Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nwiz.exe virus


  • Please log in to reply
1 reply to this topic

#1 Mark.3unj800

Mark.3unj800

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 06 October 2009 - 08:05 PM

I tried to create a website on byethost.com, but when I tried to go to my website, it redirected to mybookface.net. I scanned for viruses, and it found 2 trojans. I can't find the log, but one of them was a.exe.

Today, I started up my computer, and it suddenly said that I didn't have antivirus installed! I immediately rebooted my computer in safe mode, and started scans on AVG and SuperAntiSpyware. So far AVG finished, but with a bunch of locked files. Here's the log:

AVG 8.5 Anti-Virus command line scanner
Copyright 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.416
Virus Database: Version 270.14.5/2418 2009-10-06

C:\Documents and Settings\Marek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Marek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Marek\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Marek\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edbtmp.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
E:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 167303
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Are all these locked files normal? Also, when I tried to start up AVG, My internet browser suddenly popped up with a bunch of tabs open. (edit: Never mind this, I tried to open the internet and it opened 10 minutes later)

In addition, when I run msconfig, I found some suspicious services and startup programs:
nwiz.exe /install
Windows CardSpace, unknown manufacturer
Office Source Engine, unknown manufacturer

Super Anti Spyware hasn't found a thing.

Please help, I just reinstalled windows, and I don't want to do it again after less than a month!

Edited by Mark.3unj800, 06 October 2009 - 08:14 PM.


BC AdBot (Login to Remove)

 


#2 Mark.3unj800

Mark.3unj800
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 06 October 2009 - 08:06 PM

I almost forgot: I'm running Windows XP Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users