Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problably Infected By Generic.vox & .xfs, Wareout,


  • This topic is locked This topic is locked
3 replies to this topic

#1 megamyx

megamyx

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 16 July 2006 - 03:23 AM

Firstly, this is in conjuction to my other thread : Thread Link. Today i encountered another prob. AVG antivirus detected & moved about 10 viruses or malwares to its vault; and they are : generic.vox, generic.xfs, generic.xfv, clicker.fr. it is better to post my HijackThis log;

so here's last afternoon's log :

Logfile of HijackThis v1.99.1
Scan saved at 6:44:39 PM, on 7/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DVD-Rom\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Security Tools\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Security Tools\SpywareGuard\sgmain.exe
C:\Program Files\Security Tools\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Security Tools\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Download and Compression\Azureus\Azureus.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Security Tools\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SECURI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\DVD-Rom\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Security Tools\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Security Tools\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0957C19A-D854-482A-A4F9-18856C723D7D} (XNC600NetCam Control) - http://www.wejeatech.com:81/XNC600NetCam.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10D8017C-4B3C-4A75-BCC0-EE42917934C8}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BDFE572-1EB5-4CA0-B1E8-7EFF409F97E7}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{507DD697-0E0E-4173-9E69-6263DB89F592}: NameServer = 85.255.115.19 85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{A57A1731-1695-4B3A-8D81-1E5A14FDC6FF}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF2BC41-0FC8-486C-959C-CC8C97DE6F15}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\..\{10D8017C-4B3C-4A75-BCC0-EE42917934C8}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.183
O17 - HKLM\System\CS2\Services\Tcpip\..\{10D8017C-4B3C-4A75-BCC0-EE42917934C8}: NameServer = 85.255.115.19,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.183
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Security Tools\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


bitdefender online scan result (just incase) :

BitDefender Online Scanner

Scan report generated at: Sat, Jul 15, 2006 - 09:45:56

Scan path: ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A};C:\Documents and Settings\User\My Documents;C:\Documents and Settings\Visitor\My Documents;C:\Documents and Settings\All Users\Documents;A:\;C:\;E:\;F:\;G:\;

Scanned File & Status

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183736.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183736.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183736.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183740.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183740.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183740.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183741.exe
Infected with: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183741.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0183741.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184736.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184736.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184736.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184740.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184740.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184740.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184741.exe
Infected with: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184741.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0184741.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185736.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185736.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185736.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185741.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185741.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185741.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185742.exe
Infected with: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185742.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0185742.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186736.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186736.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186736.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186740.exe
Infected with: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186740.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186740.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186741.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186741.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186741.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186751.exe
Infected with: Trojan.Raze.D

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186751.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186751.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186752.dll
Detected with: Adware.Iectr.A

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186752.dll
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186752.dll
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186757.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186757.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186757.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186760.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186760.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186760.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186777.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186777.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186777.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186781.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186781.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186781.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186801.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186801.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186801.exe
Deleted

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186847.exe
Infected with: MemScan:Trojan.Agent.QB

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186847.exe
Disinfection failed

C:\System Volume Information\_restore{5F40C022-7F01-4461-8F9A-1A8720CCD6C6}\RP715\A0186847.exe
Deleted

C:\WINDOWS\system32\cscjd.exe
Suspected of: BehavesLike:Trojan.ShellStartup

C:\WINDOWS\system32\cscjd.exe
Disinfection failed

C:\WINDOWS\system32\cscjd.exe
Deleted

C:\WINDOWS\system32\dmiiw.exe
Infected with: MemScan:Trojan.Agent.QB

C:\WINDOWS\system32\dmiiw.exe
Disinfection failed

C:\WINDOWS\system32\dmiiw.exe
Deleted

C:\WINDOWS\system32\{528BCA5C-8543-4E83-A82D-5CAFD6FD509E}.exe
Infected with: Trojan.Fakealert

C:\WINDOWS\system32\{528BCA5C-8543-4E83-A82D-5CAFD6FD509E}.exe
Disinfection failed

C:\WINDOWS\system32\{528BCA5C-8543-4E83-A82D-5CAFD6FD509E}.exe
Deleted



i was checking out many sites simultaneously the other day, and suddenly my machine got infected, it went slow, wallpaper changed into some black background with a red rectangle in the center & a warning saying that my computer is not secure & at risk.. something like that. so, i searched the web for answers & tried them yesterday; thought i got rid of them. i believe i was wrong coz when i checked my AVG's vault today, C:\System Volume Information\_restore's folders & files were infected by generic.vox & the likes. so i'm really clueless & confused to what my machine was really infected with.

just morethan 2 hours ago, when i used "cleanmgr" it run & got stucked with scanning compressed files until now; i checked task manager, it showed that disk cleanup is still running. Didn't know why it's not doing anything, so i'm going to cancel the cleanup now. anybody know why?

hope you guys could help me remove these malwares & viruses. also, please teach me how to prevent & avoid getting these such things. i have the following security programs installed : ad aware, spybot S&D, AVG, ewido, spyware guard, spyware blaster, reg cleaner, cwshredder. i don't have a firewall & i use IE to surf the internet. if there's anything i need to install & add please let me know (freeware if possible).

BC AdBot (Login to Remove)

 


#2 megamyx

megamyx
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 19 July 2006 - 07:59 AM

hope somebody help me... i just need to know if my machine is safe or there's still something needed to be done.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:41 PM

Posted 22 July 2006 - 08:39 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:41 PM

Posted 28 July 2006 - 05:41 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users