Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove Vxl.exe


  • This topic is locked This topic is locked
3 replies to this topic

#1 vikramaish

vikramaish

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 September 2008 - 02:31 PM

how to remove vxl.exe im using windows xp sp2&windows 2003 server in same computer.the virus has infected both
the OS.when i double click on the drives "open with " dialog box appears...How can i resolve this problem. please help?






ComboFix 08-09-25.07 - satya 2008-09-26 12:06:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1609 [GMT -7:00]
Running from: E:\Documents and Settings\satya\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
E:\autorun.inf
E:\WINDOWS\WINPROD.DLL
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-26 11:53 . 2008-09-26 11:53 <DIR> d-------- E:\Program Files\Trend Micro
2008-09-26 11:29 . 2008-09-26 11:29 <DIR> d-------- E:\Program Files\InCode Solutions
2008-09-26 01:34 . 2008-09-26 02:31 <DIR> d-------- E:\Documents and Settings\satya\Application Data\VMware
2008-09-26 01:31 . 2008-09-26 11:40 <DIR> d-------- E:\Documents and Settings\LocalService\Application Data\VMware
2008-09-26 01:30 . 2008-09-26 11:40 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\VMware
2008-09-26 01:30 . 2005-12-15 20:42 385,024 --a------ E:\WINDOWS\system32\vnetlib.dll
2008-09-26 01:30 . 2005-12-15 20:42 135,168 --a------ E:\WINDOWS\system32\vmnat.exe
2008-09-26 01:30 . 2005-12-15 20:42 106,496 --a------ E:\WINDOWS\system32\vmnetdhcp.exe
2008-09-26 01:30 . 2005-12-15 20:42 15,616 --a------ E:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-09-26 01:30 . 2005-12-15 20:42 10,240 -ra------ E:\WINDOWS\system32\drivers\vmnet.sys
2008-09-26 01:30 . 2005-12-15 20:42 9,600 -ra------ E:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-09-26 01:30 . 2005-12-15 20:42 5,120 -ra------ E:\WINDOWS\system32\vnetinst.dll
2008-09-26 01:26 . 2008-09-26 01:26 <DIR> d-------- E:\Program Files\VMware
2008-09-26 01:26 . 2008-09-26 01:26 <DIR> d-------- E:\Program Files\Common Files\VMware
2008-09-26 01:23 . 2004-08-03 23:08 26,496 --a--c--- E:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-24 11:18 . 2008-09-24 11:18 <DIR> d--h----- E:\WINDOWS\PIF
2008-09-20 11:56 . 2008-09-20 11:56 <DIR> d-------- E:\Documents and Settings\satya\Application Data\AdobeUM
2008-09-20 11:55 . 2008-09-20 11:55 <DIR> d-------- E:\Program Files\Common Files\Adobe
2008-09-20 02:12 . 2008-09-20 02:12 <DIR> d-------- E:\Program Files\TypeFaster
2008-09-19 23:32 . 2003-02-28 18:26 172,304 --a------ E:\WINDOWS\system32\jview.exe
2008-09-19 23:32 . 2003-02-28 18:26 171,792 --a------ E:\WINDOWS\system32\wjview.exe
2008-09-19 23:32 . 2003-02-28 18:26 49,424 --a------ E:\WINDOWS\system32\clspack.exe
2008-09-19 23:25 . 2008-09-19 23:25 <DIR> d-------- E:\Documents and Settings\satya\Application Data\Yahoo!
2008-09-19 20:29 . 2008-09-19 20:29 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-19 20:22 . 2008-09-19 20:24 <DIR> d-------- E:\Program Files\Yahoo!
2008-09-19 03:47 . 2008-09-19 03:47 <DIR> d-------- E:\Program Files\MSBuild
2008-09-19 03:47 . 2008-09-19 03:47 <DIR> d-------- E:\Program Files\Microsoft Works
2008-09-19 03:47 . 2006-10-26 19:56 32,592 --a------ E:\WINDOWS\system32\msonpmon.dll
2008-09-19 03:43 . 2008-09-19 03:46 <DIR> d-------- E:\WINDOWS\SHELLNEW
2008-09-19 03:43 . 2008-09-19 03:43 <DIR> dr-h----- E:\MSOCache
2008-09-19 03:43 . 2008-09-23 02:34 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-19 00:31 . 2008-09-19 00:31 <DIR> d---s---- E:\Documents and Settings\satya\UserData
2008-09-19 00:08 . 2008-09-19 00:08 288 --a------ E:\WINDOWS\ODBC.INI
2008-09-19 00:07 . 2008-09-19 00:07 <DIR> d-------- E:\Program Files\Web Publish
2008-09-18 23:54 . 2003-02-28 16:34 313,856 --a------ E:\WINDOWS\system32\dx3j.dll
2008-09-18 23:54 . 2003-02-28 18:26 171,280 --a------ E:\WINDOWS\system32\jit.dll
2008-09-18 23:54 . 2003-02-28 18:26 139,536 --a------ E:\WINDOWS\system32\javaee.dll
2008-09-18 23:54 . 2003-02-28 18:26 46,352 --a------ E:\WINDOWS\setdebug.exe
2008-09-18 23:54 . 2003-02-28 16:54 7,315 --a------ E:\WINDOWS\system32\javasup.vxd
2008-09-18 23:54 . 2003-02-28 16:35 6,550 --a------ E:\WINDOWS\jautoexp.dat
2008-09-18 23:51 . 2008-09-18 23:51 <DIR> d-------- E:\Perl
2008-09-18 23:49 . 2008-09-18 23:49 <DIR> d-------- E:\Program Files\Nokia
2008-09-18 23:48 . 2008-09-18 23:48 <DIR> d-------- E:\Documents and Settings\satya\Application Data\InstallShield
2008-09-18 23:48 . 2004-04-30 08:16 90,112 --a------ E:\WINDOWS\system32\npacketadmin.exe
2008-09-18 23:48 . 2004-04-30 08:16 73,728 --a------ E:\WINDOWS\system32\npacket.dll
2008-09-18 23:48 . 2004-10-26 14:04 61,440 --a------ E:\WINDOWS\system32\npacketsvc.exe
2008-09-18 23:48 . 2004-04-30 08:16 20,244 --a------ E:\WINDOWS\system32\drivers\npacket.sys
2008-09-18 23:48 . 2004-04-30 08:16 12,288 --a------ E:\WINDOWS\system32\npacketmsg.dll
2008-09-18 23:45 . 2008-09-19 00:10 <DIR> d-------- E:\Symbian
2008-09-18 23:45 . 2008-09-18 23:48 <DIR> d-------- E:\Program Files\Common Files\Symbian
2008-09-18 03:00 . 2008-09-18 03:00 <DIR> d-------- E:\Program Files\MSXML 4.0
2008-09-18 01:56 . 2008-09-18 01:56 <DIR> d-------- E:\WINDOWS\naevius_yt_1
2008-09-18 00:30 . 2008-09-26 08:27 69 --a------ E:\WINDOWS\NeroDigital.ini
2008-09-17 23:37 . 2008-06-13 06:10 272,128 --------- E:\WINDOWS\system32\drivers\bthport.sys
2008-09-17 23:37 . 2008-06-13 06:10 272,128 -----c--- E:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 23:04 . 2008-09-18 04:19 <DIR> d--h----- E:\WINDOWS\$hf_mig$
2008-09-16 14:09 . 2008-09-16 14:09 <DIR> d-------- E:\Documents and Settings\satya\Application Data\Ahead
2008-09-16 14:07 . 2008-09-16 14:07 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Ahead
2008-09-16 14:06 . 2008-09-16 14:06 <DIR> d-------- E:\Program Files\Nero
2008-09-16 14:06 . 2008-09-16 14:07 <DIR> d-------- E:\Program Files\Common Files\Ahead
2008-09-16 14:06 . 2008-09-16 14:06 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2008-09-16 14:02 . 2008-09-26 12:06 <DIR> d-------- E:\QUARANTINE
2008-09-16 13:54 . 2008-09-26 11:14 <DIR> d-------- E:\Documents and Settings\satya\Application Data\BPFTP
2008-09-16 13:33 . 2008-09-16 13:33 <DIR> d-------- E:\Documents and Settings\satya\Application Data\Media Player Classic
2008-09-16 13:32 . 2008-09-16 13:32 <DIR> d-------- E:\Program Files\K-Lite Codec Pack
2008-09-16 13:28 . 2008-09-24 03:30 <DIR> d-------- E:\Program Files\uTorrent
2008-09-16 13:28 . 2008-09-26 12:06 <DIR> d-------- E:\Documents and Settings\satya\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 06:32 155,995 ----a-w E:\WINDOWS\java\Packages\9ZDV7T75.ZIP
2008-09-19 06:49 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-09-16 19:43 --------- d-----w E:\Program Files\McAfee
2008-09-16 19:43 --------- d-----w E:\Program Files\Common Files\McAfee
2008-09-16 19:43 --------- d-----w E:\Program Files\Common Files\Cisco Systems
2008-09-16 19:43 --------- d-----w E:\Documents and Settings\All Users\Application Data\McAfee
2008-09-16 19:37 --------- d-----w E:\Program Files\SigmaTel
2008-09-16 19:33 --------- d-----w E:\Program Files\Intel
2008-09-16 19:32 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-09-16 19:26 --------- d-----w E:\Program Files\microsoft frontpage
2008-07-25 08:34 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w E:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2008-07-19 05:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w E:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w E:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="E:\Program Files\uTorrent\uTorrent.exe" [2008-09-24 270128]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2007-02-25 131072]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2007-02-25 155648]
"Persistence"="E:\WINDOWS\system32\igfxpers.exe" [2007-02-25 131072]
"ShStatEXE"="E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="E:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="E:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="E:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SigmatelSysTrayApp"="sttray.exe" [2007-05-06 E:\WINDOWS\sttray.exe]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

S3 npacketdriver;Ethernet Packet Driver;E:\WINDOWS\system32\drivers\npacket.sys [2004-04-30 20244]
S3 npacketservice;Ethernet Packet Service;E:\WINDOWS\system32\npacketsvc.exe [2004-10-26 61440]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RemoveIT Pro XT - E:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\satya\Application Data\Mozilla\Firefox\Profiles\7u1atlhg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.in/
FF -: plugin - E:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - E:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 12:07:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-26 12:08:05
ComboFix-quarantined-files.txt 2008-09-26 19:08:03

Pre-Run: 11,545,812,992 bytes free
Post-Run: 11,559,829,504 bytes free

171 --- E O F --- 2008-09-20 06:33:27

Attached Files

  • Attached File  log.txt   11.63KB   9 downloads


BC AdBot (Login to Remove)

 


#2 vikramaish

vikramaish
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 September 2008 - 03:02 PM

how to remove the vxl .exe virus?

Attached Files

  • Attached File  log.txt   12.04KB   27 downloads

Edited by Orange Blossom, 26 September 2008 - 10:51 PM.
Merged topics. ~ OB


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:13 PM

Posted 05 October 2008 - 01:29 PM

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, please post a new HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I don't think that you are attaching anything scary but others may do so. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:13 PM

Posted 15 October 2008 - 06:33 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users