Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spybot, combofix, malwarebytes, google blocked


  • This topic is locked This topic is locked
1 reply to this topic

#1 Tomac

Tomac

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 22 November 2008 - 11:35 AM

Help... I seem to have picked up one humdinger of a trojan and I need to remove it manually, since it blocked all my scanning software. whenever I try to go to this or similar website, it redirects me to some viral site.
whenever I try to boot up any of them, it is just silence and nothing. it started with a fake red x in a circle in the corner telling me I was infected. I removed any traces of that brastk.exe as best I can, but everything is still blocked.

what the hell do I do?

Here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:37 AM, on 11/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
F:\WINDOWS\system32\kmw_run.exe
F:\WINDOWS\system32\kkw_run.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Digsby\lib\digsby-app.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\tcpsvcs.exe
F:\WINDOWS\System32\snmp.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\WINDOWS\system32\mqsvc.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\WINDOWS\system32\mqtgsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
F:\WINDOWS\System32\svchost.exe
D:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://searchbox.digsby.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - F:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OpwareSE4] "F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [3DxAssociateFileExts] F:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [3DxAssociateFileExts] F:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User '?')
O4 - HKUS\S-1-5-21-73586283-796845957-839522115-1003\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] F:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] F:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe "FileExts" (User 'Default user')
O4 - S-1-5-21-73586283-796845957-839522115-1003 Startup: Digsby.lnk = F:\Program Files\Digsby\digsby.exe (User '?')
O4 - Startup: Digsby.lnk = F:\Program Files\Digsby\digsby.exe
O4 - Global Startup: Start 3DxWare.lnk = F:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - F:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - F:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - F:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - F:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

--
End of file - 6358 bytes

BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:36 PM

Posted 07 December 2008 - 05:05 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

jedi




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users