|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Spyware / Virus Removal » Need help removing virus |
| Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#11
05-10-2005, 07:25 AM
|
|||
|
|||
|
Ok here is the latest
I ran the remove.bat (no errors to report) I also have the mwav virus report you asked for File c:\windows\system32\qfukqk.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. File System Found infected by "AdTools Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "MediaMotor Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken. File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Nail.exe infected by "not-a-virus:AdWare.BetterInternet.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\ucjetwkqok.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\246765-ventura-hot.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\HookPopup.dll infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Rogjpu.exe infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Zyiodv.exe infected by "not-a-virus:AdWare.DealHelper.ac" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\180sainstaller.exe infected by "not-a-virus:AdWare.180Solutions.b" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\AEL\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\Del32.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\down.cab infected by "not-a-virus:AdWare.Wintol.y" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\ICD1.tmp\QDow_AS2.dll infected by "Trojan-Downloader.Win32.QDown.s" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\ICD2.tmp\installer_MEDIAWHIZ3.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\motoin.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\MZP\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\PAE\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\QRB\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Documents and Settings\Vikki.VIKKI-8838E5945\Local Settings\Temp\YQG\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. File C:\Install.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken. File C:\Program Files\Common Files\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\QDow_AS2.dll infected by "Trojan-Downloader.Win32.QDown.s" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\QDow_AS2.dll infected by "Trojan-Downloader.Win32.QDown.s" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\QDow_AS2.dll infected by "Trojan-Downloader.Win32.QDown.s" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ3.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\m67m.ocx infected by "not-a-virus:AdWare.MediaMotor.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\pcs_0006.exe infected by "not-a-virus:AdWare.Pacer.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll infected by "Trojan-Downloader.Win32.QDown.s" Virus. Action Taken: No Action Taken. File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Nail.exe infected by "not-a-virus:AdWare.BetterInternet.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\246765-ventura-hot.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.e" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\HookPopup.dll infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\nsvsvc\nsv.ocx infected by "not-a-virus:AdWare.DelphinMediaViewer.c" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\nsvsvc\nsvs.dll infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Rogjpu.exe infected by "not-a-virus:AdWare.DealHelper.ab" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\Zyiodv.exe infected by "not-a-virus:AdWare.DealHelper.ac" Virus. Action Taken: No Action Taken. File C:\WINDOWS\temp\OLD11.tmp infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken. File C:\WINDOWS\ucjetwkqok.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken. Then I ran the hijackthis and checked off the F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe and hit fix problem but as you see in the latest report it is still there and I could not find the other file you asked to check but here is the latest hijack log Logfile of HijackThis v1.99.1 Scan saved at 7:21:28 AM, on 5/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe c:\windows\system32\ushgvgl.exe C:\Program Files\ISP50\Bin\Bartshel.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~1\ISP50\bin\ppshared.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Microsoft Works\MSWorks.exe C:\Program Files\ISP50\Bin\Bartshel.exe C:\PROGRA~1\ISP50\dialer\DIALER.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Vikki.VIKKI-8838E5945\My Documents\Unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/homepage F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [sprczsh] c:\windows\system32\ushgvgl.exe O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\VIKKI~1.VIK\LOCALS~1\Temp\DELDIR0.EXE " "C:\Program Files\McAfee\McAfee Shared Components\Guardian\" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia.com/install/pcs_0015.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099600018484 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0035.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BB3A12F2-B439-4BE8-B824-2DA2739FA599}: NameServer = 206.134.133.10 206.134.224.5 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe Thank you again for all the help [img]style_emoticons/<#EMO_DIR#>/smile.gif[/img] 
|
|
#12
05-10-2005, 08:03 AM
|
||||
|
||||
|
Boot back to normal and download FindIt's.zip to your desktop: http://www.spyware911.net/downloads/FindIt.zip
1. Unzip/extract the files inside to a folder on your desktop. 2. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It will take awhile so please be patient ... 3. Then post the results here please, along with the new HijackThis log. Just to not this is a new infection and we are still a bit hit and miss on the solution so please be patient. I will check back in a couple of hours as i have to step out.
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
