Results 1 to 10 of 10

Thread: need help with viruses

  1. #1
    popwar's Avatar Popwar
    Join Date
    Sep 2006
    Location
    Ohio
    Age
    35
    Posts
    222
    fukin virus's come in one after the other sometimes on my computer.most of the time they're called Virtumonde, Tiny F, and GHDHGIO or some sht like that. theres also a worm in my iexplorer.exe because it shows its running in processes when i dont even have it opened. and microsoft visual buffer overrn. here is my hjt log.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:52:55 PM, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\analyser 1991\analyser 1991.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?division=105
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {60b91269-ca73-4ec0-8f41-d27f72dfcda2} - (no file)
    O2 - BHO: (no name) - {693CC0F8-492B-4628-8732-3F04F1852E0E} - (no file)
    O2 - BHO: (no name) - {753ED756-2904-4A08-A784-868CF14F8F19} - C:\WINDOWS\system32\gebya.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ppriljbv.dll
    O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\buqykmrh.dll",sitypnow
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1190404403184
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190445000561
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    Last edited by popwar; 10-10-2007 at 04:59 PM.

  2. Software & Hardware   -   #2
    100%'s Avatar ╚════╩═╬════╝
    Join Date
    Jan 2003
    Posts
    13,383

  3. Software & Hardware   -   #3
    n00b
    Join Date
    Aug 2005
    Location
    england u.k.
    Posts
    28
    yeah try downloading adaware too its free from lavasoft.com scan once a week to keep nice and fast too

  4. Software & Hardware   -   #4
    Poster BT Rep: +3
    Join Date
    Mar 2007
    Posts
    393
    My pc was infected last week. This thread should help you. https://filesharingtalk.com/vb3/f-bit...-needed-236261

  5. Software & Hardware   -   #5
    got milk BT Rep: +2
    Join Date
    Oct 2007
    Posts
    313
    also try to get your hands on nod32 for antivirus and outpost for firewall, works great.

  6. Software & Hardware   -   #6
    birney29's Avatar proud salfordian :D BT Rep: +9BT Rep +9
    Join Date
    Jul 2007
    Location
    salford
    Posts
    431
    ye nod32 is a great program thats what i use and i havent been infected since i started using it

    not a anti-trader just dont like trading
    found pisexy from my good friend D3LBOY

  7. Software & Hardware   -   #7
    Totti's Avatar Poster BT Rep: +21BT Rep +21BT Rep +21BT Rep +21BT Rep +21
    Join Date
    Aug 2007
    Posts
    1,125
    format is the best solution move what you want to save to drive d or e ( or what ever you decided to call them) and then format the drive that you have your OS installed once you finish formating install nod32 and that should be enough.
    This way you know that your cumputer is virus clean and you can be off to a fresh start...

  8. Software & Hardware   -   #8
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,547
    Quote Originally Posted by Totti View Post
    format is the best solution move what you want to save to drive d or e ( or what ever you decided to call them) and then format the drive that you have your OS installed once you finish formating install nod32 and that should be enough.
    This way you know that your cumputer is virus clean and you can be off to a fresh start...
    Ya while you and I would take that route , a lot of people don't know how to format let alone how to back up their important files .Or find that flecking install disk .

    If the poster would follow 100%'s advice then move from there ? How do we know he even has an install disk or partition for that matter . Not trying to bust your balls but you have to move gently and think back when "you" first learned computers .

  9. Software & Hardware   -   #9
    Totti's Avatar Poster BT Rep: +21BT Rep +21BT Rep +21BT Rep +21BT Rep +21
    Join Date
    Aug 2007
    Posts
    1,125
    well i sort of learned by myself but you are right if he doesn't know how to partition and doesn't have a legal copy of windows or an illegal one that is bootabell ( i really wanted to kill my self the first time i formated and couldn't get my windows cd to load) then he is screwed.

  10. Software & Hardware   -   #10
    popwar's Avatar Popwar
    Join Date
    Sep 2006
    Location
    Ohio
    Age
    35
    Posts
    222
    i just reformated no big deal thread closed

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •