Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rednut

Rednut

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 10 December 2009 - 02:10 AM

hey all just ran the hijack this after acquiring a virus from somewhere.. ran my virus program ESET-NOD32 and it didnt pick anything up. ran spybot and got rid of a whole bunch spyware. the virus doesnt seem to be doing anything now but its still there.. hijackthis log as below.


i found only 2or3 websites with people posting this virus and all have been in the past week... none say how to fix!

http://www.threatexpert.com/report.aspx?md...2a8ca1151dea2bf


Logfile of HijackThis v1.99.1
Scan saved at 2:40:54 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
E:WINDOWSSystem32smss.exe
E:WINDOWSsystem32winlogon.exe
E:WINDOWSsystem32services.exe
E:WINDOWSsystem32lsass.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSsystem32svchost.exe
E:WINDOWSsystem32spoolsv.exe
E:WINDOWSsystem32dlcxcoms.exe
E:Program FilesESETESET NOD32 Antivirusekrn.exe
E:Program FilesJavajre6binjqs.exe
E:WINDOWSsystem32nvsvc32.exe
E:WINDOWSsystem32PnkBstrA.exe
E:WINDOWSsystem32PnkBstrB.exe
E:Program FilesCyberLinkShared filesRichVideo.exe
E:WINDOWSSystem32svchost.exe
E:WINDOWSExplorer.EXE
E:WINDOWSSOUNDMAN.EXE
E:WINDOWSALCWZRD.EXE
E:Program FilesESETESET NOD32 Antivirusegui.exe
E:WINDOWSsystem32RUNDLL32.EXE
E:WINDOWSsystem32rundll32.exe
E:Program FilesSpybot - Search & DestroyTeaTimer.exe
E:WINDOWSsystem32ctfmon.exe
E:Program FilesCommon FilesAheadLibNMBgMonitor.exe
E:Program FilesPeerGuardian2pg2.exe
E:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
E:Program FilesCommon FilesAheadLibNMIndexingService.exe
E:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:AppsVirus AppsHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:Program FilesXfireXOtbXfir.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:Program FilesXfireXOtbXfir.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:Program FilesXfireXOtbXfir.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE E:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [egui] "E:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE E:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [DLCXCATS] rundll32 E:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [notepad] rundll32.exe E:WINDOWSsystem32notepad.dll,_IWMPEvents@0
O4 - HKCU..Run: [SpybotSD TeaTimer] E:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ctfmon.exe] E:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [MsnMsgr] "E:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [PeerGuardian] E:Program FilesPeerGuardian2pg2.exe
O4 - HKCU..Run: [notepad] rundll32.exe E:DOCUME~2LOCALS~1.NTAntload.dll,_IWMPEvents@0
O4 - HKCU..Run: [swg] "E:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - Startup: ..
O4 - Startup: ..
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: E:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235565632406
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://E:TempEI4EI40_msxml4.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O17 - HKLMSystemCCSServicesTcpip..{EB5BB865-52A7-4D25-BC4D-63C96890C8E5}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - E:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: dlcx_device - - E:WINDOWSsystem32dlcxcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 - Service: Google Update Service (gupdate1ca6d6d703a3546) (gupdate1ca6d6d703a3546) - Unknown owner - E:Program FilesGoogleUpdateGoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - E:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:Program FilesJavajre6binjqs.exe" -service -config "E:Program FilesJavajre6libdeployjqsjqs.conf (file missing)
O23 - Service: NBService - Nero AG - E:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - E:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:WINDOWSsystem32PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:Program FilesCyberLinkShared filesRichVideo.exe

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

it seems to disable task manager,Internet explorer and wont let you boot into safemode.. cheeky! lucky i have this laptop to survive on.

Edited by garmanma, 10 December 2009 - 12:03 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 PM

Posted 21 December 2009 - 10:47 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:37 PM

Posted 26 December 2009 - 09:38 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users