• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Rashid_Fahim

2tq[2].zip A Malware?

3 posts in this topic

Sir, Yesterday my antivirus program (Avira Antivir Personal - Free Antivirus) detect a harm file named 2tq[2].zip in my temp directory and deleted it. When I reboot the machine, Antivirus is turned off. It show guard status as unknown. It is not protecting anymore. Here is my Hijack This log. Any solution plz.

 

 

==================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:51:49 PM, on 07-12-2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\svcadmin.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

c:\program files\avira\antivir desktop\avgnt.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O1 - Hosts: 209.85.225.99 msnfix.changelog.fr

O1 - Hosts: 209.85.225.99 www.incodesolutions.com

O1 - Hosts: 209.85.225.99 virusinfo.prevx.com

O1 - Hosts: 209.85.225.99 download.bleepingcomputer.com

O1 - Hosts: 209.85.225.99 www.dazhizhu.cn

O1 - Hosts: 209.85.225.99 foro.noticias3d.com

O1 - Hosts: 209.85.225.99 www.spybotupdates.com

O1 - Hosts: 209.85.225.99 www.nabble.com

O1 - Hosts: 209.85.225.99 lurker.clamav.net

O1 - Hosts: 209.85.225.99 lexikon.ikarus.at

O1 - Hosts: 209.85.225.99 research.sunbelt-software.com

O1 - Hosts: 209.85.225.99 www.virusdoctor.jp

O1 - Hosts: 209.85.225.99 www.elitepvpers.de

O1 - Hosts: 209.85.225.99 guru.avg.com

O1 - Hosts: 209.85.225.99 downloads.sophos.com

O1 - Hosts: 209.85.225.99 www.superuser.co.kr

O1 - Hosts: 209.85.225.99 ntfaq.co.kr

O1 - Hosts: 209.85.225.99 v.dreamwiz.com

O1 - Hosts: 209.85.225.99 cit.kookmin.ac.kr

O1 - Hosts: 209.85.225.99 forums.whatthetech.com

O1 - Hosts: 209.85.225.99 forum.hijackthis.de

O1 - Hosts: 209.85.225.99 avg.vo.llnwd.net

O1 - Hosts: 209.85.225.99 ftp.drweb.com

O1 - Hosts: 209.85.225.99 www.zonealarm.com

O1 - Hosts: 209.85.225.99 www.huaifai.go.th

O1 - Hosts: 209.85.225.99 www.mostz.com

O1 - Hosts: 209.85.225.99 www.krupunmai.com

O1 - Hosts: 209.85.225.99 www.cddchiangmai.net

O1 - Hosts: 209.85.225.99 forum.malekal.com

O1 - Hosts: 209.85.225.99 tech.pantip.com

O1 - Hosts: 209.85.225.99 sapcupgrades.com

O1 - Hosts: 209.85.225.99 www.elguruinformatico.com

O1 - Hosts: 209.85.225.99 www.247fixes.com

O1 - Hosts: 209.85.225.99 forum.sysinternals.com

O1 - Hosts: 209.85.225.99 forum.telecharger.01net.com

O1 - Hosts: 209.85.225.99 sophos.com

O1 - Hosts: 209.85.225.99 foros.softonic.com

O1 - Hosts: 209.85.225.99 avast-home.uptodown.com

O1 - Hosts: 209.85.225.99 dr-web-cureit.softonic.com

O1 - Hosts: 209.85.225.99 www.f-secure.com

O1 - Hosts: 209.85.225.99 www.chkrootkit.org

O1 - Hosts: 209.85.225.99 diamondcs.com.au

O1 - Hosts: 209.85.225.99 www.rootkit.nl

O1 - Hosts: 209.85.225.99 www.sysinternals.com

O1 - Hosts: 209.85.225.99 z-oleg.com

O1 - Hosts: 209.85.225.99 espanol.dir.groups.yahoo.com

O1 - Hosts: 209.85.225.99 ftp01net.telechargement.fr

O1 - Hosts: 209.85.225.99 www.castlecrops.com

O1 - Hosts: 209.85.225.99 www.misec.net

O1 - Hosts: 209.85.225.99 safecomputing.umn.edu

O1 - Hosts: 209.85.225.99 www.antirootkit.com

O1 - Hosts: 209.85.225.99 www.greatis.com

O1 - Hosts: 209.85.225.99 ar.answers.yahoo.com

O1 - Hosts: 209.85.225.99 www.elhacker.org

O1 - Hosts: 209.85.225.99 research.pandasecurity.com

O1 - Hosts: 209.85.225.99 www.rootkit.com

O1 - Hosts: 209.85.225.99 www.pctools.com

O1 - Hosts: 209.85.225.99 www.pcsupportadvisor.com

O1 - Hosts: 209.85.225.99 www.resplendence.com

O1 - Hosts: 209.85.225.99 www.personal.psu.edu

O1 - Hosts: 209.85.225.99 foro.ethek.com

O1 - Hosts: 209.85.225.99 foro.elhacker.net

O1 - Hosts: 209.85.225.99 download.zonealarm.com

O1 - Hosts: 209.85.225.99 vil.nail.com

O1 - Hosts: 209.85.225.99 search.mcafee.com

O1 - Hosts: 209.85.225.99 wwww.mcafee.com

O1 - Hosts: 209.85.225.99 download.nai.com

O1 - Hosts: 209.85.225.99 wwww.experts-exchange.com

O1 - Hosts: 209.85.225.99 www.bakunos.com

O1 - Hosts: 209.85.225.99 www.darkclockers.com

O1 - Hosts: 209.85.225.99 www2.gmer.net

O1 - Hosts: 209.85.225.99 ariefew.com

O1 - Hosts: 209.85.225.99 www.Merijn.org

O1 - Hosts: 209.85.225.99 www.spywareinfo.com

O1 - Hosts: 209.85.225.99 www.spybot.info

O1 - Hosts: 209.85.225.99 www.viruslist.com

O1 - Hosts: 209.85.225.99 www.hijackthis.de

O1 - Hosts: 209.85.225.99 ftp.f-secure.com

O1 - Hosts: 209.85.225.99 forum.kaspersky.com

O1 - Hosts: 209.85.225.99 es.trendmicro-europe.com

O1 - Hosts: 209.85.225.99 www.hvaonline.net

O1 - Hosts: 209.85.225.99 majorgeeks.com

O1 - Hosts: 209.85.225.99 www.avp.com

O1 - Hosts: 209.85.225.99 www.virustotal.com

O1 - Hosts: 209.85.225.99 www.sophos.com

O1 - Hosts: 209.85.225.99 linhadefensiva.uol.com.br

O1 - Hosts: 209.85.225.99 cmmings.cn

O1 - Hosts: 209.85.225.99 www.sergiwa.com

O1 - Hosts: 209.85.225.99 www.el-hacker.com

O1 - Hosts: 209.85.225.99 dl2.agnitum.com

O1 - Hosts: 209.85.225.99 forum.smadav.net

O1 - Hosts: 209.85.225.99 www.avg-antivirus.net

O1 - Hosts: 209.85.225.99 www.kaspersky-labs.com

O1 - Hosts: 209.85.225.99 www.kaspersky.com

O1 - Hosts: 209.85.225.99 www.bleepingcomputer.com

O1 - Hosts: 209.85.225.99 www.free.grisoft.com

O1 - Hosts: 209.85.225.99 alerta-antivirus.inteco.es

O1 - Hosts: 209.85.225.99 greatis.com

O1 - Hosts: 209.85.225.99 www.oprekpc.com

O1 - Hosts: 209.85.225.99 securityresponse.symantec.com

O1 - Hosts: 209.85.225.99 www.analysis.seclab.tuwien.ac.at

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

 

--

End of file - 7643 bytes

 

 

====================

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Did you install this PC Remove control software?

O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

===

 

The Hosts file was altered, so please for your added security install this one.

 

Download HostsXpert

 

Tutorial, go here:

http://i28.photobucket.com/albums/c227/tetonbob/emoticons/HostsXpert4.jpg

  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Download
  • Click: MVPs Hosts
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.

Note: If a custom Hosts file was in place, also edit those entries back in.

*/*

I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.

 

All you need to know about the hosts file.

http://www.mvps.org/winhelp2002/hosts.htm

 

Restart the computer normally.

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

 

CCleanerA.png

 

Next: click Options click the Settings tab

Then click Run Cleaner (bottom right) then Exit

*/*

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

 

Post back with the Malwarebytes Anti-Malware log once it's complete.

Include a fresh HijackThis log.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0