Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Compaq32 Service Drivers-Virus?


  • Please log in to reply
1 reply to this topic

#1 vikimouse

vikimouse

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 21 August 2005 - 07:46 AM

Ugh I'm at my wits end. Yesterday while visiting CBS.com their userhelp files instructed me to disable my network properties/firewall so that I could view a streaming video. I disabled the firewall (and still didn't get the video) and then forgot to enable the firewall again when I left the computer a few minutes later. When I returned to the computer an hour later, my spy sweeper was alerting me to 4 files being installed: Compaq32 Service Drivers -
(the more info): product, company and copyright info was not provided,
location of the file msconfig32.exe,
registry or startup folder was HKCU Run/Services
I instructed Spysweeper to remove the files but they just keep returning.
I went to Trend Micro online scanner and scanned--the virus was found --but could not be removed, cleaned or deleted.
I went to Bit Defender--virus was found could not be removed.
I went to one other online scanner and the virus was found and could not be removed.
Finally, I went to bleepingcomputer.com and read the instructions on removing infections. I installed autoruns but from that point on, I'm stuck, since I'm not sure what I am looking for in there.
A couple of hours into my sessions with the virus scanners yesterday, my computer took a powder and would not boot up at all except in Safe Mode.
When I searched my files for recently added/installed files I found a file called
msconfig32.exe that was created yesterday morning at 7:58:04 a.m. and modified at 7:58:10. Other than that I couldn't find any suspicious files added that day.

This morning I backed up my files in safe mode and rebooted--just for kicks-- and for some reason it booted to windows as normal. However, I'm still waiting for the other shoe to drop as I have a hunch this virus isn't done with me.



Hopefully someone can help me with this removal process while I'm still able to use my computer :thumbsup:
Here is the logfile from my autoruns session:


HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ADUserMon Active Disk User Monitor (Not verified) Iomega Corporation c:\program files\iomega\autodisk\adusermon.exe

+ Aimkeys201 AIM Keys (Not verified) Aimsoft Development Corporation c:\aim keys 2.01\aimkeys.exe

+ MCUpdateExe mcupdate (Not verified) Mcafee.com c:\program files\mcafee.com\agent\mcupdate.exe

+ MOD c:\microangelo\muamgr.exe

+ OneTouch Monitor OneTouch Module (Not verified) Visioneer Inc c:\program files\visioneer onetouch\onetouchmon.exe

+ piiserviceOE OneTouch Module (Not verified) Visioneer Inc c:\program files\visioneer onetouch\onetouchmon.exe

+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ Smapp SoundMAX System Tray (Not verified) Analog Devices c:\windows\system32\smtray.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Adobe Gamma Loader.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ PopChar.lnk c:\windows\installer\{83b99579-7cc9-44f7-b6dc-6a81c88ef072}\_69525f90.exe

C:\Documents and Settings\USER\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MSMSGS Messenger (Not verified) Microsoft Corporation c:\program files\messenger\msmsgs.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\System\CurrentControlSet\Services

+ _IOMEGA_ACTIVE_DISK_SERVICE_ Active Disk Service (Not verified) Iomega Corporation c:\program files\iomega\autodisk\adservice.exe

+ Crypkey License CrypKey NT Service (Not verified) Kenonic Controls Ltd. c:\windows\system32\crypserv.exe

+ IVSmtp SMTP Protocol Server for MailCOPA (Not verified) InterVations Ltd c:\program files\common files\intervations\smtpnt.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\windows\system32\updcrl.exe

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Eudora's Shell Extension Eudora's Shell Extension (Not verified) Qualcomm Inc. c:\program files\qualcomm\eudora\eushlext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL Extension File not found: deskpan.dll

+ Eudora's Shell Extension Eudora's Shell Extension (Not verified) Qualcomm Inc. c:\program files\qualcomm\eudora\eushlext.dll

+ HyperTerminal Icon Ext File not found: C:\WINDOWS\System32\hticons.dll

+ Microangelo Context Menu Extension c:\windows\system32\muangsys.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realone player\rpshell.dll

+ Webroot Spy Sweeper Context Menu Integration Spy Sweeper Context Menu (Not verified) Webroot Software, Inc. c:\program files\webroot\spy sweeper\ssctxmnu.dll

+ WinAce Archiver 2.2 Context Menu Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\winace\arcext.dll

+ WinAce Archiver 2.2 Context Menu Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\winace\arcext.dll

+ WinAce Archiver 2.2 DragDrop Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\winace\arcext.dll

+ WinAce Archiver 2.2 Property Sheet Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\winace\arcext.dll

+ Window Washer Shell Shredding Utility Window Washer Shredding Shell Extension (Not verified) Webroot Software c:\program files\common files\webroot shared\shellwash.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\winzip\wzshlstb.dll

+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\winzip\wzshlstb.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar Helper Google IE Client Toolbar (Not verified) Google Inc. c:\program files\google\googletoolbar1.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ googletoolbar1.dll Google IE Client Toolbar (Not verified) Google Inc. c:\program files\google\googletoolbar1.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger (Not verified) America Online, Inc. c:\aim95\aim.exe

+ Messenger Messenger (Not verified) Microsoft Corporation c:\program files\messenger\msmsgs.exe

+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe

Task Scheduler

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ DllDirectory c:\windows\system32

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9



Any help at all would be greatly appreciated.
thanks!

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:16 AM

Posted 21 August 2005 - 11:45 PM

I suggest you post a HijackThis log for examination.
Include a link back to this thread, so the Team member that helps you, will have an idea of the problems you're having.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users