Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.trojandownloader.newmedia Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 XElixX

XElixX

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 23 July 2008 - 11:59 PM

hi, im new here, i have a problem, i got this virus that doesnt let me open the local disk C, and doesnt let me open the task manager, it says that it has been blocked, also theres a message in the start bar, that says "VIRUS ALERT", also in the desktop appeared three shortcuts, to "error cleaner", "privacy protector" and "spyware&malware protection", i tried to erase it with the ad-aware 2007, and it does detect a malware by the name of "Win32.TrojanDownloader.NewMedia", but when i erase it, it just comes again, and when i tried to erase it again with the ad-aware it didnt detect it anymore, even though is still there, it makes the computer really slow, and sometimes it makes pop ups appear, saying that my computer is infected, spyware alert, etc..., i managed to erase the "error cleaner", "privacy protector and the "spyware&malware protection" but is still says VIRUS ALERT! and doesnt let me open a lot of things T.T

I appreciate your help!

Here is the report generated froms the DSS but it just gave me the main.txt, and it said it should give me two, why is that?... well here´s what the DSS scanned

Deckard's System Scanner v20071014.68
Run by user1 on 2008-07-23 22:50:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as user1.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51: VIRUS ALERT!, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Ares\Ares.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Ares Galaxy Turbo Booster\Ares Galaxy Turbo Booster.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\archivos de programa\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\ARCHIV~1\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Winamp\winamp.exe
C:\Archivos de programa\Panda Security\Panda Internet Security 2008\psimreal.exe
C:\Documents and Settings\user1\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\user1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
R3 - URLSearchHook: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\pmnnnKDV.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: QXK Olive - {8663655C-F6D4-4520-859E-67008902A889} - (no file)
O2 - BHO: {ea63202c-877d-793b-6d54-9cac86308688} - {88680368-cac9-45d6-b397-d778c20236ae} - C:\WINDOWS\system32\enbccz.dll
O2 - BHO: (no name) - {AC0C33A8-E7F4-40D3-99A1-C8B99C0EC9DD} - C:\WINDOWS\system32\geBTNFya.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
O3 - Toolbar: (no name) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - (no file)
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [5498ca4a] rundll32.exe "C:\WINDOWS\system32\xubfmpmo.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ares Galaxy Turbo Booster.lnk = C:\Archivos de programa\Ares Galaxy Turbo Booster\Ares Galaxy Turbo Booster.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196898242000
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O20 - Winlogon Notify: pmnnnKDV - C:\WINDOWS\SYSTEM32\pmnnnKDV.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Archivos de programa\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\archivos de programa\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Archivos de programa\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Archivos de programa\Viewpoint\Common\ViewpointService.exe

--
End of file - 9915 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 20:24:46 116352 --a------ C:\WINDOWS\system32\vtydykvq.dll
2008-07-22 20:24:46 116352 --a------ C:\WINDOWS\system32\enbccz.dll
2008-07-22 20:24:41 94848 --a------ C:\WINDOWS\system32\xubfmpmo.dll
2008-07-22 18:25:08 116352 --a------ C:\WINDOWS\system32\ocfqxayy.dll
2008-07-22 18:25:08 116352 --a------ C:\WINDOWS\system32\nbfwpw.dll
2008-07-21 18:22:32 92672 -----n--- C:\WINDOWS\system32\tswwqcwl.dll
2008-07-21 18:21:10 116864 --a------ C:\WINDOWS\system32\dumkkm.dll
2008-07-21 18:21:09 116864 --a------ C:\WINDOWS\system32\cmphxxdu.dll
2008-07-20 15:49:35 116352 --a------ C:\WINDOWS\system32\vatcacme.dll
2008-07-20 15:49:35 116352 --a------ C:\WINDOWS\system32\lsfauq.dll
2008-07-19 15:46:07 116864 --a------ C:\WINDOWS\system32\wdtzqc.dll
2008-07-19 15:46:06 116864 --a------ C:\WINDOWS\system32\dqilgyxb.dll
2008-07-18 22:40:40 116864 --a------ C:\WINDOWS\system32\opaqmj.dll
2008-07-18 22:40:40 116864 --a------ C:\WINDOWS\system32\objrnsxy.dll
2008-07-18 22:26:32 0 d-------- C:\Archivos de programa\Nero
2008-07-18 22:26:31 0 d-------- C:\Archivos de programa\Archivos comunes\Ahead
2008-07-18 21:24:04 116864 --a------ C:\WINDOWS\system32\ktepgn.dll
2008-07-18 21:24:03 116864 --a------ C:\WINDOWS\system32\ncisljta.dll
2008-07-17 21:24:55 116352 --a------ C:\WINDOWS\system32\ugqlwf.dll
2008-07-17 21:24:55 116352 --a------ C:\WINDOWS\system32\blrauqkt.dll
2008-07-17 20:21:59 116352 --a------ C:\WINDOWS\system32\oufksufn.dll
2008-07-17 20:21:59 116352 --a------ C:\WINDOWS\system32\nlgrvt.dll
2008-07-16 19:38:31 116352 --a------ C:\WINDOWS\system32\jgsedo.dll
2008-07-16 19:38:31 116352 --a------ C:\WINDOWS\system32\cenesklj.dll
2008-07-14 19:59:52 0 d-------- C:\Archivos de programa\Trend Micro
2008-07-14 19:55:03 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-07-14 10:41:55 116352 --a------ C:\WINDOWS\system32\aewqbc.dll
2008-07-14 10:41:54 116352 --a------ C:\WINDOWS\system32\qiqtbbml.dll
2008-07-12 22:03:02 116864 --a------ C:\WINDOWS\system32\wfkxamuk.dll
2008-07-12 22:03:02 116864 --a------ C:\WINDOWS\system32\imhnkr.dll
2008-07-12 16:53:47 0 d-------- C:\Archivos de programa\Webteh
2008-07-10 21:41:04 116352 --a------ C:\WINDOWS\system32\potwci.dll
2008-07-10 21:41:04 116352 --a------ C:\WINDOWS\system32\cxdkcljt.dll
2008-07-07 06:51:49 0 d-------- C:\WINDOWS\privacy_danger(2)
2008-07-07 00:00:38 450465 --ahs---- C:\WINDOWS\system32\ayFNTBeg.ini2
2008-07-07 00:00:13 318720 -----n--- C:\WINDOWS\system32\geBTNFya.dll
2008-07-06 23:54:56 28800 --a------ C:\WINDOWS\system32\pmnnnKDV.dll
2008-07-06 23:54:16 176128 --a------ C:\WINDOWS\esrp.exe
2008-07-06 23:54:16 344064 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-06 23:54:15 299008 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-06 23:54:00 0 d-------- C:\Archivos de programa\PCHealthCenter
2008-07-06 20:27:01 36864 --a------ C:\WINDOWS\system32\smart.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-07-06 20:27:01 38912 --a------ C:\WINDOWS\system32\LoveFly.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-07-22 22:11:58 0 d-------- C:\Archivos de programa\Java
2008-07-18 22:32:26 0 d-------- C:\Documents and Settings\user1\Datos de programa\Ahead
2008-07-18 22:26:31 0 d-------- C:\Archivos de programa\Archivos comunes
2008-07-18 22:13:44 0 d-------- C:\Archivos de programa\ahead
2008-07-14 19:57:28 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-07-14 19:55:03 0 d-------- C:\Documents and Settings\user1\Datos de programa\SUPERAntiSpyware.com
2008-07-12 19:03:08 0 d-------- C:\Documents and Settings\user1\Datos de programa\BSplayer PRO
2008-07-08 09:13:46 0 d-------- C:\Archivos de programa\Lavasoft
2008-07-06 23:57:05 0 d-------- C:\Archivos de programa\Panda Security
2008-07-06 23:54:41 0 d-------- C:\Documents and Settings\user1\Datos de programa\TmpRecentIcons
2008-06-01 23:05:04 0 d-------- C:\Archivos de programa\Notation
2008-05-04 12:19:39 134861 --a------ C:\WINDOWS\HPHins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
06/07/2008 23:54: VIRUS ALERT! 28800 --a------ C:\WINDOWS\system32\pmnnnKDV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8663655C-F6D4-4520-859E-67008902A889}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88680368-cac9-45d6-b397-d778c20236ae}]
22/07/2008 20:24: VIRUS ALERT! 116352 --a------ C:\WINDOWS\system32\enbccz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC0C33A8-E7F4-40D3-99A1-C8B99C0EC9DD}]
07/07/2008 00:00: VIRUS ALERT! 318720 --------- C:\WINDOWS\system32\geBTNFya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
22/07/2008 22:12: VIRUS ALERT! 34816 --a------ C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
22/07/2008 22:12: VIRUS ALERT! 73728 --a------ C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Archivos de programa\Winamp Toolbar\winamptb.dll [04/10/2007 14:06: VIRUS ALERT! 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 13:47: VIRUS ALERT! C:\WINDOWS\ALCXMNTR.EXE]
"VTTimer"="VTTimer.exe" [22/10/2004 11:53: VIRUS ALERT! C:\WINDOWS\system32\VTTimer.exe]
"APVXDWIN"="C:\Archivos de programa\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [23/07/2007 18:30: VIRUS ALERT!]
"SCANINICIO"="C:\Archivos de programa\Panda Security\Panda Internet Security 2008\Inicio.exe" [11/07/2007 15:17: VIRUS ALERT!]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre6\bin\jusched.exe" [22/07/2008 22:12: VIRUS ALERT!]
"NeroFilterCheck"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57: VIRUS ALERT!]
"5498ca4a"="C:\WINDOWS\system32\xubfmpmo.dll" [22/07/2008 20:24: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 06:00: VIRUS ALERT!]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34: VIRUS ALERT!]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [13/10/2004 10:24: VIRUS ALERT!]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [20/02/2008 08:33: VIRUS ALERT!]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03: VIRUS ALERT!]

C:\Documents and Settings\user1\Men£ Inicio\Programas\Inicio\
Ares Galaxy Turbo Booster.lnk - C:\Archivos de programa\Ares Galaxy Turbo Booster\Ares Galaxy Turbo Booster.exe [07/03/2008 1:34:18]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 4:21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\pmnnnKDV.dll [06/07/2008 23:54: VIRUS ALERT! 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 20:02: VIRUS ALERT! 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll 06/07/2008 20:27: VIRUS ALERT! 36864 C:\WINDOWS\system32\smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll 16/07/2008 19:15: VIRUS ALERT! 38912 C:\WINDOWS\system32\LoveFly.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnnKDV]
pmnnnKDV.dll 06/07/2008 23:54: VIRUS ALERT! 28800 C:\WINDOWS\system32\pmnnnKDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBTNFya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" /background
"Orb"="C:\Archivos de programa\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c5832b-0196-11dd-9b45-000ea6b78c95}]
AutoRun\command- E:\ranvrgn.exe
explore\Command- E:\ranvrgn.exe
open\Command- E:\ranvrgn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f90c2b7c-d266-11dc-9afb-000ea6b78c95}]
AutoRun\command- rthrw.com
explore\Command- rthrw.com
open\Command- rthrw.com

*Newly Created Service* - COMFILTR



-- End of Deckard's System Scanner: finished at 2008-07-23 22:52:10 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:09 AM

Posted 26 July 2008 - 04:59 PM

Hello XElixX and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:09 AM

Posted 23 August 2008 - 05:45 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users