Results 1 to 4 of 4

Thread: Mirc virus.???

  1. 08-02-2005, 06:50 PM #1
    enoughfakefiles
    enoughfakefiles is offline
    enoughfakefiles's Avatar Ad ministrator
    Join Date
    Jun 2003
    Location
    I'm an Even Steven with a
    Posts
    7,568
    Send a message via MSN to enoughfakefiles
    I`ve picked up a virus from irc but can not delete it and AVG won`t clean it.

    Here`s my hijack this log. I used hijackthis.de but unsure how to clean it.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:47:51, on 02/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Cache\FireDaemon.exe
    C:\Program Files\Cache\sif.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    D:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\philip clegg\Application Data\Mozilla\Profiles\default\y9aiuw1y.slt\prefs.js)
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [SMSS] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\winserv.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\ir.conf
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
    O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1118952040593
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
    O20 - Winlogon Notify: style2 - C:\WINDOWS\q3759687_disk.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: FireDaemon Service: csrss (csrss) - Unknown owner - C:\Program Files\Internet Explorer\PLUGINS\FireDaemon.exe (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: FireDaemon Service: sif (sif) - Sublime Solutions Pty Ltd - C:\Program Files\Cache\FireDaemon.exe
    O23 - Service: FireDaemon Service: smss (smss) - Sublime Solutions Pty Ltd - C:\Program Files\Java\Cache\FireDaemon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I`ve tried to fix the firedaemon.exe but it won`t for some reason.

    Thanks in advance.
    Reply With Quote Reply With Quote
  3. 08-02-2005, 06:55 PM Software & Hardware   -   #2
    {I}{K}{E}
    {I}{K}{E} is offline
    Retired
    Join Date
    Feb 2003
    Posts
    12,488
    open your log on http://www.hijackthis.de/



    C:\Program Files\Cache\ ???
    Last edited by {I}{K}{E}; 08-02-2005 at 06:56 PM.
    Reply With Quote Reply With Quote
  5. 08-04-2005, 07:17 PM Software & Hardware   -   #3
    zdr
    zdr is offline
    Member
    Join Date
    Aug 2005
    Posts
    22
    reboot your machine in safe mode and scan your machine by kaspersky.
    Reply With Quote Reply With Quote
  7. 08-04-2005, 07:28 PM Software & Hardware   -   #4
    RPerry
    RPerry is offline
    RPerry's Avatar Synergy BT Rep: Bad Rep
    Join Date
    Dec 2002
    Location
    Lakeland, Florida
    Age
    50
    Posts
    3,268
    Send a message via MSN to RPerry
    FireDaemon is a system utility that allows you to install and run any native Win32 application or script as a Windows service. Easy configurations via GUI or XML, low memory footprint, service monitoring, fault tolerance and haigh availability.
    this came up on a google search, and can be downloaded are you sure your infected ?

    http://www.freedownloadscenter.com/A...s_Pty_Ltd.html
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page Generation Time
0.05
Number of Queries
15
Links: Talkgold Forum | AdServices