Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

olmarik.ju trojan/ how delete olmarik.ju trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 labview

labview

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 05 September 2009 - 02:51 AM

hi guys , How can I delete olmarik.ju trojan?

Every time i start windows nod32 finds threats so I do a scanning with this software and it repairs all infections, but if I restart again Windows XP threats appear again. I think virus are automatically installed every time windows starts. maybe it could be a problem linked to key register.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gigi at 14.40.10,01 on 05/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.503.90 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:ProgrammiHPQIAMbinasghost.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:ProgrammiLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:WINDOWSSystem32svchost.exe -k Cognizance
C:ProgrammiESETESET NOD32 Antivirusekrn.exe
C:ProgrammiFile comuniLightScribeLSSrvc.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:ProgrammiHewlett-PackardSharedhpqwmiex.exe
C:ProgrammiAnalog DevicesCoresmax4pnp.exe
C:ProgrammiJavajre1.5.0_06binjusched.exe
C:ProgrammiHPQHP ProtectTools Security ManagerPTHOSTTR.EXE
C:ProgrammiHpHP Software UpdateHPWuSchd2.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:WINDOWSsystem32igfxpers.exe
C:ProgrammihpqHP Wireless AssistantHP Wireless Assistant.exe
C:ProgrammiHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSSMINSTScheduler.exe
C:ProgrammiNokiaNokia PC Suite 6LaunchApplication.exe
C:ProgrammiESETESET NOD32 Antivirusegui.exe
C:ProgrammiLavasoftAd-AwareAAWTray.exe
C:WINDOWSVM303_STI.EXE
C:WINDOWSsystem32ctfmon.exe
C:ProgrammiGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgrammiPC Connectivity SolutionServiceLayer.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:PROGRA~1HPQSharedHPQTOA~1.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammiMozilla Firefoxfirefox.exe
C:Documents and SettingsGigiDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:programmitoggleentbTog0.dll
mURLSearchHooks: H - No File
mWinlogon: Taskman=c:recyclers-1-5-21-9232477184-1704988642-632034215-4105nissan.exe
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:programmigooglegoogle toolbarGoogleToolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:programmitoggleentbTog0.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe
uRun: [swg] c:programmigooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] c:programmianalog devicescoresmax4pnp.exe
mRun: [SoundMAX] c:programmianalog devicessoundmaxSmax4.exe /tray
mRun: [SunJavaUpdateSched] c:programmijavajre1.5.0_06binjusched.exe
mRun: [PTHOSTTR] c:programmihpqhp protecttools security managerPTHOSTTR.EXE /Start
mRun: [HP Software Update] c:programmihphp software updateHPWuSchd2.exe
mRun: [DLA] c:windowssystem32dlaDLACTRLW.EXE
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [hpWirelessAssistant] c:programmihpqhp wireless assistantHP Wireless Assistant.exe
mRun: [CognizanceTS] rundll32.exe c:progra~1hpqiambinAsTsVcc.dll,RegisterModule
mRun: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
mRun: [Cpqset] c:programmihpqdefault settingscpqset.exe
mRun: [Recguard] c:windowssminstRecguard.exe
mRun: [Reminder] c:windowscreatorRemind_XP.exe
mRun: [Scheduler] c:windowssminstScheduler.exe
mRun: [WatchDog] c:programmiintervideodvd checkDVDCheck.exe
mRun: [PCSuiteTrayApplication] c:programminokianokia pc suite 6LaunchApplication.exe -startup
mRun: [egui] "c:programmieseteset nod32 antivirusegui.exe" /hide /waitservice
mRun: [Ad-Watch] c:programmilavasoftad-awareAAWTray.exe
mRun: [BigDog303] c:windowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
dRun: [Nokia.PCSync] c:programminokianokia pc suite 6PcSync2.exe /NoDialog
dRun: [Win32load] c:windowssystem32configsystemprofiledati applicazioni7244.exe -lds
dRun: [msnmsgr] "c:programmiwindows livemessengermsnmsgr.exe" /background
StartupFolder: c:docume~1alluse~1menuav~1progra~1esecuz~1avviov~1.lnk - c:programmiadobeacrobat 7.0readerreader_sl.exe
StartupFolder: c:docume~1alluse~1menuav~1progra~1esecuz~1dvdche~1.lnk - c:programmiintervideodvd checkDVDCheck.exe
IE: E&sporta in Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:programmimessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:programmijavajre1.5.0_06binssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:programmiwindows livewriterWriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226834132812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:programmigooglegoogle toolbarcomponentfastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:programmihpqiambinAsWlnPkg.dll
LSA: Notification Packages = scecli AsWlnPkg mgnt32.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1gigidatiap~1mozillafirefoxprofiles4m1eac0e.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ToggleEN Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2077543&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=2&q=
FF - component: c:documents and settingsgigidati applicazionimozillafirefoxprofiles4m1eac0e.defaultextensions{038cb5c7-48ea-4af9-94e0-a1646542e62b}componentsFFExternalAlert.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJava11.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJava12.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJava13.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJava14.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJava32.dll
FF - plugin: c:programmijavajre1.5.0_06binNPJPI150_06.dll
FF - plugin: c:programmijavajre1.5.0_06binNPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-8-27 64160]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2008-10-8 34312]
R2 ASChannel;Canale di comunicazione locale;c:windowssystem32svchost.exe -k Cognizance [2004-8-19 14336]
R2 ekrn;Eset Service;c:programmieseteset nod32 antivirusekrn.exe [2008-10-8 468224]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:programmilavasoftad-awareAAWService.exe [2009-3-9 951632]
S1 82f22a2f;82f22a2f;c:windowssystem32drivers82f22a2f.sys [2009-7-26 0]
S1 97ed6419;97ed6419;c:windowssystem32drivers97ed6419.sys --> c:windowssystem32drivers97ed6419.sys [?]
S1 d25bcaac;d25bcaac;c:windowssystem32driversd25bcaac.sys [2009-7-25 0]
S2 ekdbp;ekdbp;??c:windowssystem32driverscvajxk.sys --> c:windowssystem32driverscvajxk.sys [?]
S2 fpvhaedqv;Support Monitor;c:windowssystem32svchost.exe -k netsvcs [2004-8-19 14336]
S2 jnsiiq;jnsiiq;??c:windowssystem32driversqygslxobspqyddb.sys --> c:windowssystem32driversqygslxobspqyddb.sys [?]
S2 okcmcec;Support Driver;c:windowssystem32svchost.exe -k netsvcs [2004-8-19 14336]
S2 seclogonNtmsSvc;Accesso secondario seclogonNtmsSvc;c:windowssystem326to4svcy.exe srv --> c:windowssystem326to4svcy.exe srv [?]
S3 GTIPCI21;GTIPCI21;c:windowssystem32driversgtipci21.sys --> c:windowssystem32driversgtipci21.sys [?]

=============== Created Last 30 ================

2009-08-28 15:38 19,096 a------- c:windowssystem32driversmbam.sys
2009-08-28 15:38 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-08-28 15:38 <DIR> --d----- c:programmiMalwarebytes' Anti-Malware
2009-08-27 19:52 <DIR> --d----- c:documents and settingsgigiX86
2009-08-27 19:52 <DIR> --d----- c:documents and settingsgigiX64
2009-08-27 18:11 15,688 a------- c:windowssystem32lsdelete.exe
2009-08-27 17:47 64,160 a------- c:windowssystem32driversLbd.sys
2009-08-27 17:47 <DIR> -cd-h--- c:docume~1alluse~1datiap~1{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-27 17:47 <DIR> --d----- c:programmiLavasoft
2009-08-27 17:43 <DIR> --d----- c:programmiESET
2009-08-27 17:12 <DIR> --d----- c:programmiConduit
2009-08-27 17:12 <DIR> --d----- c:programmiToggleEN
2009-08-20 23:42 <DIR> --d----- c:programmiAVG
2009-08-20 23:42 <DIR> --d----- c:docume~1alluse~1datiap~1avg8
2009-08-20 18:33 <DIR> --d----- c:programmiTrend Micro
2009-08-20 18:23 <DIR> --d----- c:programmiCCleaner
2009-08-20 16:29 <DIR> --d----- c:docume~1gigidatiap~1Malwarebytes
2009-08-20 12:51 <DIR> --d----- c:programmiEusing Free Registry Cleaner
2009-08-20 11:58 207 a------- C:DelIndex.bat
2009-08-20 11:53 <DIR> --d----- c:programmiQUAD Utilities
2009-08-20 11:50 <DIR> --d----- c:programmiDeleteFileLocked
2009-08-20 11:48 <DIR> --d----- c:docume~1alluse~1datiap~1SUPERAntiSpyware.com
2009-08-20 11:48 <DIR> --d----- c:programmiSUPERAntiSpyware
2009-08-20 11:48 <DIR> --d----- c:docume~1gigidatiap~1SUPERAntiSpyware.com
2009-08-19 23:22 3,187 a------- c:windowsocogulukacegala.dll
2009-08-19 21:14 3,203 a------- c:windowsoxofupeyeguwivi.dll
2009-08-19 19:07 3,187 a------- c:windowsafinosobuzit.dll
2009-08-19 19:03 <DIR> --d----- C:spoolerlogs
2009-08-17 11:13 3,187 a------- c:windowsupukogib.dll
2009-08-16 20:21 3,211 a------- c:windowsanayadepiriqurej.dll
2009-08-16 17:55 3,211 a------- c:windowsotabumeru.dll
2009-08-16 12:43 3,187 a------- c:windowsekeyiqamab.dll
2009-08-14 19:01 3,211 a------- c:windowsinagiqetet.dll
2009-08-14 16:17 3,195 a------- c:windowsafusigegobeyeyo.dll
2009-08-14 11:52 3,187 a------- c:windowsasajugaborovom.dll
2009-08-07 19:47 3,213 a------- c:windowsitoralosupukale.dll
2009-08-07 19:12 3,237 a------- c:windowsacojaqapeju.dll
2009-08-06 20:58 3,237 a------- c:windowsoboquzacu.dll
2009-08-06 18:53 3,237 a------- c:windowsoyavalega.dll

==================== Find3M ====================

2009-08-05 19:41 3,125 a------- c:windowsotuxuzayahe.dll
2009-08-05 01:29 3,237 a------- c:windowsezepakukakadi.dll
2009-08-04 23:23 3,213 a------- c:windowsayinaniyanuna.dll
2009-08-04 21:18 3,229 a------- c:windowsakewejog.dll
2009-08-04 21:00 3,229 a------- c:windowsatekolasihi.dll
2009-08-03 21:07 3,237 a------- c:windowsekixirakipe.dll
2009-08-02 14:59 3,237 a------- c:windowsoyidawevevuk.dll
2009-08-02 12:53 3,213 a------- c:windowsozezuzeqijiwawan.dll
2009-08-02 10:47 3,229 a------- c:windowsetudiwoni.dll
2009-08-01 19:19 3,213 a------- c:windowsuyelifet.dll
2009-08-01 17:13 3,237 a------- c:windowsipuwidogodobuvo.dll
2009-08-01 08:27 3,221 a------- c:windowsijudoyatupekamos.dll
2009-07-31 21:07 3,333 a------- c:windowsenafuzacanuv.dll
2009-07-31 20:21 3,237 a------- c:windowsuvuduqiyaloqetu.dll
2009-07-26 11:10 0 a------- c:windowssystem32driversd25bcaac.sys
2009-07-26 11:10 0 a------- c:windowssystem32drivers82f22a2f.sys
2009-07-26 11:03 182,528 a------- c:windowssystem32driversndis.sys
2009-07-26 11:03 182,528 a------- c:windowssystem32dllcachendis.sys
2009-07-25 21:03 3,229 a------- c:windowsirenoxokex.dll
2009-07-01 17:58 456,664 a------- c:windowssystem32perfh010.dat
2009-07-01 17:58 77,550 a------- c:windowssystem32perfc010.dat
2009-06-16 16:53 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 16:53 82,432 a------- c:windowssystem32fontsub.dll
2009-06-16 16:53 119,808 -------- c:windowssystem32dllcachet2embed.dll
2009-06-16 16:53 82,432 -------- c:windowssystem32dllcachefontsub.dll
2008-10-27 18:01 75,032 a------- c:documents and settingsgigiAutorun.exe

============= FINISH: 14.41.52,34 ===============

Merged two topics into one post. ~ OB

Attached Files


Edited by Orange Blossom, 05 September 2009 - 03:44 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:59 AM

Posted 21 September 2009 - 12:04 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:59 AM

Posted 28 September 2009 - 05:51 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users