Jump to content


Photo

Virus overload


  • This topic is locked This topic is locked
7 replies to this topic

#1 raven.1911

raven.1911

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 05 July 2009 - 01:18 PM

My PC was infected couple of months ago, and I stopped using it completely until now. I thought if I formatted and reinstall Windows XP, all problems would be solved but my anti virus still shows the computer as infected. Avira can't update, it says the program to execute has been destroyed. I'm getting trojan alerts when I click anything and everything. Firefox is acting slow. Please check my HJT log see if there's anything wrong here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:40 AM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Softwares\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Y2J\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Softwares\BitComet\tools\BitCometBHO_1.3.3.2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Softwares\SuperAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Softwares\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Softwares\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{91EBC6BD-45BB-4C29-82BE-C8A7388957EC}: NameServer = 116.193.170.15,203.112.194.243
O20 - Winlogon Notify: !SASWinLogon - D:\Softwares\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--
End of file - 2797 bytes

#2 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 06 July 2009 - 02:23 PM

Hello raven.1911

Posted Image
It may take some time and couple of attempts to provide you with the right help. Many of today's infections are advanced and install other infections on the computer.
It's almost impossible to remove the entire infection and to check for leftovers in one go. Please be patient.
:)

Are you familiar with Bangladesh Dhaka Internet Access & Telecom Carrier Service Provider?


Please download ATF Cleaner. Save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.




Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note:
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.

If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please post the Kaspersky Online Scanner Report , MBAM log and the contents of checkup.txt in your next reply for further review.

Best regards

e-tech

Edited by e-tech, 06 July 2009 - 02:24 PM.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#3 raven.1911

raven.1911

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 11 July 2009 - 03:28 AM

I am sorry about the delay , i am from BANGLADESH , I am sending you the reports of my computer



Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
AviraAntiVirPersonal-FreeAntivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

POOR! (NOT RANDOM-- Consider OPENDNS)

Scan took 44 seconds.
`````````End of Log```````````KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 11, 2009 04:36:59
Records in database: 2459280
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 21971
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:12:14

No malware has been detected. The scan area is clean.

The selected area was scanned.

Malwarebytes' Anti-Malware 1.38
Database version: 2375
Windows 5.1.2600 Service Pack 2

7/5/2009 9:22:38 PM
mbam-log-2009-07-05 (21-22-38).txt

Scan type: Quick Scan
Objects scanned: 75797
Time elapsed: 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\i6g6x.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Y2J\Local Settings\Temp\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

#4 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 11 July 2009 - 03:42 AM

Hello raven.1911 :)

Well done!

DNS Vulnerability Check showed that your DNS is vulnerable. Please consider using http://www.opendns.c...work/solutions/
OpenDNS is a free, closed-source, DNS resolution service.


Please run a scan with Trend Micro Rootkit Buster.
Download Trend Micro Rootkit Buster from here.
  • Unzip it to your Desktop.
  • Open the extracted folder and doubleclick RootkitBuster.exe
  • Press Scan.
When finished you'll be asked "Do you want to view log file". Press "Yes" and paste the containts of the log in your next reply.
If any infections found, please choose Delete Selected Items.


Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply along with the Rootkit Buster log.

How's your computer performing now?

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#5 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 13 July 2009 - 01:37 PM

:wave: Hi raven.1911!!!

Is everything alright?

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#6 raven.1911

raven.1911

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 19 July 2009 - 01:25 AM

Sorry for the delay u know that i am from bangladesh and i have to face lot of unusual problems, but look on the bright side my computer is all fixed thanks to you , you the best

#7 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 19 July 2009 - 02:14 AM

Sounds good!

Please consider updating to Windows XP SP3. It is now available via Windows Update or as a standalone installation here: http://www.microsoft...;displaylang=en


Please navigate to http://windowsupdate.microsoft.com and download all the "Critical Updates" for Windows. These will patch many of the security holes through which attackers can gain access to your computer. Your current versions appear to be outdated.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Best regards

e-tech

Edited by e-tech, 19 July 2009 - 02:16 AM.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#8 e-tech

e-tech

    The Decontaminator

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 19 July 2009 - 02:17 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button