Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Virus,Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Virus,Please help!

Unread postby Ozzmark » October 14th, 2006, 1:58 pm

I have a program in my main drive called Turing 4.0.4.exe,I try to delete it and it says it is in use. I looked through my processes and couldn't find anything. Please help, I need to know if it is a virus or not.


Logfile of HijackThis v1.99.1
Scan saved at 1:56:49 PM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec AntiVirus\DefWatch.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Symantec AntiVirus\Rtvscan.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\SYMANT~1\VPTray.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\ewido anti-spyware 4.0\guard.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Xfire\Xfire.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] G:\Program Files\Common Files\AOL\1153179304\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] G:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] G:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "G:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Outpost Firewall] G:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] G:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: Open with WordPerfect - G:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - G:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0320453281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: G:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: NavLogon - G:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - G:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - G:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: SAVRoam (SavRoam) - symantec - G:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - G:\Program Files\Symantec AntiVirus\Rtvscan.exe
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm
Advertisement
Register to Remove

Unread postby amateur » October 14th, 2006, 5:04 pm

Hi Ozzmark,

Welcome to MR. :)

Here is some information about the program. Looks like a patch for a program to teach programming. If you don't want it, you can try uninstalling it from Add/Remove Programs in Control Panel.
Last edited by amateur on October 14th, 2006, 9:05 pm, edited 1 time in total.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 14th, 2006, 8:33 pm

It is not in the Add or Remove programs...I'll keep it but it is not causing any problems?Just seemed odd to me.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » October 14th, 2006, 9:40 pm

It is not in the Add or Remove programs...I'll keep it but it is not causing any problems?Just seemed odd to me.

Yes, it's odd that you don't seem to know anything about it. It sounds like a program used by schools, teachers and students. If you are a student, you most likely need to keep it. More info here. However, I noticed that you've given the file name as turing 4.0.4.exe, whereas the patch is Turing 4.0.4d.exe. Unless it's a typo, it makes me wonder...

Current Patches for Turing 4.0
There are two updates available for Turing. You only require one, depending on which version of Turing you currently own:
Turing 4.0 - 4.0.1 [p] => Turing 4.0.4d update [9,610,195 bytes]
Turing 4.0.3 or higher => Turing 4.0.4d update [2,913,204 bytes]
Both updaters are executable installers that will attempt to find Turing on the hard drive. They will then install the new version of Turing over top of the old version. Please note that Turing must already be installed on the machine.


Can you give me the full path of the file please? Nothing malware related is showing in your log, but let's do an online scan to make sure.

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report and save it to your desktop.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry.

Post back the results of the Panda scan please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 16th, 2006, 8:47 pm

I am very sorry for not replying with a scan. I am in the process of moving and will have the scan tomorrow.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » October 16th, 2006, 8:56 pm

No worries. Good luck with your moving. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 17th, 2006, 3:27 pm

Incident Status Location

Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.c5.zedo.com/]
Spyware:Cookie/Zedo Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adserver Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/onestat.com Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/WUpd Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Atwola Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstBeacon Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Com.com Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.go.com/]
Spyware:Cookie/Adrevolver Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/cs.sexcounter Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Statcounter Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Maxserving Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Xiti Not disinfected G:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\cdqa00hw.default\cookies.txt[.xiti.com/]
Potentially unwanted tool:Application/Processor Not disinfected G:\WINDOWS\system32\process.exe


There's the scan,I see a cookie that says sexcounter...This is a porn free computer :)
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » October 17th, 2006, 3:50 pm

There's the scan,I see a cookie that says sexcounter...This is a porn free computer
:lol:
What Panda found were tracking cookies, or small files that store information about what sites you visit online. Advertisers use these for statistical analysis and to target ads that you would be more likely to click on. They're not dangerous in and of themselves, per se, but are definitely a good idea to remove periodically.

Don't confuse them with normal, everyday cookies -- these are used for everything from saving form data to your login information for a particular site.

Here is some reference to cookies (it also tells you how to manage them):

http://www.microsoft.com/info/cookies.mspx

http://support.microsoft.com/default.as ... -us;260971

http://www.answers.com/main/ntquery;jse ... kie%20file

http://support.microsoft.com/?kbid=260897

Cleaning Cookies in FireFox:

1. In any Firefox window, Click Tools=>Options=>Privacy Icon.
2. Under the Cookies tab, Click Clear Cookies Now button.
3. Click OK to exit Options window.

NOTE: you can set up Firefox to automatically clear cookies and other private data upon exit by clicking Settings button in the Clear Private Data tools section In the Options window:

1. Click Settings button
2. Select the data you would like to clear automatically
3. Place a check mark next to Clear Private Data When Closing Firefox
4. Click OK=>OK to exit the options window

Cleaning cookies in Internet Explorer:

Close all instances of Outlook Express and Internet Explorer

1. Click Start=>Control Panel=>Internet Options
2. In the General tab under the Temporary Internet Files header, Click Delete Cookies
3. Next to it, Click the Delete Files button
4. When prompted, place a check in: Delete all offline content click OK
3. Click OK to exit Internet Options window.

You can use this little free application to help control those tracking cookies in future, if you like. The only problem is that it only works with Internet Explorer as far as I know:

http://www.analogx.com/contents/downloa ... cookie.htm
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 17th, 2006, 3:54 pm

Alright,I'll clean my cookies. I will also use a program I recieved from you guys awhile ago called ATF Cleaner...
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » October 17th, 2006, 3:58 pm

Alright,I'll clean my cookies. I will also use a program I recieved from you guys awhile ago called ATF Cleaner...

Sounds good.

Are you all set with Turing?

If you have no further issues, here is some good reading material from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Happy Surfing :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 17th, 2006, 7:45 pm

The turing thing?No. I have never used this program or have never heard of it...It was in my G drive as a .exe sometime.But if it causes no harm then I'm ok with it.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » October 17th, 2006, 8:36 pm

The turing thing?No. I have never used this program or have never heard of it.
Are you the only user on this computer? Are you the original owner of it?

Please give me the exact path of the file so that we can have it checked if it's harmful or not.

This is the file path of HijackThis.exe, for example: G:\HijackThis\HiJackThis.exe
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » October 17th, 2006, 10:56 pm

It is G:/turing-4.0.6.

...I double click it and it turns on a command prompt and it closes...
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm

Unread postby amateur » November 5th, 2006, 4:44 pm

Hi Ozzmark,

I am sorry I missed your reply somehow. :( Looks like it's an executable update to the Turing program which was possibly installed on the computer earlier.
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath:
G:/turing-4.0.6.
Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

Thanks :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ozzmark » November 5th, 2006, 5:05 pm

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

That is what that the http://virusscan.jotti.org/ said.
Ozzmark
Regular Member
 
Posts: 56
Joined: September 16th, 2006, 4:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware