Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Burn, Networm-i.virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 tbkandme

tbkandme

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 07 October 2007 - 09:41 PM

I have installed and used several spyware removers and still have this virus (maybe its more than one?) Help please. The following is the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:16 PM, on 10/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Online Add-on\icthis.exe
C:\Program Files\Online Add-on\icmntr.exe
C:\Program Files\Online Add-on\isfmntr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Online Add-on\isfmm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Flash Module - {775B738B-4540-4b16-A1DA-932C402FD8F7} - btasv.dll (file missing)
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Add-on\isfmdl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Add-on\isfmntr.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190765256505
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freeware/cab/...cyprotector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13F7B8C0-9BE6-4823-ADD6-C42976F9A02C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: rEbKTVw - {D0D67D5C-7A7C-D7F6-ACD5-8D78B2014180} - C:\WINNT\system32\fcwf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINNT\system32\.exe (file missing)

--
End of file - 3727 bytes

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:12:27 PM

Posted 23 October 2007 - 10:41 AM

Hi tbkandme,

Sorry for the delay, this forum is overwhelmed right now.

If you still need assistance, please do the following:

First, I can see no evidence that you have any antivirus software installed. You have some antispyware programs, but these do not offer protection from viruses. You need a real-time antivirus scanner running whenever you are online. This is critical, it can't wait until after we have cleaned up your PC. Please download one of these free programs:


AVG Free is available at this site.

Avast Home Edition is available here.

Avira AntiVir can be downloaded here.


I personally use AVG Free, but all these programs have good reputations. If you don't like one, you can try another. Please consult the help files or online support for information on installing, updating, and using the program.

After you have installed and updated the antivirus program, let it run a full system scan. Have it quarantine any threats that it finds.

Then, run a fresh HJT scan and post the log to a reply here.

Dave

#3 tbkandme

tbkandme
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 23 October 2007 - 08:59 PM

thanks for attempting to help, however a friend eventually took a look at it and got it fixed.

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:12:27 PM

Posted 24 October 2007 - 05:31 AM

Hi again,

Thanks for your reply. Glad to hear that you got it fixed. :thumbsup:

Since this topic appears to be resolved, it is now closed. If you want it re-opened, please PM me and put the url in your request.

This applies to the original poster only. Everyone else please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users