Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Install Programs


  • This topic is locked This topic is locked
2 replies to this topic

#1 ivo2296

ivo2296

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 25 November 2007 - 06:44 PM

Hello,

On winXP Pro SP2

I have a following problem:

After reboot my antivirus and spybot search & destroy executable files are gone. I tried to install them again but somehow the EXE files are been already deleted when i try to run the programs.

here is my HJlog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:46, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\jimjul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [AntiSpywareBot] "C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe" -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5E95B0-6569-430E-899E-5DBCB4E2979E}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/xampp/xampp/mysql/bin/mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: Webroot Spy Sweeper-Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6814 bytes



Thank for any help

BC AdBot (Login to Remove)

 


#2 ivo2296

ivo2296
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 26 November 2007 - 03:18 PM

I have fixed my problem:

I installed new OS on my second HDD, run the fresh installed and updated antivirus and now my problematic OS is cleaned and runs super. Here is my scan log if someone is interested:

[X] Report file: D:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1196095876.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10133.qit Infected: Trojan.Downloader.Bagle.EN
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10133.qit Disinfection failed
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10133.qit Deleted
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10135.qit Infected: Trojan.Downloader.Bagle.EN
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10135.qit Disinfection failed
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10135.qit Deleted
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10157.qit Infected: Backdoor.VB.EV
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10157.qit Disinfection failed
C:\Documents and Settings\ii\Application Data\AntiSpywareBot\Quarantine\25-11-2007-22-16-29\10157.qit Deleted
C:\Program Files\AdVantage\TR.dll Detected: Application.Memedia.B
C:\Program Files\AdVantage\TR.dll Disinfection failed
C:\Program Files\AdVantage\TR.dll Deleted
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot Infected: Trojan.Downloader.Bagle.EN
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot Disinfection failed
C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot Deleted
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Infected: Trojan.Downloader.Bagle.EN
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Disinfection failed
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Deleted
C:\Program Files\eMule\Incoming\Email Grabber & Sender 1.1.zip=>Email Grabber & Sender 1.1.exe Infected: Trojan.Downloader.Bagle.EN
C:\Program Files\eMule\Incoming\Email Grabber & Sender 1.1.zip=>Email Grabber & Sender 1.1.exe Disinfection failed
C:\Program Files\eMule\Incoming\Email Grabber & Sender 1.1.zip=>Email Grabber & Sender 1.1.exe Deleted
C:\Program Files\eMule\Incoming\Email Grabber & Sender 1.1.zip Archive repacking successfully completed (actions successfully applied)
C:\qoobox\Quarantine\C\WINDOWS\exefld\273781.exe.vir Infected: Backdoor.VB.EV
C:\qoobox\Quarantine\C\WINDOWS\exefld\273781.exe.vir Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\exefld\273781.exe.vir Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\hidr.exe.vir Infected: Trojan.Downloader.Bagle.EN
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\hidr.exe.vir Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\hidr.exe.vir Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir Infected: Trojan.Downloader.Bagle.EN
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Backdoor.VB.EV
C:\qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Deleted
C:\WINDOWS\exefld\14847937.exe Infected: Backdoor.VB.EV
C:\WINDOWS\exefld\14847937.exe Disinfection failed
C:\WINDOWS\exefld\14847937.exe Deleted
C:\WINDOWS\exefld\178718.exe Infected: Backdoor.VB.EV
C:\WINDOWS\exefld\178718.exe Disinfection failed
C:\WINDOWS\exefld\178718.exe Deleted
C:\WINDOWS\exefld\320890.exe Infected: Backdoor.VB.EV
C:\WINDOWS\exefld\320890.exe Disinfection failed
C:\WINDOWS\exefld\320890.exe Deleted
C:\WINDOWS\system32\drivers\hidr.exe Infected: Trojan.Downloader.Bagle.EN
C:\WINDOWS\system32\drivers\hidr.exe Disinfection failed
C:\WINDOWS\system32\drivers\hidr.exe Deleted
C:\WINDOWS\system32\drivers\srosa.sys Infected: Trojan.Downloader.Bagle.EN
C:\WINDOWS\system32\drivers\srosa.sys Disinfection failed
C:\WINDOWS\system32\drivers\srosa.sys Deleted
C:\WINDOWS\system32\wintems.exe Infected: Backdoor.VB.EV
C:\WINDOWS\system32\wintems.exe Disinfection failed
C:\WINDOWS\system32\wintems.exe Deleted
C:\zz\brutus-aet2\BrutusA2.exe Detected: Application.PWCrack.Brutus.A
C:\zz\brutus-aet2\BrutusA2.exe Disinfection failed
C:\zz\brutus-aet2\BrutusA2.exe Deleted

#3 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 09 December 2007 - 01:04 PM

Since this issue appears to be resolved, this topic is now closed

Edited by random/random, 09 December 2007 - 01:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users