Jump to content


2 viruses, help plz

  • Please log in to reply
3 replies to this topic

#1 Makaveli


    The Don

  • Helper Trainee
  • Pip
  • 26 posts

Posted 17 June 2004 - 12:30 AM

hi there. a friend sent me something while she was infected with bispy, needless to say the file was also infected..only i didn't know it. as i was looking up info for her about it, i ran across a site..i think it's called faqfarms.com or something like that and one person suggested a scan with bitdefender. for kicks i ran the scan and low and behold i found i had been infected also. so i cleaned that up quick.

I also had kazaa on my pc, while i didn't use it all that often, my brother did. i decided to get rid of it and used kazaabgone before uninstalling it..oops! decided to download and install it again to do it right this time and the second! THE! second it finished installing AVG popped to tell me i had been infected with keenval.b or something or other. unfortunately i am unable to get rid of it, as it seems to be in system restore. looked for info on it for quite a while to try to get rid of it myself so i wouldn't have to bother you kind, generious awesome ppl. but i can't really find anything so i'm finally turning to you guys. i have run AVG, tried trendmicro, panda, spybot 1.3 adaware, both updated. with system restore on and off. both in safe mode and regular mode..if you wanna call it that lol, none finds anything. also, i noticed that just after becoming infected with this keenval, my preformance has gone down too, i emptied history and defragged but the preformance is still not what it could/should be. htj log if you need it.

Logfile of HijackThis v1.97.7
Scan saved at 1:26:12 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: FreedomAudio - http://download.worl...ominstaller.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8044.5301851852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AB9F35-A0C3-4050-951A-23EF3DFB9D0E}: NameServer =

much thx to you guys.

also if ANYONE can tell me if softex omnipass is needed or not and if i can get rid of it..it would be much appreciated!

#2 Makaveli


    The Don

  • Helper Trainee
  • Pip
  • 26 posts

Posted 17 June 2004 - 11:08 PM


#3 dave38


    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 18 June 2004 - 03:38 PM

To remove this, you must purge the system restore files.
To do this, right click on "My Computer, and select "properties"> system restore tab.

Check the box "turn off system restore on all drives"and click OK.

That will remove all the old restore points, and the associated files.

Right click on My Computer again, and uncheck the box to restart system restore.
Then set a clean restore point, using help & support>"undo changes to my computer using system restore"
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 Makaveli


    The Don

  • Helper Trainee
  • Pip
  • 26 posts

Posted 20 June 2004 - 06:32 PM

Done and done. thx Dave38 for the help. As always, you guys rock!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!