Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 DEScottzz

DEScottzz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 26 September 2009 - 09:23 AM

It keeps opening a bunch of new windows sending me where it wants me to go. I'm also getting many bogus notifications (claiming to be from Windows) in the lower right part of the screen about infections. These messages encourage me to "use special antispyware tools to pervent (sic) data loss."

AVG Resident Shield tells me that the file name is "C:\Program Files\AntivirusPro_2010|AntivirusPro_2010.exe" and the threat name is "Trojan horse Generic 14.BGQV."

I'm running Windows XP Home edition. The browser is Internet Explorer 7.

This may be the nastiest infection I' ve ever had. Your help is most appreciated.


DDS (Ver_09-09-24.01) - NTFSx86
Run by Dave at 17:57:01.18 on Fri 09/25/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.140 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
svchost
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Dave\Application Data\svcst.exe
C:\Documents and Settings\Dave\Application Data\seres.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4426.1630\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Uniblue SpeedUpMyPC]
uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Eyeball Chat] "c:\program files\eyeball networks\eyeball chat\EyeballChat.exe" -min
uRun: [mserv] c:\documents and settings\dave\application data\svcst.exe
uRun: [svchost] c:\documents and settings\dave\application data\svcst.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Samsung LBP SM] "c:\windows\samsung\lasersmmgr\ssmmgr.exe" /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Antivirus Pro 2010] "c:\program files\antiviruspro_2010\AntivirusPro_2010.exe" /hide
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\dave\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231810852469&h=e56583078ba21890c143784492c4b3a9/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.lyondell.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: __c00EACF0 - c:\windows\system32\__c00EACF0.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-3-16 9344]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-7 108552]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-7 297752]
S3 SM_sugo2_FUService;sugo2 Status Monitor Service;"c:\program files\samsung\samsung ml-2570 series\spanel\ssmsrvc /service --> c:\program files\samsung\samsung ml-2570 series\spanel\ssmsrvc [?]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-3-16 448640]

=============== Created Last 30 ================

2009-09-25 17:28 56 a------- C:\xcrashdump.dat
2009-09-25 08:21 19,623 a------- c:\docume~1\alluse~1\applic~1\pegesed.dll
2009-09-25 08:21 19,297 a------- c:\docume~1\alluse~1\applic~1\asevuc.pif
2009-09-25 08:21 18,617 a------- c:\windows\asiva._sy
2009-09-25 08:21 18,192 a------- c:\windows\geponewale.bin
2009-09-25 08:21 13,742 a------- c:\windows\xyqusowa.bin
2009-09-25 08:21 12,335 a------- c:\windows\xicopys.dl
2009-09-25 08:21 11,483 a------- c:\program files\common files\uzydy.pif
2009-09-25 08:21 11,260 a------- c:\windows\roguwaza.scr
2009-09-25 08:21 11,126 a------- c:\docume~1\alluse~1\applic~1\tewope.scr
2009-09-25 08:21 10,329 a------- c:\windows\dyfisul.pif
2009-09-25 08:21 10,053 a------- c:\program files\common files\rafazela.sys
2009-09-25 08:20 167,424 a------- c:\windows\system32\_scui.cpl
2009-09-25 08:20 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-25 08:19 159,344 a------- c:\docume~1\dave\applic~1\lizkavd.exe
2009-09-24 21:04 69,120 a------- c:\windows\system32\drivers\gasfkyxlogxodm.sys
2009-09-24 21:04 29,184 a------- c:\windows\system32\__c00EACF0.dat
2009-09-24 21:04 29,184 a------- C:\cqfuy.exe.dat
2009-09-24 21:04 4,096 a------- C:\ddqud.exe
2009-09-24 21:04 79,360 a------- C:\flqihkhx.exe
2009-09-24 21:04 6,656 a------- C:\hxlqib.exe
2009-09-24 21:04 40,448 a------- C:\cqfuy.exe
2009-09-24 21:03 187,392 a------- c:\docume~1\dave\applic~1\svcst.exe
2009-09-24 21:03 187,392 a------- c:\docume~1\dave\applic~1\seres.exe
2009-09-24 21:03 344,064 a------- c:\windows\system32\~.exe
2009-09-14 20:31 <DIR> --d----- c:\program files\common files\xing shared
2009-09-14 19:29 <DIR> --d----- c:\docume~1\dave\applic~1\Metacafe
2009-09-14 19:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Metacafe
2009-09-14 19:29 <DIR> --d----- c:\program files\common files\Akamai
2009-09-14 19:29 <DIR> --d----- c:\program files\Metacafe
2009-09-14 19:07 <DIR> --d----- C:\My Music
2009-09-13 19:25 158,192 -------- c:\windows\system32\pxwma.dll
2009-09-13 13:41 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-09-13 13:41 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-09-11 08:18 <DIR> --d----- c:\program files\iPod
2009-09-11 08:18 <DIR> --d----- c:\program files\iTunes
2009-09-11 08:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 03:37 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-07 14:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-07 14:46 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 14:45 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 14:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-07 14:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-07 14:43 <DIR> --d----- c:\program files\AVG
2009-09-07 14:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-07 14:38 <DIR> --d----- c:\docume~1\dave\applic~1\AVG8
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 18:38 <DIR> --d----- c:\program files\common files\eSellerate

==================== Find3M ====================

2009-09-13 19:25 44,944 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-03-19 18:03 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-03-19 18:03 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-03-19 18:03 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:58:14.14 ===============

Attached Files


Edited by DEScottzz, 26 September 2009 - 09:41 AM.


BC AdBot (Login to Remove)

 


#2 DEScottzz

DEScottzz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 26 September 2009 - 02:44 PM

After I posted this, I found the instructions on how to use the Malawarebytes software, and it appears to have cleared up the problem.

I'm glad I found this site, which was recommended by one of the computer columnists for the local paper. Thanks!

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 27 September 2009 - 04:23 AM

Tanks for letting us know DEScottzz. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users