Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

If anybody can help me...


  • This topic is locked This topic is locked
1 reply to this topic

#1 mavros_pit

mavros_pit

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 27 April 2009 - 02:37 PM

I need some help here...

Kaspersky detected a virus called fraudtool.win32.xpshield.o

After a research in the intenet i found out that this is the same malware like these...
Vundo [McAfee]
Troj/Virtum-Gen [Sophos]
Trojan.Vundo.Gen.1 [Ikarus]
not-a-virus:FraudTool.Win32.XPShield.o [Kaspersky Lab]
Trojan Horse [Symantec]
not-a-virus:FraudTool.Win32.XPShield.d [Kaspersky Lab]
not-a-virus:FraudTool.Win32.XPShield.f [Kaspersky Lab]
not-a-virus:FraudTool.Win32.XPShield.h [Kaspersky Lab]
RogueAntiSpyware.XPShield [PC Tools]
TROJ_RENOS.AEZ [Trend Micro]

If anybody can help i will be grateful

this is my HJT log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:13 μμ, on 27/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
H:\WINDOWS\System32\cisvc.exe
H:\WINDOWS\system32\HDDSvc.exe
H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\cidaemon.exe
H:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: errorsafe.com ## added by CiD
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [CPM976dc29e] Rundll32.exe "h:\windows\system32\yeneseje.dll",a
O4 - HKLM\..\Run: [20ddffcf] rundll32.exe "H:\WINDOWS\system32\mumatode.dll",b
O4 - HKLM\..\Run: [kiyusovedu] Rundll32.exe "H:\WINDOWS\system32\bapomomu.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://H:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://H:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://H:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://H:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169246306903
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/com...rustChecker.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll H:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll H:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll H:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll H:\WINDOWS\system32\wuhofode.dll h:\windows\system32\yeneseje.dll
O21 - SSODL: fuzHoEAV - {20DDFF61-8A77-55CB-FDF0-3F925A050282} - H:\WINDOWS\system32\bya.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\yeneseje.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\yeneseje.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - H:\WINDOWS\system32\HDDSvc.exe
O23 - Service: ICF - Unknown owner - H:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - H:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6105 bytes


Sorry for my bad english....Thanks everyone in advance

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:55 PM

Posted 27 April 2009 - 02:53 PM

Duplicate thread, so this thread is closed. This is already the second duplicate thread. Please do not start any new threads with the same problem, because you are creating a backlog and because of that, people have to wait longer for help.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users