Unsolved
This post is more than 5 years old
9 Posts
0
5921
Repetitive Virus called: Win32.SillyDLCS Please Help
This virus keeps poping up about every 20 minutes and will not go away. I have tried numerous virus scans and it will not go away. Also, I keep getting popups from (Update - Internet Explorer) and other various advertisements like Monster.com and especially search.offeroptimizer.com, Can someone please help?
Message Edited by MenaceOfMen on 01-30-2005 02:26 PM
Midnight Star
4.8K Posts
0
January 30th, 2005 19:00
Let's start with this...
Go to www.trendmicro.com, and then:
1. Click " Free Online Scan".
2. Click " Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) " Auto Clean".
3. Click " Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Download mwav.exe from MicroWorld, then:
1. Double-click the mwav.exe icon to run it ( it'll self extract).
2. Click " Scan".
3. When it completes, post back the results.
Let's see what's running on that system; post up a HiJackThis log for analysis.
Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.0. Now, let's do the following:
1. Click " Scan"
2. Click " Save log"
Notepad will pop-up with a copy of your system long, then:
1. " Edit | Select all"
2. " Edit | Copy"
Next, let's " Reply" back to this post, then:
1. Right-click on the message body.
2. Select " Paste"
Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
Mike.
MenaceOfMen
9 Posts
0
January 30th, 2005 19:00
Also, I would like to know what a VX2 file is and how to keep them off my computer because of their high threat
MenaceOfMen
9 Posts
0
January 31st, 2005 13:00
House Call:
Scan saved at 2:43:29 AM, on 01/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv.com/community/messages/inbox.jhtml?_DARGS=/community/messages/inbox.jhtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://registernet.passport.net/reg.srf?xpwiz=true&lc=1033&langid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.classlink2000.com/sites/FILES/wfica.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
MenaceOfMen
9 Posts
0
January 31st, 2005 14:00
eScan Antivirus:
File C:\WINDOWS\BTGrab.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dsktrf.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.b" Virus. Action Taken: No
File C:\WINDOWS\system32\randreco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Joshua\LOCALS~1\Temp\DrTemp\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No
File C:\DOCUME~1\Joshua\LOCALS~1\Temp\THI11C2.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Fraps.exe infected by "TrojanSpy.Win32.Agent.ar" Virus. Action Taken: No
File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Halo\Halo 2 Screensaver.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No
File C:\Documents and Settings\Joshua\Local Settings\Temp\DrTemp\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No
File C:\Documents and Settings\Joshua\Local Settings\Temp\THI11C2.tmp\wupdt.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Desktop\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temp\5Va01152\enhupdt.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temp\DrTemp\wupdsnff.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temp\mynut2.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GQW0WP94\blasterball2drm3-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GQW0WP94\otto-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GQW0WP94\slyderdrm3-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IDERKLMN\blasterball2holidays-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IDERKLMN\grooveomatic-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NRSTBENQ\overball-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NRSTBENQ\supergranny-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VP3KYO67\blasterball2remix-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VP3KYO67\orbital-drm3[1].exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\GoldMinerSetup-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\slyderdrm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\Yahtzee-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\Program Files\WildTangent\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Program Files\WildTangent\blasterball2remix-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\Program Files\WildTangent\orbital-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc1.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc4.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP107\A0023650.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP107\A0023652.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP107\A0023653.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP109\A0023852.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0024867.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0024869.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0024940.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0024955.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0024989.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP110\A0025187.exe infected by "Trojan-Dropper.Win32.Agent.ch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP112\A0027253.exe infected by "Trojan-Dropper.Win32.Agent.ch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP119\A0027529.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP124\A0027689.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP124\A0027725.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP124\A0027774.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP124\A0027789.exe infected by "Trojan-Dropper.Win32.Agent.ch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP125\A0027842.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP125\snapshot\MFEX-25.DAT infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP126\A0027908.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP126\A0027923.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP126\A0027977.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP126\snapshot\MFEX-25.DAT infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP127\A0028024.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP132\A0028116.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP132\A0028158.exe infected by "Trojan-Dropper.Win32.Agent.ch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP135\A0028302.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP135\A0029000.exe infected by "TrojanDownloader.Win32.Stubby.c" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP139\A0029185.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP140\A0029296.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP141\A0029993.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP141\snapshot\MFEX-15.DAT infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP145\A0030272.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP152\A0030504.exe infected by "Trojan-Downloader.Win32.OneClickNetSearch.h" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP152\A0030539.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP63\A0010245.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP65\A0011463.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP65\A0012489.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP65\A0012504.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP67\A0012988.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP68\A0013072.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP68\A0013086.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP68\A0013102.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP73\A0014471.DLL infected by "not-a-virus:AdWare.FunWeb.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP73\A0014483.exe infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP73\A0014518.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014596.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014600.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014605.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014606.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014610.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014625.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP74\A0014640.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP77\A0014909.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP77\A0014922.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP77\A0015471.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP78\A0015549.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP78\A0016524.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP79\A0016597.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP79\A0016614.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017478.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017479.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017480.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017482.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017556.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP80\A0017571.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP82\A0017678.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP83\A0017752.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP83\A0017789.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP86\A0018805.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP90\A0022923.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP90\A0022941.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP90\A0022944.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP90\A0022945.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No
File C:\WINDOWS\system32\dsktrf.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.b" Virus. Action Taken: No
File C:\WINDOWS\system32\randreco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No
File C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No
Thanks a lot Mike!
Message Edited by MenaceOfMen on 01-31-2005 10:05 AM
Midnight Star
4.8K Posts
0
January 31st, 2005 16:00
MenaceOfMen,
First, let's get rid of the viruses in your system restore and temp folder(s), just in case we need to use it for any reason:
Download, unzip to your desktop CWShredder and run it, then:
( If an update isn't available, skip to step #4.)
3. When the new version has been downloaded, click " Save".
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u systb.dll
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
C:\WINDOWS\systb.dll
C:\WINDOWS\farmmext.exe
C:\WINDOWS\wupdt.exe
Post back a new log.
Message Edited by Midnight Star on 01-31-2005 12:37 PM
Midnight Star
4.8K Posts
0
January 31st, 2005 21:00
Good work! Try this from a command prompt, entering each line one at a time. To save typing, you can use the mouse to drag-select then copy/paste the text into the command prompt.
attrib -r C:\WINDOWS\BTGrab.dll
del C:\WINDOWS\BTGrab.dll
attrib -r C:\WINDOWS\systb.dll
del C:\WINDOWS\systb.dll
Be sure to post back a new log.
-
Mike.
MenaceOfMen
9 Posts
0
January 31st, 2005 21:00
Everything checked out good except I couldn't delete C:\WINDOWS\BTGrab.dll or C:\WINDOWS\systb.dll because of their write protection and I'm not sure how to get rid of that.
Thanks a bunch:smileyhappy:
Message Edited by MenaceOfMen on 01-31-2005 05:50 PM
MenaceOfMen
9 Posts
0
January 31st, 2005 23:00
Everything you told me to do worked so far. Now I just have to go on the internet and look out for popups and if they don't show it would have worked. Thanks a lot Mike! I haven't seen the Win32.SillyDI.CS virus either! but could I ask what a VX2 file is, what they do, and how to keep them away? If you look at my second post it shows I had 33 of them and their threat is 10 out of 10.
MenaceOfMen
9 Posts
0
January 31st, 2005 23:00
Midnight Star
4.8K Posts
0
February 1st, 2005 00:00
MenaceOfMen,
Your welcome! Now let's make sure there nothing else on there that HiJackThis couldn't see, then we'll need to do some final cleanup, to clean-out the recycle bin and reset your system restore points.
Download mwav.exe from MicroWorld, then:
2. Click " Scan".
3. When it completes, post back the results.
Midnight Star
4.8K Posts
0
February 1st, 2005 11:00
MenaceOfMen,
I use Norton's myself, and recommend AVG 7.x since it's free. Many 'Agents of Malware Destruction' do recommend AVG 7.x since it seems to find some of the more prevalent problems that other anti-virus programs don't address. I really haven't had the time to research anti-virus programs yet (hopefully, that'll come later this year when I pick up a testbed system).
C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Halo\Halo 2 Screensaver.exe
C:\Documents and Settings\Owner\Desktop\blasterball2drm3-drm3.exe
C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\slyderdrm3-drm3.exe
C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\Yahtzee-dm.exe
C:\Program Files\WildTangent\blasterball2remix-drm3.exe
C:\Program Files\WildTangent\orbital-drm3.exe
C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc4.exe
C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000009.exe
C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000012.dll
MenaceOfMen
9 Posts
0
February 1st, 2005 11:00
I did, there was one virus, and the rest was just adware. I will try to get rid of the adware myself, but the virus... well I got eTrust EZ Antivirus and its not the best I've ever had lol. Could you reccomend me a free virus program? Heres the list of stuff on my computer:
File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Fraps.exe infected by "TrojanSpy.Win32.Agent.ar" Virus
. Action Taken: No Action Taken.File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Halo\Halo 2 Screensaver.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Desktop\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\GoldMinerSetup-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\slyderdrm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\Yahtzee-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\WildTangent\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\WildTangent\blasterball2remix-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\WildTangent\orbital-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc1.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc4.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000007.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000009.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000012.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
Message Edited by MenaceOfMen on 02-01-2005 07:37 AM
Midnight Star
4.8K Posts
0
February 1st, 2005 12:00
MenaceOfMen,
I believe this was your VX2 transponder: C:\WINDOWS\BTGrab.dll . Here's, some info on VX2:
As far as modes of infection, there can be quite a few; yours may have came in with the CWS. Later on, when I have more research time, i'll delve into the internals of that 'garbageware' more.
-
Mike.
MenaceOfMen
9 Posts
0
February 1st, 2005 17:00
Message Edited by MenaceOfMen on 02-01-2005 01:38 PM