Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

~help With My Malware Problems..~


  • This topic is locked This topic is locked
9 replies to this topic

#1 crazyoutlaw

crazyoutlaw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 21 March 2008 - 01:53 AM

I know for a fact that I have malware on my computer..and its very hard to remove.I currently have Spybot,Ad-Aware,A Squared,& HTJ installed on my computer.The names of the malware are 7Fasst,Accoona,Adbreak,Aconti and there are several more.Anyways this is the HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:53 AM, on 3/21/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Ares\Ares.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\program files\a-squared free\a2free.exe
C:\Program Files\a-squared Free\a2service.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINNT\
O21 - SSODL: ChkBoot - {c269f9c9-19b3-48e4-b0fb-5b40e12e704e} - C:\WINNT\Installer\{c269f9c9-19b3-48e4-b0fb-5b40e12e704e}\ChkBoot.dll (file missing)
O21 - SSODL: CheckDrive - {cb1766b7-a29f-461d-972d-6ab3f125439f} - C:\WINNT\Installer\{cb1766b7-a29f-461d-972d-6ab3f125439f}\CheckDrive.dll (file missing)
O21 - SSODL: CDRam - {a2361e74-f214-4c4f-9642-31b75d636608} - C:\WINNT\Installer\{a2361e74-f214-4c4f-9642-31b75d636608}\CDRam.dll (file missing)
O21 - SSODL: CDChk - {6d392a60-4232-4370-a2c5-2514ad54d039} - C:\WINNT\Installer\{6d392a60-4232-4370-a2c5-2514ad54d039}\CDChk.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5183 bytes



Any help would be MUCH appreciated.

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:26 PM

Posted 21 March 2008 - 07:15 AM

Hello and welcome!

I noticed that there are some components missing from Mcafee, have you uninstalled it?

You are running a few Antispyware apps: Adaware,A-asquared but these do not protect you against viruses like a real Antivirus program!

If you still are running Mcafee i would like to know more information about it, what happened? Was it a trial version or did you pay for it?

We need to make sure that any leftovers from Mcafee do not exist If/when you install a new Antivirus.

|

- How to uninstall Mcafee - install a new Antivirus -

Go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

McAfee E-mail Proxy

( Everything related to Mcafee )

You can reboot after uninstall, if there was anything to uninstall.

Installing a new Antivirus
  • Antivir
  • Avast Free
  • AVG Free
  • Bitdefender Free

    ||

    Download one of these in the list, i suggest Antivir because it does not require much from your system and it is very easy to use.

    Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know the results.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 crazyoutlaw

crazyoutlaw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 21 March 2008 - 01:26 PM

Thanks for the reply...I had the Comcast McAfee Suite, but then decided to uninstall it. Ive tried to remove it completely but it just wont budge. Also, my Add/Remove Programs doesn't work.This is the second time that happened,I click on it..and the only thing that appears is text on the top..nothing else.Any tips?Thanks

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:26 PM

Posted 21 March 2008 - 02:30 PM

Try doing this:
  • Click Start, and then click Run.
  • In the Open box, type cmd, and then press ENTER.
  • In the Command window, type regsvr32 mshtml.dll, and then press ENTER.
  • Click OK to confirm that the registry entry has been added.
  • In the Command window, type regsvr32 shdocvw.dll -i, and then press ENTER.
  • Click OK to confirm that the registry entry has been added.
  • In the Command window, type regsvr32 shell32.dll -i, and then press ENTER.
  • Click OK to confirm that the registry entry has been added.
    Close the Command window.
And secondly, it is very important that you install a Antivirus program! Please follow my previous instrcutions how to Install a new Antivirus and post back with the results.

Cheers
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 crazyoutlaw

crazyoutlaw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 21 March 2008 - 07:57 PM

I did what you said,all the registry were added without problems... And I currently have AVG 7.5 (free version)installed on my computer.What next?

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:26 PM

Posted 22 March 2008 - 03:33 AM

Is this already done?

Install a new Antivirus and uninstallinf the old one


i would like to know this because we will not move anywhere before this is done.

There are instructions in my earlier post how to do this. ( post # 2 )


If these steps are already done, do as it says and post the results :thumbsup:


Thanks

Edited by Rahina Rescue, 22 March 2008 - 03:36 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 crazyoutlaw

crazyoutlaw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 23 March 2008 - 01:56 AM

I currently have AD-AWARE,HJT,SPYBOT,FREE AVG VIRUS,and A Sqaured on my computer.Ive been running them alot lately,and my computer seems kinda better,but I know Im still infected.What is Aconti..well this is the log..any help??








.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:44 AM, on 3/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINNT\
O21 - SSODL: ChkBoot - {c269f9c9-19b3-48e4-b0fb-5b40e12e704e} - C:\WINNT\Installer\{c269f9c9-19b3-48e4-b0fb-5b40e12e704e}\ChkBoot.dll (file missing)
O21 - SSODL: CheckDrive - {cb1766b7-a29f-461d-972d-6ab3f125439f} - C:\WINNT\Installer\{cb1766b7-a29f-461d-972d-6ab3f125439f}\CheckDrive.dll (file missing)
O21 - SSODL: CDRam - {a2361e74-f214-4c4f-9642-31b75d636608} - C:\WINNT\Installer\{a2361e74-f214-4c4f-9642-31b75d636608}\CDRam.dll (file missing)
O21 - SSODL: CDChk - {6d392a60-4232-4370-a2c5-2514ad54d039} - C:\WINNT\Installer\{6d392a60-4232-4370-a2c5-2514ad54d039}\CDChk.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 3635 bytes

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:26 AM

Posted 30 March 2008 - 02:41 AM

crazyoutlaw,

I have merged your new HJT topic on the same issue same computer with your original thread. Please reply in this thread and stick with it until you have been declared clean.

Back to you Rahina Rescue

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:26 PM

Posted 30 March 2008 - 02:54 PM

Sorry for the delay getting to you!

What is Aconti..well this is the log..any help??


Acounti is a dialer and needs to be removed. Let us continue now.

Please download Combofix to your desktop.
  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#10 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:26 PM

Posted 11 April 2008 - 06:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users