Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Resilient Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Milosz006

Milosz006

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 01 March 2008 - 09:16 PM

This particular virus spawns 2 files on my desktop, "Help and Support Center" and "Windows Update" which both point to StorageProtector.com. My C:\ continually fills up with a billion "POSxx" TMP files. My C:\Documents and Settings\NAME\Local Settings\Temporary Internet Files\ folder has regenerating files which also point to StorageProtector.com. Neither HJT or Ewido Anti-Spyware have permanently or temporarily fixed this problem. Ewido won't let me shred any of the files since they are in use and HJT won't let me select files in my Temp internet files directory. Thank you in advance for any help. :thumbsup:

EDIT: Also, I can't remember how I got this error but it included "/e,/idlist,:620:1388", which is how I found this forum. ;)

HiJack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:42 PM, on 3/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido Anti-Spyware 4.0\guard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Ewido Anti-Spyware 4.0\ewido.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Install Files\HiJackThis(2).exe

O2 - BHO: (no name) - {701F271D-DD1D-4420-80D9-CFC27D4F83F2} - C:\WINDOWS\System32\ssttt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qnpcrilx.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Ewido Anti-Spyware 4.0\ewido.exe" /minimized
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O20 - Winlogon Notify: kcrsicmd - C:\WINDOWS\SYSTEM32\kcrsicmd.dll
O20 - Winlogon Notify: qnpcrilx - C:\WINDOWS\SYSTEM32\qnpcrilx.dll
O20 - Winlogon Notify: __c009B9A4 - C:\WINDOWS\SYSTEM32\__c009B9A4.dat
O20 - Winlogon Notify: __c00C07D9 - C:\WINDOWS\SYSTEM32\__c00C07D9.dat
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido Anti-Spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows

--
End of file - 2273 bytes

HiJack This UnInstall list:
7-Zip 4.52 beta
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Ahead Nero Burning ROM
AOL Instant Messenger (SM)
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
AutoHotkey 1.0.47.04
BitComet 0.70
CCleaner (remove only)
CDisplay 1.8
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus
DVD Decrypter (Remove Only)
DVD Region+CSS Free 5.9.8.5
DVD Shrink 3.2
ewido anti-spyware 4.0
FLAC Installer 1.1.2a (remove only)
GoldWave v5.22
Hamachi 1.0.2.3
HijackThis 2.0.2
J2SE Development Kit 5.0 Update 13
J2SE Runtime Environment 5.0 Update 13
Magic Online
Magic Workstation 0.94f
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Movavi VideoSuite 5
Mozilla Firefox (2.0.0.12)
NetBeans IDE 5.5.1
NetBeans Mobility Pack 5.5.1
PeerGuardian 2.0
QuickTime Alternative 1.81
Sony DVD Architect 4.0b
Steam
Team Fortress 2
TigerGame XBOX+PS2+GC Game Controller Adapter
Trillian
UltraMon
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Winamp (remove only)
Windows Installer 3.1 (KB893803)
World of Warcraft
ZoneAlarm

BC AdBot (Login to Remove)

 


m

#2 Milosz006

Milosz006
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 05 March 2008 - 06:38 PM

I know I'm not supposed to bump, but this thread is on page 17 and I've had no replies so I'm thinking it got too buried too receive a reply. :thumbsup:

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:56 PM

Posted 20 March 2008 - 10:42 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users