My_Heart.exe

Question

hi room.. i need someone to help me bout My_Heart.exe. i already scan with avast antivirus and Symantec online virus scanner. But it's don't found anay effected virus on my pc. hope someone can hel me to soft this problems. here my hijackthis log Logfile of HijackThis v1.97.7 Scan saved at 2:08:28 PM, on 1/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus
avapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\VIA\RAIDaid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32undll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\CafeAgent.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\PROGRA~1\MI3AA1~1apimgr.exe C:\WINDOWS\system32\CafeAgent.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\HijackThis.exe

RKinner · Answer

Please post a new HJT log.  Something happened and we only got the top half.  After the notepad log comes up move the cursor to the log and Ctrl + a to select it all then Ctrl + c to copy it.  Move to a reply and Ctrl + v to paste it.   Following site talks about my_heart.exe   http://www.sophos.com/security/analyses/w32sillyfdcf.html   Seems it likes to make itself at home on USB drives or floppies too.   Ron

aM- · Answer

here my new HJT log   Logfile of HijackThis v1.97.7 Scan saved at 12:28:36 AM, on 1/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus
avapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton AntiVirus\CfgWiz.exe C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Symantec\LiveUpdate\LUAll.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt381\SETUP.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Messenger\msmsgs.exe C:\HijackThis\HijackThis.exe C:\PROGRA~1\COMMON~1\SYMANT~1\Sevinst.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [LaunchAp] 'C:\Program Files\Launch Manager\LaunchAp.exe' O4 - HKLM\..\Run: [PowerKey] 'C:\Program Files\Launch Manager\PowerKey.exe' O4 - HKLM\..\Run: [LManager] 'C:\Program Files\Launch Manager\HotkeyApp.exe' O4 - HKLM\..\Run: [CtrlVol] 'C:\Program Files\Launch Manager\CtrlVol.exe' O4 - HKLM\..\Run: [LMgrOSD] 'C:\Program Files\Launch Manager\OSDCtrl.exe' O4 - HKLM\..\Run: [Wbutton] 'C:\Program Files\Launch Manager\Wbutton.exe' O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NAV CfgWiz] 'C:\Program Files\Norton AntiVirus\CfgWiz.exe' /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE 'REBOOT' O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - file://E:\myCDENGLISH_F3\plugins\j2re.exe

RKinner · Answer

Sorry, I missed it the first time that you were running an ancient version of HJT.  We need the 1.99.1 version.    http://tomcoyote.org/hjt/hjt199//HijackThis.exe   Just save it to your desktop for now.  Save it as ron.exe instead of hijackthis.exe.  Then run ron.   So far there is nothing showing in your log.  Are you having problems?  Popups, redirects,  crashes or slow running?    I do see that you have an ancient very vulnerable version of Java.  Recommend you uninstall (Start, Control Panel, Add/Remove Programs and find java, jre, j2re, j2se (and anything else that has the Java coffee cup icon) and uninstall all then download a newer version at:   http://www.java.com/getjava/   Ron

Virus & Spyware

Was this post helpful?