Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"virus Alart!" In Task Bar


  • Please log in to reply
3 replies to this topic

#1 Thor2911

Thor2911

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 26 July 2008 - 10:03 AM

Hi all this is my first time posting . My computer has windows xp and the c drive is not in My Computer, there is Virus Alert! next to the time in military time in the task bar. I can not see my C:drive or access control panel! can someone help? thanks

I seen a fix on here dated Jun 29 2008, 06:19 PM for Chuma. I am scanning using Malwarebytes Anti-Malware but it was posted that you shouldn't use other peoples post for your PC so here I am :thumbsup:

BC AdBot (Login to Remove)

 


#2 Thor2911

Thor2911
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 26 July 2008 - 11:43 AM

Ok, I ran Malwarebytes Anti-Malware and I am able to see my C:drive again and access to the control panel.

Here is a copy of the Malwarebytes log :

Malwarebytes' Anti-Malware 1.23
Database version: 994
Windows 5.1.2600 Service Pack 3

11:08:30 AM 7/26/2008
mbam-log-7-26-2008 (11-08-30).txt

Scan type: Quick Scan
Objects scanned: 59952
Time elapsed: 26 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 57
Registry Values Infected: 6
Registry Data Items Infected: 16
Folders Infected: 2
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
F:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\f:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{44218730-94e0-4b24-bbf0-c3d8b2bce2c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44218730-94e0-4b24-bbf0-c3d8b2bce2c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzzc32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DInf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DnngCon (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84efc160-65b1-4f79-93da-f1bf466dfe20} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b0ac3074-b52f-419b-a03b-4af60d27cf58} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f5ba4b7-b0de-4b66-84d0-32ef2d9941b0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc62551a-9113-48e1-936f-27abc255a8b4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6ce95b96-2a25-4493-a109-fe067851d101} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14ba7348-6c90-4ea0-a97a-5f83924856bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{28d41e1d-6dac-4391-b002-b3db2b4c18cf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ded6c43-c9a7-4eae-a6c0-692b27d44ea9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ded6c43-c9a7-4eae-a6c0-692b27d44ea9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74a89255-9d18-4dbc-a69a-aff505de2478} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.btmn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\F:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cc62551a-9113-48e1-936f-27abc255a8b4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-8365391-23935) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
F:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Files Infected:
F:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
F:\WINDOWS\eoda.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Local Settings\Temporary Internet Files\Content.IE5\0A3YRZFM\4683lt[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Local Settings\Temporary Internet Files\Content.IE5\YP4IZK83\favicon[3].ico (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
F:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
F:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
F:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\winzzc32.dll (Dialer) -> Quarantined and deleted successfully.
F:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot.
F:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\nfavxwdblwf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Delete on reboot.
F:\Documents and Settings\Dean\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Dean\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

I rebooted and re-ran the program again and here is that log;

Malwarebytes' Anti-Malware 1.23
Database version: 994
Windows 5.1.2600 Service Pack 3

11:36:50 AM 7/26/2008
mbam-log-7-26-2008 (11-36-50).txt

Scan type: Quick Scan
Objects scanned: 59948
Time elapsed: 21 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So after all that I still have icons missing and when I right click on the desktop it keeps going back to an IE properties. Any help would be appriciated.

#3 Thor2911

Thor2911
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 26 July 2008 - 11:50 AM

Ok, I think I fixed the background selection on the desktop. The missing icons is the only problem now that I have found.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:23 PM

Posted 26 July 2008 - 08:19 PM

That's a good job. If this article isn't what you need then ask in the XP fourum,someone there will know better.

SUMMARY
This article explains how to remove and restore the default desktop icons under My Computer, My Documents, My Network Places, and Internet Explorer.
MORE INFORMATION
1. Click Start, and then click Control Panel.
2. Double-click Display, click the Desktop tab, and then click Customize Desktop.
3. Click to select the check boxes for the desktop items that you want to display, or click to clear the check boxes for the desktop items that you want to remove.
http://support.microsoft.com/default.aspx?...b;EN-US;Q315272

Also ... Windows System Tray Icons
http://support.microsoft.com/kb/q310578/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users