Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help


  • Please log in to reply
No replies to this topic

#1 Firearan

Firearan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 August 2008 - 01:36 PM

I installed this setup program a few days ago and then from that moment my 'log off' 'my computer' and evrything else in the start menue dissappeared except Printers and fax. also my diplay control ox, task manager has been disaled, and there are various popups coming and redirecting me into false anti virus software sites. And theres a 'VIRUS ALERT!' message near the clock on the bottom of the screen, and many other places. When i downloaded Smitfraudfix the problem dissapperad, except the popups, so i download many free and non free programs and scanned and deleted the infected files, but after a few hours the problem came back. I then scanned it with Smitfraudfix and this is the log.


SmitFraudFix v2.341

Scan done at 23:38:49.65, Fri 08/30/1991
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
d:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
C:\WINDOWS\System32\snmp.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Program Files\ThreatFire\TFGui.exe
C:\WINDOWS\system32\msiexec.exe
D:\TouchStoneSoftware\UndeletePlus\undelete_plus.exe
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\rvoelbxt.exe FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Administrator


C:\Documents and Settings\Administrator\Application Data


Start Menu


C:\DOCUME~1\ADMINI~1\FAVORI~1

C:\DOCUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\ADMINI~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\ADMINI~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: rodqgpvlqks.dll
BHO: QXK Olive - {82FE7773-FD0D-4303-88BE-CC13735BF5E8}
TypeLib: {81AE9BE1-FC62-4F4F-B5A8-5B6A3A41035B}
Interface: {7D53E291-652B-4BD3-99EF-55B01AD38BFD}
Interface: {BF679CBE-826B-412F-979A-5FA08E3843EE}

[!] Suspicious: qalkfxor.dll
Toolbar: qalkfxor - {430C60E7-36D5-4BC3-8783-02B7FB0E966E}
TypeLib: {7E890B46-2548-4B43-B2A9-A89196DF5C9D}
Interface: {C0E9A9DC-7A04-418D-BBD4-9A131F1B3B04}
Classe: qalkfxor.bkow
Classe: qalkfxor.ToolBar.1

[!] Suspicious: rqbmvpso.dll
SSODL: rqbmvpso - {E9563FCC-FF63-40A9-B82D-FFA4A00A8BCE}

[!] Suspicious: pdoskegl.dll
SSODL: pdoskegl - {E89B4714-5FC2-45AB-A231-066F7F59EE94}


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{5FF3E6F3-C7EB-40FD-9E8E-0E5E0E412CDC}: DhcpNameServer=203.115.44.40 203.115.32.10 203.115.32.30 203.115.44.34
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=203.115.44.40 203.115.32.10 203.115.32.30 203.115.44.34


Scanning for wininet.dll infection


End



HElP!!

Edited by Orange Blossom, 30 August 2008 - 09:51 PM.
Moved to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users