Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

ivy0620

2 Posts

13538

November 18th, 2005 10:00

New Poly Win32 virus

I keep getting a message that my computer has detected a "NewPoly Win 32" virus.  In which case I delete it.  But, this keeps happening every 1-2 minutes that I am on my computer.  Over and over.  Is there anything I can do to prevent this?

ky331

3 Apprentice

 • 

15.2K Posts

November 18th, 2005 13:00

please generate and post your HiJackThis log in the HJT forum.

ivy0620

2 Posts

November 19th, 2005 03:00

What does the message from Ky331 mean?

ky331

3 Apprentice

 • 

15.2K Posts

November 19th, 2005 10:00

Preliminary note:  When attempting the following directions, if you can't access the internet or perform the indicated download of HiJackThis (HJT) on your "infected" machine, you should download it onto another "good" machine (one at work?), then transfer it via floppy (it's a tiny file) to the infected machine, run the UNZipped/.EXE file on the infected machine, and finally transfer the generated log via floppy over to the good machine, to post your log online.
 
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.
 

POST SCRIPT:   It has come to my attention that many people are unfamiliar with how to create the recommended sub-directory/folder   C:\HJT   

while others are able to create this directory, but are unsure how to move HJT into it (from wherever it happened to get downloaded into, "by default")...  
If you have either of these "problems", then you should d ownload a self-extracting copy of HijackThis from
Save it to your Desktop.
Double-click on the file    hijackthis_sfx.exe    file, and it will self-extract into its own folder,
C:\Program Files\HijackThis

ky331

3 Apprentice

 • 

15.2K Posts

November 24th, 2007 21:00

ss77:

the information you followed was about 2 years old... you need to use the latest version of HJT, 2.0.2 ;

make sure your log is "formatted" (it should appear as several distinct lines, not one big "jumble" ) ;

and it needs to be posted in the HJT forum, not here in virus/spyware.

 

Here are the current detailed instructions:

Download the latest version of Trend Micro's HiJackThis (HJT) [version 2.0. 2]   installer   from
 
Save it to your Desktop.
 
Double-click on the     HJTInstall.exe    file you just downloaded, and click on the   Install   button, to install HJT in the suggested/default folder,
C:\Program Files\Trend Micro\HijackThis
 
( As part of the installation, a shortcut to the HJT   program  will be placed on your Desktop, and another shortcut in your START menu [for easy-access to using HJT in the future ---
you only need to run the  program  again, but not the  installer ] ).
 
After installation, HJT will automatically open and start running.  
[If this is your   first time  running HJT, please read and accept the EULA (End-User License Agreement)]
 
 
Click on  Do a System Scan and Save a LogFile

 

This will automatically open NotePad

 

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

 

Then go to the forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

 

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

 

Be sure to include a detailed description of any problems/errors/warnings you are encountering.  

Also, please indicate the steps you've already taken, if any, in terms of running anti-malware scanners or malware removal tools.

 
When you submit your HJT log, please make sure the box under your text which shows "Automatically convert carriage returns to HTML line breaks" is checked, or your log may not format correctly... it should consist of separate/readable lines, not one large "jumble".
 

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  While it's  completely safe  for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!!   Improper use of this tool can severely damage your system.


 



Message Edited by ky331 on 11-24-2007 07:00 PM

ss77

2 Posts

November 24th, 2007 21:00

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winnet.exe O1 - Hosts: 221.130.185.110 survey88.allyes.com O1 - Hosts: 221.130.185.110 adtaobao.allyes.com O1 - Hosts: 221.130.185.110 code.qihoo.com O1 - Hosts: 221.130.185.110 union.mop.com O1 - Hosts: 221.130.185.110 js.kkunion.com O1 - Hosts: 221.130.185.110 v.kkunion.com O1 - Hosts: 221.130.185.110 v.21cn.com O1 - Hosts: 221.130.185.110 iplusms.allyes.com O1 - Hosts: 221.130.185.110 mms.t2t2.com O1 - Hosts: 221.130.185.110 ivr.dobig.net O1 - Hosts: 221.130.185.110 www.u8u.com O1 - Hosts: 221.130.185.110 u.u8u.com O1 - Hosts: 221.130.185.110 img.zhangxiu.com O1 - Hosts: 221.130.185.110 tl.linktone.com O1 - Hosts: 221.130.185.110 channel.e78.com O1 - Hosts: 221.130.185.110 u.7town.com O1 - Hosts: 221.130.185.110 union.95ol.com.cn O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn O1 - Hosts: 221.130.185.110 tl.a8.com O1 - Hosts: 221.130.185.110 ad01.a8.com O1 - Hosts: 221.130.185.110 u2.caiku.com O1 - Hosts: 221.130.185.110 mms.caiku.com O1 - Hosts: 221.130.185.110 code1.caiku.com O1 - Hosts: 221.130.185.110 pub.lele.com O1 - Hosts: 221.130.185.110 u.lele.com O1 - Hosts: 221.130.185.110 7town.com O1 - Hosts: 221.130.185.110 tvsend.7town.com O1 - Hosts: 221.130.185.110 ivrsend.7town.com O1 - Hosts: 221.130.185.110 tlt.7town.com O1 - Hosts: 221.130.185.110 gsend.7town.com O1 - Hosts: 221.130.185.110 smssend.7town.com O1 - Hosts: 221.130.185.110 mmssend.moyu.com O1 - Hosts: 221.130.185.110 91ivr.com O1 - Hosts: 221.130.185.110 myad.91ivr.com O1 - Hosts: 221.130.185.110 u.91ivr.com O1 - Hosts: 221.130.185.110 union.91ivr.com O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com O1 - Hosts: 221.130.185.110 un.265.com O1 - Hosts: 221.130.185.110 union.qq.com O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com O1 - Hosts: 221.130.185.110 union.narrowad.com O1 - Hosts: 221.130.185.110 ln.heima8.com O1 - Hosts: 221.130.185.110 www.fboat.cn O1 - Hosts: 221.130.185.110 cpro.baidu.com O1 - Hosts: 221.130.185.110 unstat.baidu.com O1 - Hosts: 221.130.185.110 y.cnxad.com O1 - Hosts: 221.130.185.110 www.ewowo.com O1 - Hosts: 221.130.185.110 template.union.163.com O1 - Hosts: 221.130.185.110 new.is686.com O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com O1 - Hosts: 221.130.185.110 www.qyule.com O1 - Hosts: 221.130.185.110 99e.cc O1 - Hosts: 221.130.185.110 www.91ivr.com O1 - Hosts: 221.130.185.110 mg.ukaka.com O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net O1 - Hosts: 221.130.185.110 www.8fff.com O1 - Hosts: 221.130.185.110 union.pomoho.com O1 - Hosts: 221.130.185.110 202.107.233.211 O1 - Hosts: 221.130.185.110 www.end123.com O1 - Hosts: 221.130.185.110 w1.7clink.com O1 - Hosts: 221.130.185.110 w2.7clink.com O1 - Hosts: 221.130.185.110 union01.com O1 - Hosts: 221.130.185.110 click.8le8le.com O1 - Hosts: 221.130.185.110 stbanner.allyes.com O1 - Hosts: 221.130.185.110 mms1.moyu.com O1 - Hosts: 221.130.185.110 u.moyu.com O1 - Hosts: 221.130.185.110 mmsu.moyu.com O1 - Hosts: 221.130.185.110 show.moyu.com O1 - Hosts: 221.130.185.110 ivrsend.moyu.com O1 - Hosts: 221.130.185.110 ivru.moyu.com O1 - Hosts: 221.130.185.110 ivr1.moyu.com O1 - Hosts: 221.130.185.110 corep.dmcast.com O1 - Hosts: 221.130.185.110 m081.dmcast.com O1 - Hosts: 221.130.185.110 dcww.dmcast.com O1 - Hosts: 221.130.185.110 renren.dmcast.com O1 - Hosts: 221.130.185.110 files.henbang.net O1 - Hosts: 221.130.185.110 bannerbox.cn O1 - Hosts: 221.130.185.110 www.bannerbox.cn O1 - Hosts: 221.130.185.110 action.coopen.cn O1 - Hosts: 221.130.185.110 u4.sky99.cn O1 - Hosts: 221.130.185.110 u1.sky99.cn O1 - Hosts: 221.130.185.110 u2.sky99.cn O1 - Hosts: 221.130.185.110 u3.sky99.cn O1 - Hosts: 221.130.185.110 sky99.cn O1 - Hosts: 221.130.185.110 u.sky99.cn O1 - Hosts: 221.130.185.110 u.ete.cn O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com O1 - Hosts: 221.130.185.110 www.365tan.com O1 - Hosts: 221.130.185.110 www.winopen.cn O1 - Hosts: 221.130.185.110 www.tanip.com O1 - Hosts: 221.130.185.110 alexaanywhere.com O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com O1 - Hosts: 221.130.185.110 pop.9v.cn O1 - Hosts: 221.130.185.110 xuni.myad.cn O1 - Hosts: 221.130.185.110 iebar.t2t2.com O1 - Hosts: 221.130.185.110 error.newcell.cn O1 - Hosts: 221.130.185.110 auto.search.msn.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll O2 - BHO: ÌÚѶQQ - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\QQIEHelper.dll O2 - BHO: WEB·´²¡¶¾³ÌÐò - {57CF5B58-5EDF-4754-AF6D-C47D42855262} - C:\WINDOWS\system32\maxsm1l.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: ff Class - {B9751A53-4494-4d7c-9732-AE3058D8145F} - C:\WINDOWS\system32\7501.dll (file missing) O2 - BHO: Microsoft WMP »»·ô¹ÜÀíÀ©Õ¹ - {FD730F2D-7EA7-4EDA-B925-9E9DDE5E6C87} - C:\Program Files\Windows Media Player\Skins\Start.wmz O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost32.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\721815M.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [syscheck] c:\windows\system32\SVCH0ST.EXE O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe O4 - HKLM\..\Run: [ulcdqsp] C:\Program Files\Common Files\System\yedkreq.exe O4 - HKLM\..\Run: [iluqcwr] C:\Program Files\Common Files\Microsoft Shared\nqyltsy.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe O4 - HKCU\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe O4 - HKUS\S-1-5-19\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: kvdxsjma.dll O20 - Winlogon Notify: msv1_1 - C:\WINDOWS\SYSTEM32\msv1_1.dll O21 - SSODL: bkxkxgtgt - {98765432-9876-9876-9876-9876543210fe} - C:\WINDOWS\system32\pcpylylyh.zmz O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: 1391A4EC - Unknown owner - C:\WINDOWS\system32\FDAB162D.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: E81E64DA - Unknown owner - C:\WINDOWS\system32\33960D2A.EXE O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Fax 2Client (ms_2fax) - Unknown owner - C:\WINDOWS\system32\50471.exe O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE O23 - Service: OracleOraHome81CMAdmin - Unknown owner - D:\oracle\ora81\BIN\CMADMIN.EXE O23 - Service: OracleOraHome81CMan - Unknown owner - D:\oracle\ora81\BIN\CMGW.EXE O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe O23 - Service: OracleServiceERP - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Proawedure Call Systam(RPCSddcmh) (RpcSdachdm) - Unknown owner - C:\WINDOWS\system32\Rpccwdomh.exe (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAPERP_00 - SAP AG - C:\usr\sap\ERP\SYS\exe\run\SAPSTARTSRV.EXE O23 - Service: SAPOSCOL - SAP AG - C:\usr\sap\ERP\SYS\exe\run\SAPOSCOL.EXE O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: svchost - Unknown owner - C:\WINDOWS\system32\dllcache\svchost.exe (file missing) O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\3F148\svchost.exe -- End of file - 20219 bytes

ss77

2 Posts

November 24th, 2007 21:00

Hello, I get a warning msg from Mcafee that computer is infected with New Poly Win32 Virus. I have run the hijackthis and the output log is pasted below. I would highly appreciate if you could pl help me getting this virus deleted from the machine. Thanks, SS ======= Hijack this log Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:57:49 PM, on 11/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\winnet.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe D:\oracle\ora81\bin\dbsnmp.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe D:\oracle\ora81\bin\vppdc.exe D:\oracle\ora81\BIN\TNSLSNR.exe d:\oracle\ora81\bin\ORACLE.EXE C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\usr\sap\ERP\SYS\exe\run\SAPSTARTSRV.EXE C:\usr\sap\ERP\SYS\exe\run\SAPOSCOL.EXE C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\3F148\svchost.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\WINDOWS\system32\3F148\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\program files\mcafee\msc\mcuimgr.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\qxepnl.exe C:\WINDOWS\pwsujg.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\k11959411706.exe C:\WINDOWS\system32\k11959411759.exe C:\WINDOWS\system32\k119594118114.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kzxf.net/?y R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.6rt6.cn/index.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

View More

View All

No Events found!

Top