus:Trj/SendPac.A Disinfected C:\Documents and Settings\CRazym3x\Desktop\Cosas k no importan\TPR\packet.dll
Virus:Trj/Keylog.BJ Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\iksetup_exe.vir[web.dll]
Virus:Trj/SendPac.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\Random\TibIan Simple Spear.rar[packet.dll]
Virus:Trj/UpHid.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\UltraBOT.rar[UltraBOT.exe]
Hacktool:Sniffer/WpePro Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\wpeproalpha0_9a.zip[WPE PRO.exe]
Hacktool:Sniffer/WpePro Not desinfected C:\Documents and Settings\CRazym3x\Desktop\Downloads\wpeproalpha0_9a.zip[WpeSpy.dll]
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\CRazym3x\Desktop\New Folder (2)\Tibia 7.66\UltimateMC.exe
Virus:Trj/UpHid.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\Cavebot - Forge\Cavebot_rar.vir[Cavebot.exe]
Virus:Trj/SendPac.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\Cavebot - Forge\Cavebot_rar.vir[packet.dll]
Virus:Trj/UpHid.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\Cavebot - Forge\Cavebot_rar.vir[Ankrahmun - Larvas East.exe]
Virus:Trj/SendPac.A Disinfected C:\Documents and Settings\CRazym3x\Desktop\random\Cavebot - Forge\packet.dll
Virus:Trj/SCKeylog.U Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\HTML\PHP\cachero_orbashal.wmv.rar[cachero_orbashal.wmv.exe]
Virus:Trj/SCKeylog.U Disinfected C:\Documents and Settings\CRazym3x\Desktop\random\HTML\PHP\cachero_orbashal.wmv.zip[cachero_orbashal.wmv.exe]
Virus:Trj/SCKeylog.U Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\HTML\PHP\fun.rar[fun.exe]
Virus:Trj/UpHid.A Not desinfected C:\Documents and Settings\CRazym3x\Desktop\random\orbashaal.rar[orbashaal.exe]
Virus:Trj/Keylog.BR Disinfected C:\Documents and Settings\CRazym3x\Desktop\Release\Tibia\UltimateMC.exe
Virus:Trj/SendPac.A Disinfected C:\Documents and Settings\CRazym3x\My Documents\My Received Files\tpr.zip[packet.dll]
Virus:Trj/SendPac.A Disinfected C:\packet.dll
Virus:Trj/SAM.C Disinfected C:\Program Files\Spytector\server.exe
Possible Virus. Not desinfected C:\Program Files\Valve\Steam\SteamApps\ercel\counter-strike source\[IcT] Shadow.exe
Possible Virus. Not desinfected C:\WINDOWS\fun.dll
Virus:Trj/SAM.C Disinfected C:\WINDOWS\system32\fun.exe


Logfile of HijackThis v1.99.1
Scan saved at 12:06:10 AM, on 12/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CRazym3x\Desktop\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [winsys.exe] C:\WINDOWS\System32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {37A53174-024B-42D0-8B7C-E42122FDC7DB} (MGameRunDll3 Class) - http://wizweb.neffic...g/mgrunmng3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D636968D-9B7E-4F37-BD7F-9A4D978FE63B} (MGameRunDll4 Class) - http://wizweb.neffic...g/mgrunmng4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 -

Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exeAttached File  Activescan2.txt   10.56KB   152 downloadsAttached File  Activescan2.txt   10.56KB   152 downloadsAttached File  hijackthis.txt   10.74KB   113 downloads

Edited by CRazzym3x, 24 December 2005 - 12:09 AM.

  • 0

#5
Steamhead
Posted 24 December 2005 - 09:37 PM

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello CRazzym3x. Unfortunately our "malware gods" didn't receive those files correctly. If you don't mind I would like to try one other method before we get down and dirty. Thanks a lot :) Also, for further reference, it's not necessary to put your logs into quote boxes, it's easier for me without them.

STEP 1:

1. Please download WinZip 10.0 from here and save it to your desktop. (It is a trial version)
2. Once finished, open the file you just downloaded and install WinZip 10.0.
3. Open Windows Explorer and find the following folder:
C:\WINDOWS\system32\service
4. Right click on that file and go to WinZip > Add to service.zip You may get a screen pop up asking you to buy it, just click "Use Evaluation Version"
5. You will notice a new file has been created in that folder called "service.zip" with a different icon.
6. Repeat this with the following files:C:\WINDOWS\System32\winsys.exe
STEP 2:

Once again please go HERE
  • Type CRazzym3x as the username
  • Copy and paste the link to this topic into "Link to topic where this file was requested:"
  • Now copy and paste C:\WINDOWS\system32\service.zip into the remaining field next to "Browse".
  • Click on Send File.
Now if you don't mind repeating the process, except submit the file C:\WINDOWS\System32\winsys.zip.

STEP 3:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks a lot! :tazz:
  • 0

#6
CRazzym3x
Posted 25 December 2005 - 04:50 AM

CRazzym3x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
First of all Merry Christmas!

I submte the service.zip (Used winrar to zip Im thnking its the same)
The other file I couldn't find, I did a search on systlem32 folder with windows search tool and couldn't find it eaither so im guessing its not there.

Here is the uninstall list btw

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop CS
Ahead InCD EasyWrite Reader
ALPS Touch Pad Driver
AnalogX PacketMon
ANSMTP OBJECT (remove only)
AntiVir/XP
AOL Instant Messenger
ArcSoft PhotoImpression 4
Ares 1.8.1
Atheros Client Utility
Battlefield 2™ Demo
BitTorrent 4.0.4
ccCommon
CleanUp!
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DivX
DivX Player
Download Accelerator Plus (DAP)
Drag'n Drop CD+DVD
DVD-RAM Driver
Easy Button
Elasto Mania
Guild Wars
Half-Life® 2
Hex Workshop v4.23
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® Create & Share® Software
InterActual Player
Internet Worm Protection
InterVideo WinDVD 4
iPod for Windows 2005-10-12
iScrobbler
iTunes
J2SE Runtime Environment 5.0 Update 1
Last.fm Player 1.0.4
LC5
LimeWire PRO 4.9.30
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
LUMIX Simple Viewer
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic Utilities 2006 Version 4.10
Messenger Plus! 3
MessengerDiscovery 3.0.0
MessengerDiscovery X 1.1
MessengerDiscovery X 2.1.00
MGameBomberMan
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework SDK (English) 1.1
Microsoft ActiveX Control Pad
Microsoft Office 2000 Professional
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (1.0.7)
msgdiscovery x 1.0
MSN Messenger 7.5
MyDsc2
myTunes Redux 1.0
Native Instruments - Traktor 1.06
Native Instruments Traktor DJ Studio v2.6.1.022
NAVShortcut
Nero 6 Ultra Edition
Nero Digital
Nero Mega Plugin Pack
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Notebook Maximizer
Panda ActiveScan
PHP 5.1.1
PokerStars.net
QuickTime
Ragnarok Online
Real Alternative 1.43
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
SCKLPRO
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Skype 1.2
SmartFTP Client
SMSC IrCC Driver V5.1.2462.0 (WinXP)
SnagIt 7
SP2 Connection Patcher
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Steam™
SurfHere by Toshiba
Symantec
SymNet
Tasker version 3.13
The Best Offers
Tibia 7.6
TibiaBot NG 1.9
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TouchPad On/Off Utility
TrojanHunter 4.2
Ventrilo
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VisualKore 1.6.1.3
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XAMPP 1.4.17
Xfire (remove only)
  • 0

#7
Steamhead
Posted 27 December 2005 - 12:06 PM

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello CRazzym3x,
I apologize for the delay in your response. I was taking a little Christmas break, :tazz:
Making a fix now!
  • 0

#8
Steamhead
Posted 27 December 2005 - 06:29 PM

Steamhead

    Visiting Staff

  • Member
  • PipPipPip
  • 519 posts
Hello CRazzym3x.
Let's get down and dirty! You may want to print this out, so you will have it with you at all times.

STEP 1:

I notice that you have Messenger Plus 3 installed. While there is nothing wrong with that program itself, it may have come bundled with some "sponser software". I need you to uninstall Messenger Plus 3 with Add/Remove programs (Start>Settings>Control Panel>Add/Remove). If you wish to keep it. BE SURE to install it WITHOUT the sponser software.

STEP 2:

Please open HijackThis and scan your computer. Place a check next to the following entries:

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe
O4 - HKCU\..\Run: [winsys.exe] C:\WINDOWS\System32

Now close all windows and browsers except for HijackThis and click on Fix Checked.

STEP 3:

We will need to reboot into Safe Mode. To do this, restart your computer and tap F8 as it is starting up. Select Safe Mode from the menu and press ENTER.

I notice that you have several P2P programs installed in your PC. These programs are a great way for crapware to get installed on your computer, and they are probably the reason that you are infected. I recommend that you remove them all.

Please delete the following files using Explorer (right click on Start >> Explore)

C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\system32\service\services.exe
C:\WINDOWS\System32\winsys.exe

Now reboot normally.

STEP 4:

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

STEP 5:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Now please post a fresh HJT log, along with the report.txt file. Thanks! :tazz:
  • 0

#9
CRazzym3x
Posted 28 December 2005 - 12:28 AM

CRazzym3x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I can do everything except the thirs step which involves rebooting and going into safe mode. I cannot do this since my ENTER key is not working. I work on a laptop and some coke spill so now that key won't work. I will try to get an exterlnal keyboard tomorrow.

Thanks again! I will do these steps as soon as I can.

Edited by CRazzym3x, 28 December 2005 - 12:29 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP