Jump to content


2tq[2].zip A Malware?

  • This topic is locked This topic is locked
2 replies to this topic

#1 Rashid_Fahim



  • Full Member
  • Pip
  • 2 posts

Posted 07 December 2009 - 03:40 AM

Sir, Yesterday my antivirus program (Avira Antivir Personal - Free Antivirus) detect a harm file named 2tq[2].zip in my temp directory and deleted it. When I reboot the machine, Antivirus is turned off. It show guard status as unknown. It is not protecting anymore. Here is my Hijack This log. Any solution plz.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:49 PM, on 07-12-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
c:\program files\avira\antivir desktop\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: msnfix.changelog.fr
O1 - Hosts: www.incodesolutions.com
O1 - Hosts: virusinfo.prevx.com
O1 - Hosts: download.bleepingcomputer.com
O1 - Hosts: www.dazhizhu.cn
O1 - Hosts: foro.noticias3d.com
O1 - Hosts: www.spybotupdates.com
O1 - Hosts: www.nabble.com
O1 - Hosts: lurker.clamav.net
O1 - Hosts: lexikon.ikarus.at
O1 - Hosts: research.sunbelt-software.com
O1 - Hosts: www.virusdoctor.jp
O1 - Hosts: www.elitepvpers.de
O1 - Hosts: guru.avg.com
O1 - Hosts: downloads.sophos.com
O1 - Hosts: www.superuser.co.kr
O1 - Hosts: ntfaq.co.kr
O1 - Hosts: v.dreamwiz.com
O1 - Hosts: cit.kookmin.ac.kr
O1 - Hosts: forums.whatthetech.com
O1 - Hosts: forum.hijackthis.de
O1 - Hosts: avg.vo.llnwd.net
O1 - Hosts: ftp.drweb.com
O1 - Hosts: www.zonealarm.com
O1 - Hosts: www.huaifai.go.th
O1 - Hosts: www.mostz.com
O1 - Hosts: www.krupunmai.com
O1 - Hosts: www.cddchiangmai.net
O1 - Hosts: forum.malekal.com
O1 - Hosts: tech.pantip.com
O1 - Hosts: sapcupgrades.com
O1 - Hosts: www.elguruinformatico.com
O1 - Hosts: www.247fixes.com
O1 - Hosts: forum.sysinternals.com
O1 - Hosts: forum.telecharger.01net.com
O1 - Hosts: sophos.com
O1 - Hosts: foros.softonic.com
O1 - Hosts: avast-home.uptodown.com
O1 - Hosts: dr-web-cureit.softonic.com
O1 - Hosts: www.f-secure.com
O1 - Hosts: www.chkrootkit.org
O1 - Hosts: diamondcs.com.au
O1 - Hosts: www.rootkit.nl
O1 - Hosts: www.sysinternals.com
O1 - Hosts: z-oleg.com
O1 - Hosts: espanol.dir.groups.yahoo.com
O1 - Hosts: ftp01net.telechargement.fr
O1 - Hosts: www.castlecrops.com
O1 - Hosts: www.misec.net
O1 - Hosts: safecomputing.umn.edu
O1 - Hosts: www.antirootkit.com
O1 - Hosts: www.greatis.com
O1 - Hosts: ar.answers.yahoo.com
O1 - Hosts: www.elhacker.org
O1 - Hosts: research.pandasecurity.com
O1 - Hosts: www.rootkit.com
O1 - Hosts: www.pctools.com
O1 - Hosts: www.pcsupportadvisor.com
O1 - Hosts: www.resplendence.com
O1 - Hosts: www.personal.psu.edu
O1 - Hosts: foro.ethek.com
O1 - Hosts: foro.elhacker.net
O1 - Hosts: download.zonealarm.com
O1 - Hosts: vil.nail.com
O1 - Hosts: search.mcafee.com
O1 - Hosts: wwww.mcafee.com
O1 - Hosts: download.nai.com
O1 - Hosts: wwww.experts-exchange.com
O1 - Hosts: www.bakunos.com
O1 - Hosts: www.darkclockers.com
O1 - Hosts: www2.gmer.net
O1 - Hosts: ariefew.com
O1 - Hosts: www.Merijn.org
O1 - Hosts: www.spywareinfo.com
O1 - Hosts: www.spybot.info
O1 - Hosts: www.viruslist.com
O1 - Hosts: www.hijackthis.de
O1 - Hosts: ftp.f-secure.com
O1 - Hosts: forum.kaspersky.com
O1 - Hosts: es.trendmicro-europe.com
O1 - Hosts: www.hvaonline.net
O1 - Hosts: majorgeeks.com
O1 - Hosts: www.avp.com
O1 - Hosts: www.virustotal.com
O1 - Hosts: www.sophos.com
O1 - Hosts: linhadefensiva.uol.com.br
O1 - Hosts: cmmings.cn
O1 - Hosts: www.sergiwa.com
O1 - Hosts: www.el-hacker.com
O1 - Hosts: dl2.agnitum.com
O1 - Hosts: forum.smadav.net
O1 - Hosts: www.avg-antivirus.net
O1 - Hosts: www.kaspersky-labs.com
O1 - Hosts: www.kaspersky.com
O1 - Hosts: www.bleepingcomputer.com
O1 - Hosts: www.free.grisoft.com
O1 - Hosts: alerta-antivirus.inteco.es
O1 - Hosts: greatis.com
O1 - Hosts: www.oprekpc.com
O1 - Hosts: securityresponse.symantec.com
O1 - Hosts: www.analysis.seclab.tuwien.ac.at
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

End of file - 7643 bytes


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,522 posts

Posted 09 December 2009 - 09:50 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq


    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,088 posts

Posted 10 December 2009 - 11:22 AM

I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Did you install this PC Remove control software?
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe

The Hosts file was altered, so please for your added security install this one.

Download HostsXpert

Tutorial, go here:
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Download
  • Click: MVPs Hosts
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.
Note: If a custom Hosts file was in place, also edit those entries back in.
I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.

All you need to know about the hosts file.

Restart the computer normally.

Download: CCleaner (freeware)
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:

Posted Image

Next: click Options click the Settings tab
Then click Run Cleaner (bottom right) then Exit

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
Include a fresh HijackThis log.

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button