Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Kasp Log And Hjt Of A Friend!

  • This topic is locked This topic is locked
1 reply to this topic

#1 2fast2furious


  • Members
  • 15 posts
  • Local time:07:16 AM

Posted 13 September 2008 - 01:57 PM

Ok so after my friend re-installed windows cuz i wouldn`t start anymore...he still had a lot of other viruses! How does he remove them?

Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version:
Program database last update: Thursday, September 11, 2008 17:02:18
Records in database: 1213098

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:

Scan statistics:
Files scanned: 53643
Threat name: 2
Infected objects: 65
Suspicious objects: 0
Duration of the scan: 01:26:47

File name / Threat name / Threats count
C:\Program Files\Eset\infected\32F3V2BA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\3XN3MJAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\45LTELCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\AKMEVLCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\CMAP3WDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\D1NKGMDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\D4QPGNAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\DBXSGPCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\DDI2DRAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\EFFPRLDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\FFIORYCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\GO42U4CA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\H0S44EDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\I3TWCYBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\JAOYGSBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\KJAL5LBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\N15FUPDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PQODQHCA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PXZWBVAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\PZXRTVAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\QLAQXTDA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\RJBFALAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\SGVT4NBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\SONDOZBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\UVCPLNBA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\VTOVWMAA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\WUJYS1BA.NQF Infected: Virus.Win32.Hidrag.a 1
C:\Program Files\Eset\infected\YEOZKRDA.NQF Infected: Virus.Win32.Hidrag.a 1
D:\abyssmedia convertor muzicaaa\Audio Converter Plus\audioconverter.exe Infected: Virus.Win32.Virut.n 1
D:\convertoor\MMConverterCon.exe Infected: Virus.Win32.Virut.n 1
D:\convertoor\Setup\{08A4C07B-204D-11D6-AF25-00B0D0797201}\Setup.exe Infected: Virus.Win32.Virut.n 1
D:\Direct Connect ++\StrongDC++\StrongDC.exe Infected: Virus.Win32.Virut.n 1
D:\Download\Schimba data expirarii programelor\NoLimit 2.0.exe Infected: Virus.Win32.Virut.n 1
D:\Kits\Driver_C-Media\MIXER.EXE Infected: Virus.Win32.Virut.n 1
D:\Kits\Driver_C-Media\Setup.exe Infected: Virus.Win32.Virut.n 1
D:\Kits\Fraps\fraps.exe Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\Intro.exe Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\program files\PETAR\Eminescu\LANGINST.EXE Infected: Virus.Win32.Virut.n 1
D:\Other\eminescu\SETUP.EXE Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\3DSMAX3\patcher.exe Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\Documents and Settings\MIRCEA\Local Settings\Temp\FIFA 2003_uninst.exe Infected: Virus.Win32.Virut.n 1
D:\Other\Transfer\wincmd\Crack.exe Infected: Virus.Win32.Virut.n 1
D:\Other\WinRAR\Rar.exe Infected: Virus.Win32.Virut.n 1
D:\Other\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.n 1
D:\PROGRA~1\VIRTUA~1\crashguard3.exe Infected: Virus.Win32.Virut.n 1
D:\PROGRA~1\VIRTUA~1\ripvinyl.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\w3l.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\Warcraft III\w3l.exe Infected: Virus.Win32.Virut.n 1
D:\Warcraft3\Warcraft III\World Editor.exe Infected: Virus.Win32.Virut.n 1
D:\Zuma.rar Infected: Virus.Win32.Hidrag.a 2
E:\1.6\Cheating-Death\UninstCD.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\hl.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\hlupdate.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\platform\SteamEngine.exe Infected: Virus.Win32.Virut.n 1
E:\1.6\platform\WriteMiniDump.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\1.6 helps\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\Anti CSDoS by Shocker\AntiCSDoS.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\cstrike\addons\amxmodx\scripting\amxxpc.exe Infected: Virus.Win32.Virut.n 1
E:\Muzika\hlds\cstrike\addons\amxmodx\scripting\compile.exe Infected: Virus.Win32.Virut.n 1

The scan was stopped by the user.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:11, on 11.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89FB80B-D88D-4AE1-8CDB-787178796AD1}: NameServer =
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 3448 bytes

BC AdBot (Login to Remove)



#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 36,722 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:16 AM

Posted 13 September 2008 - 10:42 PM

Hello 2fast2furious

You have received a response to your topic here: http://www.bleepingcomputer.com/forums/t/167186/the-kaspersky-log-and-hjt-log-of-a-friend/ Please follow Billy's instructions and inform him of whatever was done that is not mentioned there. Please keep all posts regarding this issue to THAT thread by using the Add Reply button at the bottom of the topic. Starting new topics on the same issue confuses things and delays the assistance you receive.

Thank you for your cooperation. This topic is now closed.

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users