Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected With Jay.exe, Mveo.exe.. Please Help!

  • Please log in to reply
1 reply to this topic

#1 k2n6g


  • Members
  • 4 posts
  • Local time:03:08 AM

Posted 18 October 2007 - 09:57 AM

guys, is there any way how to remove these viruses? but 1st, is this is virus or a malware? i tried everything from scanning anti-viruses, combo-fix, ravmon removal and hijack this. i also tried to erase its exe files from the the registry but to no avail. worse, it also infected my external hard disk. it there anyway that i could get rid this files without reformatting my external hard disk because all of my important files are in there.. i got this from a flash drive. this virus disables the drives in my pc. i cannot open any drives clicking on it and the toolbars of any software running on my pc change its name to jaymyka.wen9.com, here is the log of the last scan that i did using combo-fix. i hope that you could help me removing this especially in my external hard disk because all of my important files are in there.. thanks in advance..

ComboFix 07-10-18.6 - gnik 2007-10-18 22:47:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.266 [GMT 8:00]
Running from: C:\Documents and Settings\gnik\Desktop\ComboFix.exe
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))

2007-10-18 12:31 202,474 -rahs---- C:\jay.exe
2007-10-17 23:06 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-17 23:06 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-17 20:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-17 20:09 <DIR> d-------- C:\Documents and Settings\gnik\Application Data\SUPERAntiSpyware.com
2007-10-17 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-17 20:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 18:07 <DIR> d-------- C:\Program Files\Trisnap Technologies
2007-10-16 18:07 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2007-10-16 15:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-07 20:25 212,480 --a------ C:\WINDOWS\system32\pcdlib32.dll
2007-10-07 20:25 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-10-01 16:03 <DIR> d-------- C:\Program Files\ElcomSoft
2007-09-29 23:53 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-09-29 23:53 <DIR> d-------- C:\Documents and Settings\gnik\Application Data\MegauploadToolbar
2007-09-29 00:33 <DIR> d-------- C:\Program Files\LEGO Company
2007-09-29 00:33 <DIR> d-------- C:\Documents and Settings\gnik\Application Data\LEGO Company
2007-09-29 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QubeSoft
2007-09-28 23:38 <DIR> d-------- C:\Program Files\Replay Media Catcher
2007-09-28 23:25 <DIR> d-------- C:\Program Files\Spb Software House
2007-09-28 22:53 <DIR> d-------- C:\iPAQ
2007-09-28 22:16 <DIR> d-------- C:\Program Files\Common Files\Real
2007-09-24 20:42 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-09-24 20:20 <DIR> d-------- C:\Documents and Settings\gnik\Application Data\Syntrillium
2007-09-24 20:19 <DIR> d-------- C:\Program Files\Cool2000
2007-09-24 11:15 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-24 11:15 <DIR> d-------- C:\Documents and Settings\gnik\Application Data\BitTorrent
2007-09-24 01:57 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-09-24 01:57 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-09-23 23:21 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-09-23 23:21 308,224 --a------ C:\WINDOWS\system32\avisynth.dll
2007-09-23 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-17 14:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 14:37 --------- d-----w C:\Program Files\Nevo
2007-10-17 14:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-17 12:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 12:45 --------- d-----w C:\Program Files\Common Files\snpstd3
2007-10-11 14:21 --------- d-----w C:\Documents and Settings\gnik\Application Data\FrostWire
2007-10-07 12:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-04 14:36 --------- d-----w C:\Program Files\mIRC
2007-09-28 16:26 --------- d-----w C:\Program Files\Java
2007-09-24 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-09-24 03:14 --------- d-----w C:\Documents and Settings\gnik\Application Data\uTorrent
2007-09-23 15:21 --------- d-----w C:\Program Files\Ultra Video To Flash Converter
2007-09-23 14:21 --------- d-----w C:\Program Files\Apple Software Update
2007-09-05 19:13 --------- d-----w C:\Program Files\MediaRing
2007-09-02 17:40 --------- d-----w C:\Program Files\ReflexiveArcade
2007-09-02 17:29 --------- d-----w C:\Documents and Settings\gnik\Application Data\OpenOffice.org2
2007-08-23 19:06 --------- d-----w C:\Program Files\LitexMedia
2007-08-23 18:54 --------- d-----w C:\Program Files\MSN Messenger
2007-08-18 19:12 --------- d-----w C:\Documents and Settings\gnik\Application Data\MRTalk
2004-08-03 22:56:50 202,474 --sha-r C:\WINDOWS\system32\mveo.exe

((((((((((((((((((((((((((((( snapshot@2007-10-17_20.06.54.45 )))))))))))))))))))))))))))))))))))))))))
- 2007-10-16 15:14:42 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-17 16:22:59 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-16 15:14:42 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-17 16:22:59 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 20:39 C:\WINDOWS\SOUNDMAN.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-17 21:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:56 C:\WINDOWS\system32\bthprops.cpl]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" []
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-06-25 23:28]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 01:27]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-04 05:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NevoMedia Server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NevoMedia Server.lnk
backup=C:\WINDOWS\pss\NevoMedia Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gnik^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\gnik\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ampli]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameDrive]
"C:\Program Files\FarStone\GameDrive\GDP\GDTask.exe" /AutoRestore

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

Contents of the 'Scheduled Tasks' folder
"2007-09-23 14:21:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 22:48:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Completion time: 2007-10-18 22:49:33
C:\ComboFix2.txt ... 2007-10-17 20:07
--- E O F ---

BC AdBot (Login to Remove)



#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,722 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:08 PM

Posted 18 October 2007 - 10:38 PM

i tried everything from...combo-fix...and hijack this.

Are you trained in the use and investigation of the log this program generates? This is an advanced tool. Most of the log entries listed are required to run a computer and removing essential ones can potentially cause serious damage to your system. HijackThis relies on experts to interpret the log entries and determine what needs to be fixed. If you do not have advanced knowledge about computers or training in the use of this tool, you should NOT fix anything using HijackThis without consulting a expert as to what to fix. Using this tool incorrectly could adversely impact your system.

You should not be using Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users