Unsolved
This post is more than 5 years old
6 Posts
0
1427
How to remove New Poly Win32 trojan virus...
Hi,
I can't remove a trojan virus (New Poly Win32) from my system (Windows XP Home Edition SP2).
The reboot of my PC takes more than 5 minutes with the logo 'Intel Inside'.
I use McAfee VirusScan Enterprise 8.00, BitDefender 8 Free Edition, Windows Defender 1.1.1592.0 and EasyCleaner 2.0.5.380.
Please, help me.
Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 1:08:50, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 1:08:50, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\programas\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Programas\Avant Browser\avant.exe
C:\Programas\Internet Explorer\iexplore.exe
F:\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\programas\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Programas\Avant Browser\avant.exe
C:\Programas\Internet Explorer\iexplore.exe
F:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Programas\Network Associates\VirusScan\bho.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O4 - HKLM\..\Run: [BDMCon] "C:\Programas\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programas\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: Add to AD Black List - C:\Programas\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Programas\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Programas\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Programas\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Programas\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Programas\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162034100024
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Programas\Network Associates\VirusScan\bho.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O4 - HKLM\..\Run: [BDMCon] "C:\Programas\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programas\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Programas\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: Add to AD Black List - C:\Programas\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Programas\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Programas\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Programas\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Programas\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Programas\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162034100024
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
1972vet
3.3K Posts
0
November 4th, 2006 01:00
In the event that some malware makes it's way to your hard disk, each antivirus application will wrestle over "access" rights to the offender and will want to zip the file and arrest the application.
This struggle will (in theory) continue infinitely which can culminate in a complete system crash.
Please decide which antivirus application to keep and uninstall any others.
Please download:
Dr.Web Cure it.
Double click on the cureit.exe then click "Start".
During the scan infected files are cured, incurable files are moved to the quarantine directory. When the scanning is finished, the log file and the quarantined item/s will not be deleted. Once you determine that the quarantined file is indeed bad, you must manually delete it/them.
To scan your computer with the most up-to-date Dr.Web virus bases next time you scan, you should download a new Dr.Web CureIt! package. To do this, press the "Update" link on the first utility screen, which leads to the ftp-server where the latest version of CureIt! is located. Download the utility anew and run it again. Be sure to delete the out dated version each time.
Please post back the contents of the log generated during the scan in your next reply.
The process below:
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
...could belong to a legitimate Microsoft application...then again, there is a bogus file OFFPROV.EXE that has a bad .dll injected (DLL6WISE.DLL) as determined by Prevx
Please visit this site. Navigate to the file indicated below in Bold and upload the file for a free scan:
C:\PROGRA~1\FICHEI~1\MICROS~1\Msinfo\OFFPROV.EXE
If you're unsure how to do that, follow the instructions below:
Please run HijackThis again and check the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligaes
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
Do you use this server:
ONITELECOM - Infocomunicacoes S.A.
Lagoas Park, Edificio 12 - 2 Piso
2740-244 Porto Salvo - Oeiras
If not, put a check in the box next to this one too:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
Close all windows now except for the HijackThis application window then click Fix Checked.
Reboot the computer and post a new HijackThis log along with the contents of the log generated during the Cureit.exe scan . How is the computer running now?
pedro_cyber
6 Posts
0
November 4th, 2006 10:00
1972vet
3.3K Posts
0
November 4th, 2006 17:00
Did you uninstall all but one of them as the instruction suggests? Then, after that, did you run the Dr. Web Cureit.exe...or did you skip the uninstallation of your multiple antivirus scanners and run the Dr. Web Cureit.exe scan while all of them were running?
Regardless, did you finish with the rest of the instructions and post a new HijackThis log. I don't see it. Did you by chance create it on a new thread? If so, please delete it from the new thread and post it here. Thanks!
pedro_cyber
6 Posts
0
November 4th, 2006 21:00
Scan saved at 23:42:18, on 04-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programas\Symantec\WinFax\WFXMOD32.EXE
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Softwin\BitDefender8\bdmcon.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Internet Explorer\iexplore.exe
J:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Programas\Network Associates\VirusScan\bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Programas\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programas\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programas\Ficheiros comuns\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162034100024
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B895077-2836-4D57-8DC7-E8FBA0E95ACA}: NameServer = 195.245.176.19 194.38.131.19
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Message Edited by pedro_cyber on 11-04-2006 05:49 PM
Message Edited by pedro_cyber on 11-04-2006 10:15 PM
1972vet
3.3K Posts
0
November 5th, 2006 01:00
What kind of anti-virus do you recommend regarding those i have, not the Dr.Web... wish Did you mean to type the word "which" here instead? i never heard about?
Dr. Web Cureit.exe is not an antivirus that is going to cause you any conflict problems regarding any real time protection. It is one of the very best free stand alone scanners on the web. If I were you, I'd keep it and scan with it from time to time.
It is always a good idea to scan for viruses using various different scanners...just not having more than one installed and running in real time.
Keep McAfee Security . Uninstall BitDefender.
Reboot. Disconnect from the internet and disable the McAfee Real time protection.
Run Dr. Web Cureit.exe again and post that log. Thanks!
pedro_cyber
6 Posts
0
November 5th, 2006 12:00
Message Edited by pedro_cyber on 11-05-2006 08:44 AM
1972vet
3.3K Posts
0
November 5th, 2006 14:00
It's not actually necessary to remove it in this case but no harm done by removing it either.
Did you ever complete the rest of the instructions from post #2?
How is the computer running now? Are you having any more issues?
pedro_cyber
6 Posts
0
November 5th, 2006 17:00
1972vet
3.3K Posts
0
November 5th, 2006 18:00
Now that your system is clean, let's create a new restore point.
Please click "Start > Programs > Accessories > System Tools > System Restore"
In the new window, check the 'Create a restore point' in the right pane and click "Next".
In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean)
Click "Create" and reboot your computer.
In the future, there are some things you can do to prevent spyware infections:
Install the following freeware programs:
SpywareGuard
Spywareblaster
Keep your anti-virus and spyware definitions up to date. Be sure to scan often.
If you do not have a firewall, here are a couple freeware firewalls you can install:
Kerio Personal Firewall
Zone Alarm
Stay updated with the most recent Windows patches using
Microsoft's Windows Update.
Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox.
If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.
Run CCleaner often. Download the Basic or Slim version unless you WANT the Yahoo Toolbar.
Or if you just want to run your on board Disk Cleanup ("Start > Programs > Accessories > System Tools > Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files
So how did I get infected in the first place?
Regards, and Happy Surfing!
pedro_cyber
6 Posts
0
November 5th, 2006 19:00
1972vet
3.3K Posts
0
November 6th, 2006 00:00
As a home user, you need at the very least these four things:
1) Antivirus software
2) Antispyware/adware software
3) Fireall (third party) software
4) Antitrojan software