Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got A Virus In Msgsrv32.exe(says Litmus Virus) And Mprexe.exe(says Opaserv.t) With System Mechanic Pro 6(file Startup) At Startup)


  • Please log in to reply
20 replies to this topic

#1 zizi

zizi

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 17 December 2005 - 07:52 PM

Can I delete those 2 and reinstall Win98se in DOS mode...? but will the registry key will still be there?


here's the Hijackthis Logs(maybe other crap is there,but didnt notice it or dont know)

thanks guys..wonderfull sites...espacially for online scanning that deleted a lot of crap!,damn my kaspersky antirus is totally BS...Housecalling(found 7 or 8 files(spyware,virus,trojan etc..) and Bitfender(found 5 other files!)...I might think to scan it with panda now...since both 2 others found totally different crap files...

Do i need to get 2 or 3 antivirus it seems none can do the job alone... ??

AVG last version?


Logfile of HijackThis v1.99.1
Scan saved at 19:47:10, on 05-12-17
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE :o :thumbsup: :flowers:
C:\WINDOWS\SYSTEM\MPREXE.EXE
:) :huh: :huh:
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AEI INTERNET INC\AEI HIGHSPEED INTERNET\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 59.23.201.40:50050
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL :huh:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll :huh:
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "H:\Program\Etrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Kaspersky Anti-Virus Monitor.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\AvpM.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL :huh:
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

BC AdBot (Login to Remove)

 


#2 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 18 December 2005 - 12:39 PM

Virus In Msgsrv32.exe(says Component of Litmus Virus) And Mprexe.exe(says Opaserv.t virus) at Startup.[u]







Can I delete those 2 and reinstall Win98se in DOS mode...? but will the registry key will still be there?


here's the Hijackthis Logs(maybe other crap is there,but didnt notice it or dont know)

thanks guys..wonderfull sites...espacially for online scanning that deleted a lot of crap!,damn my kaspersky antirus is totally BS...Housecalling(found 7 or 8 files(spyware,virus,trojan etc..) and Bitfender(found 5 other files!)...I might think to scan it with panda now...since both 2 others found totally different crap files...

Do i need to get 2 or 3 antivirus it seems none can do the job alone... ??

AVG last version?



the ones in BOLD,are the one I think might be suspicious(mprexe.exe and Msgsrv32.exe are 100% sure)


Logfile of HijackThis v1.99.1
Scan saved at 12:33:25, on 05-12-18
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\AVPM.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\AVPM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AEI INTERNET INC\AEI HIGHSPEED INTERNET\APP\ENTERNET.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 59.23.201.40:50050
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "H:\Program\Etrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Kaspersky Anti-Virus Monitor.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\AvpM.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

Edited by zizi, 18 December 2005 - 12:42 PM.


#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 04:19 AM

Hi zizi and Welcome to the Bleeping Computer!

Kaspesky is by far and away the top of the line in AV Software,they do require that you download install and activate the Extended Databases for Malware.

Then it will usually pick up most of what you listed

As for C:\WINDOWS\SYSTEM\MSGSRV32.EXE
http://www.liutilities.com/products/wintas...brary/msgsrv32/

As for C:\WINDOWS\SYSTEM\MPREXE.EXE
http://www.liutilities.com/products/wintas...library/mprexe/

As for C:\WINDOWS\SYSTEM\mmtask.tsk
http://www.liutilities.com/products/wintas...library/mmtask/

The rest you have highlighted are legit as well


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

Edited by Cretemonster, 20 December 2005 - 04:19 AM.


#4 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 21 December 2005 - 12:21 PM

Hi CreteMonster,

thanks for replying,Ive done what you've said,so here's the log from SpySweeper:

********
06:32: | Start of Session, 21 december, 2005 |
06:32: Spy Sweeper started
06:32: Sweep initiated using definitions version 588
06:32: Starting Memory Sweep
06:38: Memory Sweep Complete, Elapsed Time: 00:05:54
06:38: Starting Registry Sweep
06:42: Registry Sweep Complete, Elapsed Time:00:03:45
06:42: Starting Cookie Sweep
06:42: Found Spy Cookie: go.com cookie
06:42: anyuser@go[1].txt (ID = 2728)
06:42: Cookie Sweep Complete, Elapsed Time: 00:00:05
06:42: Starting File Sweep
06:42: Warning: Failed to open file "c:\win386.swp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c1-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c2-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c3-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c4-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c5-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c6-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c7-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c8-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2c9-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ca-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2cb-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2cc-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2cd-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ce-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2cf-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d0-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d1-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d2-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d3-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d4-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d5-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d6-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d7-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d8-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2d9-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2da-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2db-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2dc-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2dd-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2de-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2df-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e0-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:02: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e1-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e2-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e3-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e4-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e5-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e6-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e7-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e8-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2e9-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ea-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2eb-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ec-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ed-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ee-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ef-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f0-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f1-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f2-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f3-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f4-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f5-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f6-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f7-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f8-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2f9-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2fa-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2fb-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2fc-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2fd-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2fe-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa2ff-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa300-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa301-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa302-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa303-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa304-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa305-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa306-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa307-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa308-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa309-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30a-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30b-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30c-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30d-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30e-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa30f-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa310-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa311-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa312-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa313-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa314-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa315-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa316-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa317-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa318-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa319-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31a-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31b-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31c-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31d-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31e-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa31f-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa320-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa321-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa322-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa323-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa324-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa325-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa326-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa327-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
07:03: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6eaa328-71e9-11da-b24b-00c0f0487a55.tmp". The process cannot access the file because
it is being used by another process
08:05: Found Adware: safesurf
08:05: dd0.exe (ID = 162519)
09:17: Warning: Invalid Stream
09:23: Warning: Unhandled Archive Type
09:34: File Sweep Complete, Elapsed Time: 02:52:29
09:34: Full Sweep has completed. Elapsed time 03:01:59
09:34: Traces Found: 2
11:45: Removal process initiated
11:45: Quarantining All Traces: safesurf
11:45: Warning: Out of memory
11:45: Failed to quarantine safesurf
11:45: Failed to quarantine dd0.exe
11:45: Quarantining All Traces: go.com cookie
11:45: Warning: Out of memory
11:45: Failed to quarantine go.com cookie
11:45: Failed to quarantine anyuser@go[1].txt
11:45: Removal process completed. Elapsed time 00:00:09
********
01:21: | Start of Session, 21 december, 2005 |
01:21: Spy Sweeper started
06:24: Your spyware definitions have been updated.
06:28: Updating spyware definitions
06:28: Your definitions are up to date.
06:32: | End of Session
-----------------------------------------------------------------------------------------------------------------------


1st: I want you to elaborate about what you've said concerning Kaspersky,``they do require that you download install and activate the Extended Databases for Malware.``,so it means that it CAN'T be done by just updating the Virus Database?,I have to go to their website and get it separately?


2nd: I still have the problems of Msgsrv32.exe(litmus virus component),Mprexe.exe(opasert.t),and before I still have(because Ive ended the startup of those 2 files which are also infected) TASKMON.EXE(MyDoom.A or Mydoom.J) and SPOOL32.EXE(YAB.A virus)

from there,I really dont know what to do...I need some things to find in the registry(im sure) for each virus...and maybe doind a spyweeper scan in SAFE-MODE?....what do you think...


3rd: ill make a hijackthis update in another post(too not flood this post)

#5 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 21 December 2005 - 12:25 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:24:12, on 05-12-21
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\AEI INTERNET INC\AEI HIGHSPEED INTERNET\APP\ENTERNET.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 59.23.201.40:50050
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "H:\Program\Etrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SpySweeper] "F:\PROGRAM\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2005 - 09:00 PM

Im not sure where your getting the information that those system files on your PC are infected but if you really wanna know,Ill show you 2 links that will scan each file you mentioned individually by every major AV Company known.

http://www.virustotal.com/flash/index_en.html
and
http://virusscan.jotti.org/

Once at the sites-> Click the Browse tab and locate each file in question,submit them for a scan and let me know the results of each.

Now,we need to see if we can locate a particular file on the system.

Copy the text below to a blank notepad page and Save it to the desktop as Find.bat


dir \dd0.exe /a h /s > File.txt



Once Saved-> Double Click Find.bat-> A dos window will appear,wait for it to close and then locate find.txt on the desktop,copy&paste those results into the next reply.

#7 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 22 December 2005 - 02:30 AM

Hi,

I put the command like you said to me``dir \dd0.exe /a h /s > File.txt ``,and it says:

too many parameters - h
, so theres nothing written in the find.text, when i remove the ``H`` it says:

file not found in the DOS window and in the find.text is says:

Volume in drive C has no label
Volume Serial Number is 3D22-08FA

Directory of C:\WINDOWS\Desktop

7 624.45 MB free


so let me know what to do next to get whatever you need to know about doing that thing.


the questions concerning what programs sees that I have a virus in those 4 files(msgsrv32.exe,spool32.exe,taskmon.exe,mprexe.exe): is SYSTEM MECHANIC PROFESSIONAL 6,in Optimize Option,and in MANAGE RUNNING PROGRAMS.


Ill download wintasks pro..to see again...


ill copy paste the scanning of the 2 sites that you gave me(virustotal.com and virusscan.jotti.org) in the following post.

#8 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 22 December 2005 - 02:32 AM

This is a report processed by VirusTotal on 12/22/2005 at 07:45:59 (CET) after scanning the file "Mprexe.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.21.2005 no virus found
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.21.2005 no virus found
Avira 6.33.0.70 12.21.2005 no virus found
BitDefender 7.2 12.22.2005 no virus found
CAT-QuickHeal 8.00 12.21.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.21.2005 no virus found
eTrust-Iris 7.1.194.0 12.22.2005 no virus found
eTrust-Vet 12.4.1.0 12.22.2005 no virus found
Fortinet 2.54.0.0 12.22.2005 no virus found
F-Prot 3.16c 12.20.2005 no virus found
Ikarus 0.2.59.0 12.21.2005 no virus found
Kaspersky 4.0.2.24 12.22.2005 no virus found
McAfee 4655 12.21.2005 no virus found
NOD32v2 1.1332 12.21.2005 no virus found
Norman 5.70.10 12.21.2005 no virus found
Panda 8.02.00 12.21.2005 no virus found
Sophos 4.01.0 12.22.2005 no virus found
Symantec 8.0 12.22.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 no virus found
VBA32 3.10.5 12.21.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

This is a report processed by VirusTotal on 12/22/2005 at 07:51:51 (CET) after scanning the file "Spool32.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.21.2005 no virus found
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.21.2005 no virus found
Avira 6.33.0.70 12.21.2005 no virus found
BitDefender 7.2 12.22.2005 no virus found
CAT-QuickHeal 8.00 12.21.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.21.2005 no virus found
eTrust-Iris 7.1.194.0 12.22.2005 no virus found
eTrust-Vet 12.4.1.0 12.22.2005 no virus found
Fortinet 2.54.0.0 12.22.2005 no virus found
F-Prot 3.16c 12.20.2005 no virus found
Ikarus 0.2.59.0 12.21.2005 no virus found
Kaspersky 4.0.2.24 12.22.2005 no virus found
McAfee 4655 12.21.2005 no virus found
NOD32v2 1.1332 12.21.2005 no virus found
Norman 5.70.10 12.21.2005 no virus found
Panda 8.02.00 12.21.2005 no virus found
Sophos 4.01.0 12.22.2005 no virus found
Symantec 8.0 12.22.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 no virus found
VBA32 3.10.5 12.21.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

This is a report processed by VirusTotal on 12/22/2005 at 07:56:37 (CET) after scanning the file "Msgsrv32.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.21.2005 no virus found
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.21.2005 no virus found
Avira 6.33.0.70 12.21.2005 no virus found
BitDefender 7.2 12.22.2005 no virus found
CAT-QuickHeal 8.00 12.21.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.21.2005 no virus found
eTrust-Iris 7.1.194.0 12.22.2005 no virus found
eTrust-Vet 12.4.1.0 12.22.2005 no virus found
Fortinet 2.54.0.0 12.22.2005 no virus found
F-Prot 3.16c 12.20.2005 no virus found
Ikarus 0.2.59.0 12.21.2005 no virus found
Kaspersky 4.0.2.24 12.22.2005 no virus found
McAfee 4655 12.21.2005 no virus found
NOD32v2 1.1332 12.21.2005 no virus found
Norman 5.70.10 12.21.2005 no virus found
Panda 8.02.00 12.21.2005 no virus found
Sophos 4.01.0 12.22.2005 no virus found
Symantec 8.0 12.22.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 no virus found
VBA32 3.10.5 12.21.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



This is a report processed by VirusTotal on 12/22/2005 at 07:59:12 (CET) after scanning the file "Taskmon.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.21.2005 no virus found
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.21.2005 no virus found
Avira 6.33.0.70 12.21.2005 no virus found
BitDefender 7.2 12.22.2005 no virus found
CAT-QuickHeal 8.00 12.21.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.21.2005 no virus found
eTrust-Iris 7.1.194.0 12.22.2005 no virus found
eTrust-Vet 12.4.1.0 12.22.2005 no virus found
Fortinet 2.54.0.0 12.22.2005 no virus found
F-Prot 3.16c 12.20.2005 no virus found
Ikarus 0.2.59.0 12.21.2005 no virus found
Kaspersky 4.0.2.24 12.22.2005 no virus found
McAfee 4655 12.21.2005 no virus found
NOD32v2 1.1332 12.21.2005 no virus found
Norman 5.70.10 12.21.2005 no virus found
Panda 8.02.00 12.21.2005 no virus found
Sophos 4.01.0 12.22.2005 no virus found
Symantec 8.0 12.22.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 no virus found
VBA32 3.10.5 12.21.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



Service load:
0% 100%
File: Msgsrv32.exe
Status:
OK
MD5 15020a139f22cdbf9c70aa8d80f6ae0e
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

-----------------------------------------------

Service load:
0% 100%
File: Mprexe.exe
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 562d04789250a81ce629d60646a0d191
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing



Service load:
0% 100%
File: Spool32.exe
Status:
OK
MD5 db3bee092f0e90cf799d69f99c001dae
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing




Service load:
0% 100%
File: Taskmon.exe
Status:
OK
MD5 f795110611101279aa15997801abaca0
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2005 - 04:47 AM

Those Virus Scan results are what I expected.

The file search isnt what I was hoping for.

Go to Safe Mode-> Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by every box under Advanced Options

Now under All Files and Folders,enter this into the text box:

dd0.exe

Delete any instances found of that exact file name.


Restart Normal and let me know if you located the file?

#10 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 23 December 2005 - 02:15 AM

I did what you said in safe-mode and I found only files that contains ``DD0`` not ``DD0.EXE``

here's some exemples of the files(3 or 4 of 15 files) and let me know If I should delete those:

BB8282DDd01
289A85BDd01
2FFA062Dd01
etc...(there's 8 others like that)

Located in: C:\WINDOWS\Application Data\Mozilla\FireFox\Profiles\8oyw1jio.default\Cache

and

INTERNAT.EXE.q_8049DD0_q.ini (type of files: Configuration Settings) 1KB
INTERNAT.EXE.q_8049DD0_q (type of files: Q_8049DD0_Q file) 40KB
_INTERNAT13B89DD0 7KB

Located in: C:\WINDOWS\All users\Application DATA\SecTaskMan


let me know if it corresponds to the DDO.EXE or affiliate...


thanks again...

#11 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 December 2005 - 04:10 AM

bump

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 December 2005 - 04:58 AM

OK,Update and Scan again with SpySweeper,just as you did before,lets see if it picks up that file again?

Post the results of the SpySweeper Scan in the next reply.

#13 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 25 December 2005 - 02:56 AM

I did what you said in safe-mode and I found only files that contains ``DD0`` not ``DD0.EXE``

here's some exemples of the files(3 or 4 of 15 files) and let me know If I should delete those:

BB8282DDd01
289A85BDd01
2FFA062Dd01
etc...(there's 8 others like that)

Located in: C:\WINDOWS\Application Data\Mozilla\FireFox\Profiles\8oyw1jio.default\Cache

and

INTERNAT.EXE.q_8049DD0_q.ini (type of files: Configuration Settings) 1KB
INTERNAT.EXE.q_8049DD0_q (type of files: Q_8049DD0_Q file) 40KB
_INTERNAT13B89DD0 7KB

Located in: C:\WINDOWS\All users\Application DATA\SecTaskMan


let me know if it corresponds to the DDO.EXE or affiliate...









Hi,

Well Should I delete all the files that I just mentionned?,or some of those,before doing another scan with SpySweeper?

#14 zizi

zizi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 27 December 2005 - 04:22 AM

bump

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2005 - 10:24 AM

Sorry for the delay,been a bit under the weather.

You should be able to clear those easily by opening Firefox and clicking Tools-> Options-> Privacy

You can clear all thats there.

I more interested to see what the SpySweeper Scan shows.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users